The addition of a
__user
attribute to a line in
linux-2.6.7/include/linux/netfilter_ipv4/ip_tables.h
causes iptables build to fail unless I export
CC="gcc -D__user= "
Presumably ip_tables.h should include a header defining __user, or iptables
should include the relevant header before ip_tables.h ?
Sorry if this has already been reported; Archive search found nothing on
either ML.
Andrew Walrond
Iptables should be using linux-libc-headers headers instead of kernel
headers.
Remove -I$(KERNEL_DIR)/include from your makefile, see this patch here:
http://ep09.pld-linux.org/~mmazur/linux-libc-headers/patches/iptables.patch
<http://ep09.pld-linux.org/%7Emmazur/linux-libc-headers/patches/iptables.patch>
David
Andrew Walrond wrote:
>The addition of a
> __user
>attribute to a line in
> linux-2.6.7/include/linux/netfilter_ipv4/ip_tables.h
>causes iptables build to fail unless I export
> CC="gcc -D__user= "
>
>Presumably ip_tables.h should include a header defining __user, or iptables
>should include the relevant header before ip_tables.h ?
>
>Sorry if this has already been reported; Archive search found nothing on
>either ML.
>
>Andrew Walrond
>-
>To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
>the body of a message to [email protected]
>More majordomo info at http://vger.kernel.org/majordomo-info.html
>Please read the FAQ at http://www.tux.org/lkml/
>
>
Hi David,
On Friday 18 Jun 2004 17:10, David Ford wrote:
> Iptables should be using linux-libc-headers headers instead of kernel
> headers.
Is this acquired knowledge, or new Netfilter policy?
How dependant are the iptables tools on the specifc kernel running?
Ie
Can I build iptables for use on 2.6.7 kernel with 2.6.6 linux-libc-headers?
(probably)
But could I build iptables for 2.6.7 kernel with 2.4.20 linux-libc-headers?
(probably not?)
The INSTALL file states specifically to use
KERNEL_DIR=<<where-you-built-your-kernel>>
Andrew
The current linux libc headers package is much more frequently updated
and closely matches released kernels. LLH is a sanitized linux headers
package and is currently based on 2.6.6 headers.
Yes you can build iptables on 2.6.6 for a 2.6.7 kernel. I have built
iptables once or twice a year and built kernels once or twice a week.
Iptables continues to work fine.
David
Andrew Walrond wrote:
>Hi David,
>
>On Friday 18 Jun 2004 17:10, David Ford wrote:
>
>
>>Iptables should be using linux-libc-headers headers instead of kernel
>>headers.
>>
>>
>
>Is this acquired knowledge, or new Netfilter policy?
>How dependant are the iptables tools on the specifc kernel running?
>
>Ie
>Can I build iptables for use on 2.6.7 kernel with 2.6.6 linux-libc-headers?
>(probably)
>
>But could I build iptables for 2.6.7 kernel with 2.4.20 linux-libc-headers?
>(probably not?)
>
>The INSTALL file states specifically to use
>KERNEL_DIR=<<where-you-built-your-kernel>>
>
>Andrew
>
>
Andrew Walrond wrote:
> Hi David,
>
> On Friday 18 Jun 2004 17:10, David Ford wrote:
>
>>Iptables should be using linux-libc-headers headers instead of kernel
>>headers.
>
>
> Is this acquired knowledge, or new Netfilter policy?
> How dependant are the iptables tools on the specifc kernel running?
>
> Ie
> Can I build iptables for use on 2.6.7 kernel with 2.6.6 linux-libc-headers?
> (probably)
>
> But could I build iptables for 2.6.7 kernel with 2.4.20 linux-libc-headers?
> (probably not?)
