iproute2 action ipt + iptables 1.4.0

iproute2 action ipt + iptables 1.4.0

[Denys Fedoryshchenko]

Seems latest iproute2(even from GIT) searching for libipt_MARK (for example),
while it is libxt_MARK.

Even if i correct names it will be still not functional
"undefined symbol: xtables_register_target"

Probably some other issues actual with new version of iptables libraries?



--
Denys Fedoryshchenko
Technical Manager
Virtual ISP S.A.L.

Re: iproute2 action ipt + iptables 1.4.0

[jamal]

On Mon, 2007-24-12 at 11:31 +0200, Denys Fedoryshchenko wrote:
> Seems latest iproute2(even from GIT) searching for libipt_MARK (for example),
> while it is libxt_MARK.

It seems that iptables broke backward compatibility.

> Even if i correct names it will be still not functional
> "undefined symbol: xtables_register_target"
> 
> Probably some other issues actual with new version of iptables libraries?

Yes. We do depend on libipt and expect the libraries to be in some 
environment variable IPTABLES_LIB_DIR/libipt_%s 
by default (if environment variable IPTABLES_LIB_DIR is not defined) we
look in /usr/local/lib/iptables

in iproute2 we also need to copy over headers into include/libiptc

Pablo - can we not have a backward compat mode to avoid these hassles?

cheers,
jamal

iproute2 action ipt + iptables 1.4.0

[Denys Fedoryshchenko]

Hi again :-)

Happy holidays :-)

It seems there is serious break in compatibility, but can be fixed by ugly
way. Maybe just to add patch below, and to search libipt AND libxt (for my
case i just edit and change libipt to libxt, but it can be handled in more
smart way.
After i apply all this - it seems working fine.

iff -Naur iproute2-git/tc/m_ipt.c iproute2-new/tc/m_ipt.c
--- iproute2-git/tc/m_ipt.c     2007-12-24 16:59:19.000000000 +0200
+++ iproute2-new/tc/m_ipt.c     2007-12-24 17:07:11.000000000 +0200
@@ -69,6 +69,27 @@
 }

 void
+xtables_register_target(struct iptables_target *me)
+{
+/*      fprintf(stderr, "\nDummy register_target %s \n", me->name);
+*/
+       me->next = t_list;
+       t_list = me;
+
+}
+
+
+void
+xtables_register_match(struct iptables_target *me)
+{
+/*      fprintf(stderr, "\nDummy register_target %s \n", me->name);
+*/
+       me->next = t_list;
+       t_list = me;
+
+}
+
+void
 exit_tryhelp(int status)
 {
        fprintf(stderr, "Try `%s -h' or '%s --help' for more information.\n",

There is trivial patch also, for bug (IMHO bug) in searching lowercased
library. If patch not applied - second time it will try to open lib_dir by
dlopen:-)

--- iproute2-git/tc/m_ipt.c     2007-12-24 16:59:19.000000000 +0200
+++ iproute2/tc/m_ipt.c 2007-12-24 17:00:41.000000000 +0200
@@ -251,7 +251,7 @@
        sprintf(path,  "%s/libipt_%s.so",lib_dir, new_name);
        handle = dlopen(path, RTLD_LAZY);
        if (!handle) {
-               sprintf(path, lib_dir, "/libipt_%s.so", lname);
+               sprintf(path, "%s/libipt_%s.so", lib_dir , lname);
                handle = dlopen(path, RTLD_LAZY);
                if (!handle) {
                        fputs(dlerror(), stderr);

Sorry for probably bad style/code, i am not programmer at all.


--
Denys Fedoryshchenko
Technical Manager
Virtual ISP S.A.L.

Re: iproute2 action ipt + iptables 1.4.0

[jamal]

Denys,

Looks reasonable to check for libxt as well. 
Please add a signed-off and append mine as well then send to Stephen.

BTW, I just finished compiling iptables 1.4.0 and _it is_ backward
compatible - you just have to point to the correct 
environment variable IPTABLES_LIB_DIR; it seems to work.
In any case, your patch is better.

cheers,
jamal

On Mon, 2007-24-12 at 17:11 +0200, Denys Fedoryshchenko wrote:
> Hi again :-)
> 
> Happy holidays :-)
> 
> It seems there is serious break in compatibility, but can be fixed by ugly
> way. Maybe just to add patch below, and to search libipt AND libxt (for my
> case i just edit and change libipt to libxt, but it can be handled in more
> smart way.
> After i apply all this - it seems working fine.
> 
> iff -Naur iproute2-git/tc/m_ipt.c iproute2-new/tc/m_ipt.c
> --- iproute2-git/tc/m_ipt.c     2007-12-24 16:59:19.000000000 +0200
> +++ iproute2-new/tc/m_ipt.c     2007-12-24 17:07:11.000000000 +0200
> @@ -69,6 +69,27 @@
>  }
> 
>  void
> +xtables_register_target(struct iptables_target *me)
> +{
> +/*      fprintf(stderr, "\nDummy register_target %s \n", me->name);
> +*/
> +       me->next = t_list;
> +       t_list = me;
> +
> +}
> +
> +
> +void
> +xtables_register_match(struct iptables_target *me)
> +{
> +/*      fprintf(stderr, "\nDummy register_target %s \n", me->name);
> +*/
> +       me->next = t_list;
> +       t_list = me;
> +
> +}
> +
> +void
>  exit_tryhelp(int status)
>  {
>         fprintf(stderr, "Try `%s -h' or '%s --help' for more information.\n",
> 
> There is trivial patch also, for bug (IMHO bug) in searching lowercased
> library. If patch not applied - second time it will try to open lib_dir by
> dlopen:-)
> 
> --- iproute2-git/tc/m_ipt.c     2007-12-24 16:59:19.000000000 +0200
> +++ iproute2/tc/m_ipt.c 2007-12-24 17:00:41.000000000 +0200
> @@ -251,7 +251,7 @@
>         sprintf(path,  "%s/libipt_%s.so",lib_dir, new_name);
>         handle = dlopen(path, RTLD_LAZY);
>         if (!handle) {
> -               sprintf(path, lib_dir, "/libipt_%s.so", lname);
> +               sprintf(path, "%s/libipt_%s.so", lib_dir , lname);
>                 handle = dlopen(path, RTLD_LAZY);
>                 if (!handle) {
>                         fputs(dlerror(), stderr);
> 
> Sorry for probably bad style/code, i am not programmer at all.
> 
> 
> --
> Denys Fedoryshchenko
> Technical Manager
> Virtual ISP S.A.L.
> 
> --
> To unsubscribe from this list: send the line "unsubscribe netdev" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html