Notes on part 2
Part 2 chronicles my first attempt to build iplist on the Debian NSLU2. I started by using the official packages from the main repository, and the “standard Debian” build method used by iplist.
I should mention this was my very first experience building in the Debian platform. In addition, I have very little prior experience building software in any Linux environment. As best I could tell, I was following the right method and did not make any dumb mistake, but you never know.
I seemed to recall it is possible to use QEMU to set-up a virtual slug on a desktop PC, and work from there. However, I opted to work directly from the slug itself. I was not sure if this is a good idea or not, but I just wanted to get started and not mess around with a virtual machine at this time. Furthermore, some of the Debian NSLU2 pages in NSLU2-Linux site appeared to have been spammed/defaced while I was working on this, and I could not find the relevant info I need.
Getting the source code
The iplist source code can be found at the iplist website. Currently, the latest version is 0.23.
I recommend to work in a temporary subdirectory.
mkdir ~/temp cd ~/temp
You could download the file using a web browser on a PC, then transfer it to the slug, or you could run this command from the slug itself:
Extract the archive:
tar xvf iplist-0.23.tar.gz
Understand the build instructions
Read the file “INSTALL” for build instructions:
cd iplist-0.23/ nano INSTALL
The following dependencies were mentioned in the build instructions:
I already have g++ installed through the package “build-essential”. In any case, this command will install everything:
sudo apt-get install build-essential libnetfilter-queue-dev \ libnfnetlink-dev zlib1g-dev
Install required tools
Since I was attempting the “standard” Debian build, the build instructions mentioned the following tools were required:
sudo apt-get install debhelper fakeroot
Removing ipblock GUI dependencies
The iplist package came with ipblock, which is the user interface to the underlying iplist. You use ipblock in command line to start, stop, check status, etc. The ipblock was also available in GUI (it uses Java), by add the “-g” switch to the command. Obviously, for the slug with terminal only interface, we should remove the GUI parts that would cause build error.
I did not attempt the complete removal of all GUI dependencies, since that would probably require going through the entire source codes. Instead, I will remove the bare minimum necessary that would allow successful build. A quick search on Google guided me to Headless torrentbox with ipblock.
Basically, you edit the file “debian/control” and remove the GUI dependencies.
Remove the last part of the line starting with “Depends:”. Specifically, delete this portion:
, openjdk-6-jre | sun-java-jre, gksu
In additional, I found the build process failed on the line containing “dh_icons” of the file “debian/rules”; so I have to remove that as well.
Find the “dh_icons” line and comment out or delete it. This line should be located near the end of the file.
Out of memory problem
My first few attempts to build iplist resulted in the following error:
g++: Internal error: Killed (program cc1plus)
This error baffled me for a while until I found GCC Bugzilla Bug 34882.
The slug’s serial port was connected to an older PC which has a serial port. I switched over my shared LCD monitor to that PC, and sure enough I saw the “Out of memory” message in the terminal.
Incidentally after this, I realised the convenience of keeping the serial output in view. Therefore, I opened a second terminal window in my work PC, ssh into the older PC and run the serial port monitor from there.ssh user@ipaddr picocom -b 115200 /dev/ttyS0
user referred to the user name, and ipaddr the IP address of the older PC.
To investigate the “Out of memory” error, I ran:
This showed that the slug has indeed ran out of physical memory, but the swap was actually barely used.
It appeared my current “swappiness” setting was a hinderance at this point. I had installed the Debian NSLU2 (including the swap space) into a USB thumbdrive, which was basically flash memory. Setting the swappiness to 0 greatly reduced writing to the swap and supposedly would improve the thumbdrive life span.
But to solve the “Out of memory” problem, I had to remove this custom swappiness setting. After that, the build completed successfully.
Once all the kinks were worked out, building iplist took one command:
It took about 24 minutes to run the entire build in the slug. I kept wanting to cheer the little fellow on: come on little buddy; you can make it little buddy.
Once build was completed, I got the deb package one directory up. Use “dpkg” to install it:
cd .. sudo dpkg -i iplist_0.23-0lenny1_arm.deb
Noticed the package was marked “lenny”, but I was actually running Etch Debian. It was able to install though.
Before test running iplist for the first time, I prepared the configuration. I was not sure if this was absolutely necessary, but I got some information about it from HOWTO: Graphical IP Blocker.
Create file “/var/cache/iplist/whitelist”:
sudo nano /var/cache/iplist/whitelist
Added the IPs of the localhost and local network; e.g.
Edit file “/etc/ipblock.conf” to add the previous file “whitelist” into the ALLOW_LIST:
sudo nano /etc/ipblock.conf
Download block lists and start iplist
it’s almost time to start iplist for the first time. To find out the command line options:
sudo ipblock -h
This was the output:
IPblock 0.23 Copyright (C) 2008 Serkan Sakar
Usage: ipblock [options] Options: -s start blocking -d stop blocking -r restart IPblock -u update lists -c convert lists to ipl format -g start IPblock GUI -l show status -v show version and exit -h show this help
First, I tested downloading the preset block lists.
sudo ipblock -u
This took a few minutes. After it completed I checked the directory “/var/cache/iplist” to see if the preset block lists were fully downloaded.
Now, start iplist:
sudo ipblock -s
It took about 6 seconds, then the prompt returned.
Did it work?
Unfortunately, it didn’t. Everything appeared to be blocked, and if I recalled correctly, I have to reboot once because my ssh connection stopped responding.
Investigating the problem
To investigate what went wrong, I ran this command:
sudo cat /usr/var/log/syslog | grep iplist
This revealed an error message:
error: can't set packet_copy mode
Some googling brought me to Debian Bug report logs – #466645.
The bug was unresolved. A patch was suggested but there was no further reply from the original bug reporter. So, it’s unclear whether the patch worked or not.
In closing, I have not succeeded in the first attempt, getting iplist to work in the Debian NSLU2.
Next step: find out how to apply the proposed patch from the Debian bug report. And how to rebuild libnfnetlink after that.