>
> The INSTALL file states specifically to use
> KERNEL_DIR=<<where-you-built-your-kernel>>
>
> Andrew
Yes, I confirm with linux-2.6.7 and iptables-1.2.9 I got:
gcc -march=athlon-xp -m3dnow -msse -mfpmath=sse -mmmx -O3 -pipe -Iinclude -Wall -Wunused -I/usr/src/linux/include -DIPTABLES_VERSION=\"1.2.9\" -fPIC -o extensions/libipt_stealth_sh.o -c extensions/libipt_stealth.c
distcc[6323] ERROR: compile on localhost failed
In file included from include/libiptc/libiptc.h:6,
from include/iptables.h:5,
from extensions/libipt_stealth.c:10:
/usr/src/linux/include/linux/netfilter_ipv4/ip_tables.h:255: warning: no semicolon at end of struct or union
/usr/src/linux/include/linux/netfilter_ipv4/ip_tables.h:255: error: syntax error before '*' token
/usr/src/linux/include/linux/netfilter_ipv4/ip_tables.h:259: error: syntax error before '}' token
/usr/src/linux/include/linux/netfilter_ipv4/ip_tables.h:339: warning: type defaults to `int' in declaration of `DECLARE_MUTEX'
/usr/src/linux/include/linux/netfilter_ipv4/ip_tables.h:339: warning: parameter names (without types) in function declaration
/usr/src/linux/include/linux/netfilter_ipv4/ip_tables.h:339: warning: `DECLARE_MUTEX' declared `static' but never defined
make: *** [extensions/libipt_stealth_sh.o] Error 1
Last time I recompiled it with 2.6.6 it was ok. The compiled version still seems to work with 2.6.7 for now.
However, isn't that supposed to be filed with iptables (@netfilter.org)?
Kalin.
--
||///_ o *****************************
||//'_/> WWW: http://ThinRope.net/
In article <[email protected]> (at Sat, 19 Jun 2004 01:56:06 +0900), Kalin KOZHUHAROV <[email protected]> says:
> Yes, I confirm with linux-2.6.7 and iptables-1.2.9 I got:
> gcc -march=athlon-xp -m3dnow -msse -mfpmath=sse -mmmx -O3 -pipe -Iinclude -Wall -Wunused -I/usr/src/linux/include -DIPTABLES_VERSION=\"1.2.9\" -fPIC -o extensions/libipt_stealth_sh.o -c extensions/libipt_stealth.c
> distcc[6323] ERROR: compile on localhost failed
> In file included from include/libiptc/libiptc.h:6,
> from include/iptables.h:5,
> from extensions/libipt_stealth.c:10:
> /usr/src/linux/include/linux/netfilter_ipv4/ip_tables.h:255: warning: no semicolon at end of struct or union
> /usr/src/linux/include/linux/netfilter_ipv4/ip_tables.h:255: error: syntax error before '*' token
> /usr/src/linux/include/linux/netfilter_ipv4/ip_tables.h:259: error: syntax error before '}' token
> /usr/src/linux/include/linux/netfilter_ipv4/ip_tables.h:339: warning: type defaults to `int' in declaration of `DECLARE_MUTEX'
> /usr/src/linux/include/linux/netfilter_ipv4/ip_tables.h:339: warning: parameter names (without types) in function declaration
> /usr/src/linux/include/linux/netfilter_ipv4/ip_tables.h:339: warning: `DECLARE_MUTEX' declared `static' but never defined
> make: *** [extensions/libipt_stealth_sh.o] Error 1
>
> Last time I recompiled it with 2.6.6 it was ok. The compiled version still seems to work with 2.6.7 for now.
