arptables ruleset not working when compiling on fedora6,7,8/centos 5/redhat 5

arptables ruleset not working when compiling on fedora6,7,8/centos 5/redhat 5

[Nishit Shah]

Hi,
         I am compiling arptables-v0.0.3-3/arptables-v0.0.3-2 on
fedora6,7,8/centos 5/redhat 5. Module is compiled successfully.
Following are the simple steps.

        make
        make install

        Now, I am applying following rules,

        arptables -N user1
        arptables -N user2
        arptables -N user3

        arptables -A INPUT -j user1
        arptables -A INPUT -j user2
        arptables -A INPUT -j user3

       when I am doing arptables -nvx -L, I am getting packet counts
on only "arptables -A INPUT -j user1", no packet counts on user2 and
user3 chains. If I remove the user1 chain, I am getting packet counts
on user2 chain, not on user3 chain. It means only the first user
defined chain is traversing.

       all above machine contains gcc >= 4.1.2 and glibc >= 2.5

       If i compile the same source with machine having gcc 2.96 and
glibc 2.2.4 things are working properly on the above machines.
       Is it something related to gcc and/or glibc ? as I am not
seeing any issues with kernel space arptables code.

Rgds,
Nishit Shah.

Re: arptables ruleset not working when compiling on fedora6,7,8/centos 5/redhat 5

[Richard Horton]

2009/6/29 Nishit Shah <nsshah.82@gmail.com>:
> Hi,
>         I am compiling arptables-v0.0.3-3/arptables-v0.0.3-2 on
> fedora6,7,8/centos 5/redhat 5. Module is compiled successfully.
> Following are the simple steps.
>
>        make
>        make install
>
>        Now, I am applying following rules,
>
>        arptables -N user1
>        arptables -N user2
>        arptables -N user3
>
>        arptables -A INPUT -j user1
>        arptables -A INPUT -j user2
>        arptables -A INPUT -j user3
>
>       when I am doing arptables -nvx -L, I am getting packet counts
> on only "arptables -A INPUT -j user1", no packet counts on user2 and
> user3 chains. If I remove the user1 chain, I am getting packet counts
> on user2 chain, not on user3 chain. It means only the first user
> defined chain is traversing.
>
>       all above machine contains gcc >= 4.1.2 and glibc >= 2.5
>
>       If i compile the same source with machine having gcc 2.96 and
> glibc 2.2.4 things are working properly on the above machines.
>       Is it something related to gcc and/or glibc ? as I am not
> seeing any issues with kernel space arptables code.
>
> Rgds,
> Nishit Shah.


I might be missing something obvious but all three rules are identical
so traffic is going to hit the first rule and go down to user1 chain.


Your user chains don't have any actions associated so looks to me like
it enter the chain, nothing will happen - including not returning to
the input chain so the other rules aren't being hit.
-- 
Richard Horton
Users are like a virus: Each causing a thousand tiny crises until the
host finally dies.
http://www.solstans.co.uk - Solstans Japanese Bobtails and Norwegian Forest Cats
http://www.pbase.com/arimus - My online photogallery
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: arptables ruleset not working when compiling on fedora6,7,8/centos 5/redhat 5

[Nishit Shah]

On Mon, Jun 29, 2009 at 7:51 PM, Richard Horton<arimus.uk@googlemail.com> wrote:
> 2009/6/29 Nishit Shah <nsshah.82@gmail.com>:
>> Hi,
>>         I am compiling arptables-v0.0.3-3/arptables-v0.0.3-2 on
>> fedora6,7,8/centos 5/redhat 5. Module is compiled successfully.
>> Following are the simple steps.
>>
>>        make
>>        make install
>>
>>        Now, I am applying following rules,
>>
>>        arptables -N user1
>>        arptables -N user2
>>        arptables -N user3
>>
>>        arptables -A INPUT -j user1
>>        arptables -A INPUT -j user2
>>        arptables -A INPUT -j user3
>>
>>       when I am doing arptables -nvx -L, I am getting packet counts
>> on only "arptables -A INPUT -j user1", no packet counts on user2 and
>> user3 chains. If I remove the user1 chain, I am getting packet counts
>> on user2 chain, not on user3 chain. It means only the first user
>> defined chain is traversing.
>>
>>       all above machine contains gcc >= 4.1.2 and glibc >= 2.5
>>
>>       If i compile the same source with machine having gcc 2.96 and
>> glibc 2.2.4 things are working properly on the above machines.
>>       Is it something related to gcc and/or glibc ? as I am not
>> seeing any issues with kernel space arptables code.
>>
>> Rgds,
>> Nishit Shah.
>
>
> I might be missing something obvious but all three rules are identical
> so traffic is going to hit the first rule and go down to user1 chain.
>
>
> Your user chains don't have any actions associated so looks to me like
> it enter the chain, nothing will happen - including not returning to
> the input chain so the other rules aren't being hit.
> --
> Richard Horton
> Users are like a virus: Each causing a thousand tiny crises until the
> host finally dies.
> http://www.solstans.co.uk - Solstans Japanese Bobtails and Norwegian Forest Cats
> http://www.pbase.com/arimus - My online photogallery
>

If user chain doesn't have any actions associated, action is
ARPT_CONTINUE. So, the packet will traverse the next rule in INPUT
(that is arptables -A -j user2) and so on. (That is the behavior I am
getting when compiled with gcc 2.96 and glibc 2.2.4)

Rgds,
Nishit Shah.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: arptables ruleset not working when compiling on fedora6,7,8/centos 5/redhat 5

[Patrick McHardy]

Nishit Shah wrote:
> On Mon, Jun 29, 2009 at 7:51 PM, Richard Horton<arimus.uk@googlemail.com> wrote:
>> 2009/6/29 Nishit Shah <nsshah.82@gmail.com>:
>>> Hi,
>>>         I am compiling arptables-v0.0.3-3/arptables-v0.0.3-2 on
>>> fedora6,7,8/centos 5/redhat 5. Module is compiled successfully.
>>> Following are the simple steps.

