Development of l7-filter has moved to the Clear Foundation. These pages are out of date, but will remain as a historical record.
Last update 9 Dec 2006
Some users have reported kernel crashes when they using SMP with the kernel version of l7-filter. (Some have also reported that their SMP systems run fine.) Several times we have decided that this is fixed only to have it crop up again. If you have a multi-CPU machine, test carefully before putting it into production with the kernel version of l7-filter, or consider using the userspace version.
This information comes from andy_shev. We have not confirmed it.
The Fedora Core 5 kernel includes the Xen virtualization patch. The Xen patch moves parts of code between several files as well as adds a special abstract layer. By default the layer 7 patch is applied but isn't compiled. It does not compile if enabled. To make it compile, you need change code in ipt_layer7.c to following:
...
//if(skb_is_nonlinear(skb)){
if(skb_linearize(skb/*,GFP_ATOMIC*/) != 0){
if (net_ratelimit())
printk(KERN_ERR "layer7: failed to linearize packet, bailing.\n");
return info->invert;
}
//}
...