Please try this. Thanks
===== include/linux/netfilter.h 1.9 vs edited =====
--- 1.9/include/linux/netfilter.h 2004-06-07 12:15:03 +09:00
+++ edited/include/linux/netfilter.h 2004-06-19 02:10:55 +09:00
@@ -10,6 +10,7 @@
#include <linux/wait.h>
#include <linux/list.h>
#endif
+#include <linux/compiler.h>
/* Responses from hook functions. */
#define NF_DROP 0
===== include/linux/netfilter_arp/arp_tables.h 1.3 vs edited =====
--- 1.3/include/linux/netfilter_arp/arp_tables.h 2004-06-04 09:52:00 +09:00
+++ edited/include/linux/netfilter_arp/arp_tables.h 2004-06-19 02:08:09 +09:00
@@ -16,7 +16,7 @@
#include <linux/if_arp.h>
#include <linux/skbuff.h>
#endif
-
+#include <linux/compiler.h>
#include <linux/netfilter_arp.h>
#define ARPT_FUNCTION_MAXNAMELEN 30
===== include/linux/netfilter_ipv4/ip_tables.h 1.7 vs edited =====
--- 1.7/include/linux/netfilter_ipv4/ip_tables.h 2004-06-07 12:15:03 +09:00
+++ edited/include/linux/netfilter_ipv4/ip_tables.h 2004-06-19 02:08:39 +09:00
@@ -22,6 +22,7 @@
#include <linux/ip.h>
#include <linux/skbuff.h>
#endif
+#include <linux/compiler.h>
#include <linux/netfilter_ipv4.h>
#define IPT_FUNCTION_MAXNAMELEN 30
@@ -336,8 +337,8 @@
/*
* Main firewall chains definitions and global var's definitions.
*/
-static DECLARE_MUTEX(ipt_mutex);
#ifdef __KERNEL__
+static DECLARE_MUTEX(ipt_mutex);
#include <linux/init.h>
extern void ipt_init(void) __init;
===== include/linux/netfilter_ipv6/ip6_tables.h 1.6 vs edited =====
--- 1.6/include/linux/netfilter_ipv6/ip6_tables.h 2004-06-07 12:15:04 +09:00
+++ edited/include/linux/netfilter_ipv6/ip6_tables.h 2004-06-19 02:09:29 +09:00
@@ -22,6 +22,7 @@
#include <linux/ipv6.h>
#include <linux/skbuff.h>
#endif
+#include <linux/compiler.h>
#include <linux/netfilter_ipv6.h>
#define IP6T_FUNCTION_MAXNAMELEN 30
@@ -106,7 +107,9 @@
u_int64_t pcnt, bcnt; /* Packet and byte counters */
};
+#ifdef __KERNEL__
static DECLARE_MUTEX(ip6t_mutex);
+#endif
/* Values for "flag" field in struct ip6t_ip6 (general ip6 structure). */
#define IP6T_F_PROTO 0x01 /* Set if rule cares about upper
--
Hideaki YOSHIFUJI @ USAGI Project <[email protected]>
GPG FP: 9022 65EB 1ECF 3AD1 0BDF 80D8 4807 F894 E062 0EEA
On Friday 18 Jun 2004 17:56, Kalin KOZHUHAROV wrote:
>
> However, isn't that supposed to be filed with iptables (@netfilter.org)?
>
My original mail was addressed to [email protected], and cc'ed to
lkml
YOSHIFUJI Hideaki wrote:
> In article <[email protected]> (at Sat, 19 Jun 2004 01:56:06 +0900), Kalin KOZHUHAROV <[email protected]> says:
>
>
>>Yes, I confirm with linux-2.6.7 and iptables-1.2.9 I got:
>>gcc -march=athlon-xp -m3dnow -msse -mfpmath=sse -mmmx -O3 -pipe -Iinclude -Wall -Wunused -I/usr/src/linux/include -DIPTABLES_VERSION=\"1.2.9\" -fPIC -o extensions/libipt_stealth_sh.o -c extensions/libipt_stealth.c
>>distcc[6323] ERROR: compile on localhost failed
>>In file included from include/libiptc/libiptc.h:6,
>> from include/iptables.h:5,
>> from extensions/libipt_stealth.c:10:
>>/usr/src/linux/include/linux/netfilter_ipv4/ip_tables.h:255: warning: no semicolon at end of struct or union
>>/usr/src/linux/include/linux/netfilter_ipv4/ip_tables.h:255: error: syntax error before '*' token
>>/usr/src/linux/include/linux/netfilter_ipv4/ip_tables.h:259: error: syntax error before '}' token
>>/usr/src/linux/include/linux/netfilter_ipv4/ip_tables.h:339: warning: type defaults to `int' in declaration of `DECLARE_MUTEX'
>>/usr/src/linux/include/linux/netfilter_ipv4/ip_tables.h:339: warning: parameter names (without types) in function declaration
>>/usr/src/linux/include/linux/netfilter_ipv4/ip_tables.h:339: warning: `DECLARE_MUTEX' declared `static' but never defined
>>make: *** [extensions/libipt_stealth_sh.o] Error 1
>>
>>Last time I recompiled it with 2.6.6 it was ok. The compiled version still seems to work with 2.6.7 for now.
