From: "Rob Sterenborg (lists)" <lists@sterenborg.info>
To: netfilter@vger.kernel.org, netfilter-devel@vger.kernel.org
Subject: Re: [ANNOUNCE] ipset-5.0 released
Date: Sat, 18 Dec 2010 08:29:11 +0100 [thread overview]
Message-ID: <1292657351.2371.73.camel@kushiel.sterenborg.info> (raw)
In-Reply-To: <alpine.DEB.2.00.1012172259100.10231@blackhole.kfki.hu>
On Fri, 2010-12-17 at 23:26 +0100, Jozsef Kadlecsik wrote:
> Hi,
>
> I'm happy to announce the new branch of ipset and release it's first
> element, ipset-5.0.
I'm not a C programmer. I just tried to make ipset compile which seems
to have worked partially. I have no clue if I did the right thing so the
below should be reviewed.
I'm on CentOS 5.5 with a custom 2.6.36.2 kernel, gcc version 4.1.2
20080704 (Red Hat 4.1.2-48).
When running 'configure' I got this error:
./configure: line 11510: syntax error near unexpected token `[libmnl],'
./configure: line 11510: `PKG_CHECK_MODULES([libmnl], [libmnl >= 1])'
CentOS' pkg-config is installed, so, for reference: I copied
'/usr/share/aclocal/pkg.m4' into the 'm4' directory, ran 'autogen.sh'
again and after that 'configure' had no problems.
Running 'make', I got this :
cc1: error: unrecognized command line option "-Woverlength-strings"
If I remove '-Woverlength-strings' from all Makefiles then of course
there's no complaining about that anymore, but I'm not sure if that's
the way to go.
Next, I got this:
session.c: In function 'attr2data':
session.c:566: error: 'NLA_F_NET_BYTEORDER' undeclared (first use in
this function)
session.c:566: error: (Each undeclared identifier is reported only once
session.c:566: error: for each function it appears in.)
session.c: In function 'decode_errmsg':
session.c:1216: error: 'NLA_F_NET_BYTEORDER' undeclared (first use in
this function)
session.c: In function 'attr_len':
session.c:1338: error: 'NLA_F_NET_BYTEORDER' undeclared (first use in
this function)
To make it compile I did the following.
New file 'include/libipset/nla.h':
/*
* nla_type (16 bits)
* +---+---+-------------------------------+
* | N | O | Attribute Type |
* +---+---+-------------------------------+
* N := Carries nested attributes
* O := Payload stored in network byte order
*
* Note: The N and O flag are mutually exclusive.
*/
#define NLA_F_NESTED (1 << 15)
#define NLA_F_NET_BYTEORDER (1 << 14)
#define NLA_TYPE_MASK ~(NLA_F_NESTED | NLA_F_NET_BYTEORDER)
Change in 'lib/session.c':
--- session.c.orig 2010-12-18 08:00:31.000000000 +0100
+++ session.c 2010-12-18 07:59:48.000000000 +0100
@@ -23,6 +23,9 @@
#include <libipset/utils.h> /* STREQ */
#include <libipset/ui.h> /* IPSET_ENV_* */
#include <libipset/session.h> /* prototypes */
+#ifndef NLA_TYPE_MASK
+#include <libipset/nla.h>
+#endif
#define IPSET_NEST_MAX 4
After that 'make' runs without errors.
Running 'make modules' gives:
/usr/local/src/netfilter/ipset-5.0/kernel/ip_set.c: In function
'start_msg':
/usr/local/src/netfilter/ipset-5.0/kernel/ip_set.c:735: error:
'NFNL_SUBSYS_IPSET' undeclared (first use in this function)
/usr/local/src/netfilter/ipset-5.0/kernel/ip_set.c:735: error: (Each
undeclared identifier is reported only once
/usr/local/src/netfilter/ipset-5.0/kernel/ip_set.c:735: error: for each
function it appears in.)
/usr/local/src/netfilter/ipset-5.0/kernel/ip_set.c: At top level:
/usr/local/src/netfilter/ipset-5.0/kernel/ip_set.c:1701: error:
'NFNL_SUBSYS_IPSET' undeclared here (not in a function)
make[2]: *** [/usr/local/src/netfilter/ipset-5.0/kernel/ip_set.o] Error
1
make[1]: *** [_module_/usr/local/src/netfilter/ipset-5.0/kernel] Error 2
make[1]: Leaving directory `/usr/local/src/kernel/linux-2.6.36.2'
make: *** [modules] Error 2
I noticed there was a 'netlink.patch' file that I tried to apply to
'/usr/include/linux/netfilter/nfnetlink.h', but it wouldn't: it looks
like your nfnetlink.h is different from mine (can send a copy of the
original if you need it) so I applied manually. Still no go, same error,
probably wrong location? I copied 'nfnetlink.h' into
'kernel/include/linux/netfilter' because ip_set.c seems to look there(?)
but it wasn't there. Still no go. To get around this I dit this:
New file 'kernel/include/linux/netfilter/nfnl.h':
/* netfilter netlink message types are split in two pieces:
* 8 bit subsystem, 8bit operation.