>
>
> Please try this. Thanks
>
> ===== include/linux/netfilter.h 1.9 vs edited =====
> --- 1.9/include/linux/netfilter.h 2004-06-07 12:15:03 +09:00
> +++ edited/include/linux/netfilter.h 2004-06-19 02:10:55 +09:00
> @@ -10,6 +10,7 @@
> #include <linux/wait.h>
> #include <linux/list.h>
> #endif
> +#include <linux/compiler.h>
>
> /* Responses from hook functions. */
> #define NF_DROP 0
> ===== include/linux/netfilter_arp/arp_tables.h 1.3 vs edited =====
> --- 1.3/include/linux/netfilter_arp/arp_tables.h 2004-06-04 09:52:00 +09:00
> +++ edited/include/linux/netfilter_arp/arp_tables.h 2004-06-19 02:08:09 +09:00
> @@ -16,7 +16,7 @@
> #include <linux/if_arp.h>
> #include <linux/skbuff.h>
> #endif
> -
> +#include <linux/compiler.h>
> #include <linux/netfilter_arp.h>
>
> #define ARPT_FUNCTION_MAXNAMELEN 30
> ===== include/linux/netfilter_ipv4/ip_tables.h 1.7 vs edited =====
> --- 1.7/include/linux/netfilter_ipv4/ip_tables.h 2004-06-07 12:15:03 +09:00
> +++ edited/include/linux/netfilter_ipv4/ip_tables.h 2004-06-19 02:08:39 +09:00
> @@ -22,6 +22,7 @@
> #include <linux/ip.h>
> #include <linux/skbuff.h>
> #endif
> +#include <linux/compiler.h>
> #include <linux/netfilter_ipv4.h>
>
> #define IPT_FUNCTION_MAXNAMELEN 30
> @@ -336,8 +337,8 @@
> /*
> * Main firewall chains definitions and global var's definitions.
> */
> -static DECLARE_MUTEX(ipt_mutex);
> #ifdef __KERNEL__
> +static DECLARE_MUTEX(ipt_mutex);
>
> #include <linux/init.h>
> extern void ipt_init(void) __init;
> ===== include/linux/netfilter_ipv6/ip6_tables.h 1.6 vs edited =====
> --- 1.6/include/linux/netfilter_ipv6/ip6_tables.h 2004-06-07 12:15:04 +09:00
> +++ edited/include/linux/netfilter_ipv6/ip6_tables.h 2004-06-19 02:09:29 +09:00
> @@ -22,6 +22,7 @@
> #include <linux/ipv6.h>
> #include <linux/skbuff.h>
> #endif
> +#include <linux/compiler.h>
> #include <linux/netfilter_ipv6.h>
>
> #define IP6T_FUNCTION_MAXNAMELEN 30
> @@ -106,7 +107,9 @@
> u_int64_t pcnt, bcnt; /* Packet and byte counters */
> };
>
> +#ifdef __KERNEL__
> static DECLARE_MUTEX(ip6t_mutex);
> +#endif
>
> /* Values for "flag" field in struct ip6t_ip6 (general ip6 structure). */
> #define IP6T_F_PROTO 0x01 /* Set if rule cares about upper
>
As far as I understand from this patch, this should be applied to the system headers...
I thought `diff -Nru A B` was the format of choice in LKML...
Anyway, thank you for the patch, but I am not thinking to patch linux-headers, as I like to refer to them as something more or less stable (As opposed to the current kernel).
And just out of curiosity, I did:
include $ patch --dry-run -p2 </tmp/test.diff
patching file linux/netfilter.h
patching file linux/netfilter_arp/arp_tables.h
patching file linux/netfilter_ipv4/ip_tables.h
Hunk #2 FAILED at 337.
1 out of 2 hunks FAILED -- saving rejects to file linux/netfilter_ipv4/ip_tables.h.rej
patching file linux/netfilter_ipv6/ip6_tables.h
Hunk #2 FAILED at 107.
1 out of 2 hunks FAILED -- saving rejects to file linux/netfilter_ipv6/ip6_tables.h.rej
My system has linux-headers-2.4.21 installed.
As I said in my other mail here, I will stick with `make KERNEL_DIR=/usr` for now.
Kalin.
--
||///_ o *****************************
||//'_/> WWW: http://ThinRope.net/
Andrew Walrond wrote:
> On Friday 18 Jun 2004 17:56, Kalin KOZHUHAROV wrote:
>
>>However, isn't that supposed to be filed with iptables (@netfilter.org)?
>
> My original mail was addressed to [email protected], and cc'ed to
> lkml
What can I say :-| NB to myself: Kalin, _DO_ read Subject, To, CC for all post in LKML
Sorry.
So, I was poking around for the last hour or so and found quite a few things.
It seems that most people prefer to build iptables against linux-headers supplied by their distribution and not the running kernel. I agreed on that. Although a few distributions may lag behind updating linux-headers, it should be the preferred way as it is stable.
I just downloaded and compiled iptables-1.2.10 against my system headers using `make KERNEL_DIR=/usr` (haven't actually run it, but it should work).
Well of course if you want the latest-and-greatest extensions, you might try to compile against your running kernel, but you are on your own (with help from netfilter.org).
Kalin.
--
||///_ o *****************************
||//'_/> WWW: http://ThinRope.net/
In article <[email protected]> (at Sat, 19 Jun 2004 03:36:11 +0900), Kalin KOZHUHAROV <[email protected]> says:
> As far as I understand from this patch, this should be applied to the system headers...
Patch is for current linux-2.5 bk tree,
not for linux-headers.
Please try to patch your kernel and set KERNEL_DIR to
/path/to/your/kernel when you compile iptables.
Thanks.
--yoshfuji
In article <[email protected]> (at Sat, 19 Jun 2004 10:38:50 +0100), Andrew Walrond <[email protected]> says:
> On Friday 18 Jun 2004 18:18, YOSHIFUJI Hideaki / 吉藤英明 wrote:
> >
> > Please try this. Thanks
> >
>
> I can confirm that iptables-1.2.10 builds fine with your patch applied to
> linux-2.6.7
Thanks. David?
--yoshfuji
On Sun, 20 Jun 2004 01:35:27 +0900 (JST)
YOSHIFUJI Hideaki / 吉藤英明 <[email protected]> wrote:
> In article <[email protected]> (at Sat, 19 Jun 2004 10:38:50 +0100), Andrew Walrond <[email protected]> says:
>
> > On Friday 18 Jun 2004 18:18, YOSHIFUJI Hideaki / 吉藤英明 wrote:
> > >
> > > Please try this. Thanks
> > >
> >
> > I can confirm that iptables-1.2.10 builds fine with your patch applied to
> > linux-2.6.7
>
> Thanks. David?
Applied.