*/
#define NFNL_SUBSYS_ID(x) ((x & 0xff00) >> 8)
#define NFNL_MSG_TYPE(x) (x & 0x00ff)
/* No enum here, otherwise __stringify() trick of
MODULE_ALIAS_NFNL_SUBSYS()
* won't work anymore */
#define NFNL_SUBSYS_NONE 0
#define NFNL_SUBSYS_CTNETLINK 1
#define NFNL_SUBSYS_CTNETLINK_EXP 2
#define NFNL_SUBSYS_QUEUE 3
#define NFNL_SUBSYS_ULOG 4
#define NFNL_SUBSYS_OSF 5
#define NFNL_SUBSYS_IPSET 6
#define NFNL_SUBSYS_COUNT 7
Change in 'kernel/ip_set.c'
--- ip_set.c.orig 2010-12-16 12:26:02.000000000 +0100
+++ ip_set.c 2010-12-18 08:30:47.000000000 +0100
@@ -24,6 +24,10 @@
#include <linux/netfilter/nfnetlink.h>
#include <linux/netfilter/ipset/ip_set.h>
+#ifndef NFNL_SUBSYS_IPSET
+#include <linux/netfilter/nfnl.h>
+#endif
+
static struct list_head ip_set_type_list; /* all registered set
types */
static DEFINE_MUTEX(ip_set_type_mutex); /* protects
ip_set_type_list */
After that, 'make modules' for some reason warns about redefines. first
they weren't defined, now they're redefined when I use ifndef? Removing
the include, make -of course- complains again that 'NFNL_SUBSYS_IPSET'
is not defined. Well, I don't know..
Other than that everything seems to compile and install fine.
Finally, when trying the new ipset it seems that except for 'version',
every command I tried returns 'Invalid argument':
(Yes I know this is incorrect syntax, but now I know it's trying to do
something besides giving me 'Invalid argument'.)
# ipset create TEST hash
ipset v5.0: Syntax error: typename 'hash' is unkown
(As per ipset.8 example.)
# ipset create foo bitmap:ip range 192.168.0.0/16
ipset v5.0: Kernel error received: Invalid argument
# ipset list
ipset v5.0: Kernel error received: Invalid argument
# lsmod|grep set
ip_set 16790 0
nfnetlink 3179 2 ip_set,nf_conntrack_netlink
So, I guess something must have gone wrong when compiling ipset anyhow.
Thanks,
Rob
next prev parent reply other threads:[~2010-12-18 7:29 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-12-17 22:26 [ANNOUNCE] ipset-5.0 released Jozsef Kadlecsik
2010-12-17 23:32 ` Jan Engelhardt
2010-12-18 10:40 ` Jozsef Kadlecsik
2010-12-18 7:29 ` Rob Sterenborg (lists) [this message]
2010-12-18 11:13 ` Jozsef Kadlecsik
2010-12-18 15:43 ` Jan Engelhardt
2010-12-18 19:50 ` Jozsef Kadlecsik
2010-12-18 21:49 ` Jan Engelhardt
2010-12-19 0:05 ` Jozsef Kadlecsik
2010-12-19 0:28 ` Jan Engelhardt
2010-12-19 5:56 ` Jan Engelhardt
2010-12-19 18:23 ` Rob Sterenborg (lists)
2010-12-21 11:14 ` Rob Sterenborg (lists)
2010-12-21 14:03 ` Jozsef Kadlecsik
2010-12-18 14:22 ` Mr Dash Four
2010-12-18 20:23 ` Jozsef Kadlecsik
2010-12-18 21:51 ` Mr Dash Four
2010-12-18 22:10 ` Jan Engelhardt
2010-12-18 22:23 ` Mr Dash Four
2010-12-19 0:34 ` Jozsef Kadlecsik
2010-12-19 13:52 ` Mr Dash Four
2010-12-19 15:20 ` Dennis Jacobfeuerborn
2010-12-19 17:04 ` Mr Dash Four
2010-12-22 10:59 ` Jozsef Kadlecsik
2010-12-22 12:48 ` Mr Dash Four
2010-12-23 15:39 ` Jozsef Kadlecsik
2010-12-23 17:50 ` Mr Dash Four
2010-12-23 17:55 ` David Miller
2010-12-23 18:00 ` Mr Dash Four
2010-12-23 18:06 ` David Miller
2010-12-23 18:10 ` Mr Dash Four
2010-12-23 19:35 ` Jozsef Kadlecsik
2010-12-23 22:23 ` Mr Dash Four
2010-12-23 22:46 ` Jozsef Kadlecsik
2010-12-23 22:56 ` Jozsef Kadlecsik
2010-12-23 23:06 ` Mr Dash Four
2010-12-26 10:30 ` Jozsef Kadlecsik
2010-12-26 13:47 ` Mr Dash Four
2010-12-26 20:09 ` Jozsef Kadlecsik
2010-12-26 21:44 ` Mr Dash Four
2010-12-27 14:49 ` Jozsef Kadlecsik
2010-12-27 16:23 ` Mr Dash Four
2010-12-27 18:20 ` Jozsef Kadlecsik
2010-12-27 18:52 ` Mr Dash Four
2010-12-28 19:26 ` Jozsef Kadlecsik
2010-12-23 23:03 ` Mr Dash Four
2010-12-26 10:32 ` Jozsef Kadlecsik
2010-12-23 21:51 ` Jan Engelhardt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1292657351.2371.73.camel@kushiel.sterenborg.info \
--to=lists@sterenborg.info \
--cc=netfilter-devel@vger.kernel.org \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).