Which kernel versions (the lowest) are these running?

Re: arptables ruleset not working when compiling on fedora6,7,8/centos 5/redhat 5

[Nishit Shah]

On Mon, Jun 29, 2009 at 8:28 PM, Patrick McHardy<kaber@trash.net> wrote:
> Nishit Shah wrote:
>>
>> On Mon, Jun 29, 2009 at 7:51 PM, Richard Horton<arimus.uk@googlemail.com>
>> wrote:
>>>
>>> 2009/6/29 Nishit Shah <nsshah.82@gmail.com>:
>>>>
>>>> Hi,
>>>>        I am compiling arptables-v0.0.3-3/arptables-v0.0.3-2 on
>>>> fedora6,7,8/centos 5/redhat 5. Module is compiled successfully.
>>>> Following are the simple steps.
>
> Which kernel versions (the lowest) are these running?
>

lowest is 2.6.18.

Rgds,
Nishit Shah.

Re: arptables ruleset not working when compiling on fedora6,7,8/centos 5/redhat 5

[Patrick McHardy]

Nishit Shah wrote:
> On Mon, Jun 29, 2009 at 8:28 PM, Patrick McHardy<kaber@trash.net> wrote:
>> Nishit Shah wrote:
>>> On Mon, Jun 29, 2009 at 7:51 PM, Richard Horton<arimus.uk@googlemail.com>
>>> wrote:
>>>> 2009/6/29 Nishit Shah <nsshah.82@gmail.com>:
>>>>> Hi,
>>>>>        I am compiling arptables-v0.0.3-3/arptables-v0.0.3-2 on
>>>>> fedora6,7,8/centos 5/redhat 5. Module is compiled successfully.
>>>>> Following are the simple steps.
>> Which kernel versions (the lowest) are these running?
>>
> 
> lowest is 2.6.18.

Ah, I remember, we had some breakage with of the ARPT codes with the
introduction of x_tables in 2.6.16. Please try to figure out the
difference of those values between working and non-working state
(ARPT_CONTINUE, ARPT_RETURN etc.)

Re: arptables ruleset not working when compiling on fedora6,7,8/centos 5/redhat 5

[Nishit Shah]

On Mon, Jun 29, 2009 at 9:14 PM, Patrick McHardy<kaber@trash.net> wrote:
> Nishit Shah wrote:
>>
>> On Mon, Jun 29, 2009 at 8:28 PM, Patrick McHardy<kaber@trash.net> wrote:
>>>
>>> Nishit Shah wrote:
>>>>
>>>> On Mon, Jun 29, 2009 at 7:51 PM, Richard
>>>> Horton<arimus.uk@googlemail.com>
>>>> wrote:
>>>>>
>>>>> 2009/6/29 Nishit Shah <nsshah.82@gmail.com>:
>>>>>>
>>>>>> Hi,
>>>>>>       I am compiling arptables-v0.0.3-3/arptables-v0.0.3-2 on
>>>>>> fedora6,7,8/centos 5/redhat 5. Module is compiled successfully.
>>>>>> Following are the simple steps.
>>>
>>> Which kernel versions (the lowest) are these running?
>>>
>>
>> lowest is 2.6.18.
>
> Ah, I remember, we had some breakage with of the ARPT codes with the
> introduction of x_tables in 2.6.16. Please try to figure out the
> difference of those values between working and non-working state
> (ARPT_CONTINUE, ARPT_RETURN etc.)
>

Bingo !!!

It is due to the value of ARPT_RETURN. ARPT_RETURN defined in
arptables-v0.0.3-3 is

./include/linux/netfilter_arp/arp_tables.h:#define ARPT_RETURN
(-NF_MAX_VERDICT - 1)

and value of NF_MAX_VERDICT is different on machine running with gcc
2.96/glibc 2.2.4 and above all machines.

value of NF_MAX_VERDICT on machine running gcc 2.96 and glibc 2.2.4,

        /usr/include/linux/netfilter.h:#define NF_MAX_VERDICT NF_REPEAT

and same file on all above machines,

        /usr/include/linux/netfilter.h:#define NF_MAX_VERDICT NF_STOP

Thanks Patrick :)

Rgds,
Nishit Shah.

Re: arptables ruleset not working when compiling on fedora6,7,8/centos 5/redhat 5

[Jan Engelhardt]

On Monday 2009-06-29 16:58, Patrick McHardy wrote:
> Nishit Shah wrote:
>> On Mon, Jun 29, 2009 at 7:51 PM, Richard Horton<arimus.uk@googlemail.com>
>> wrote:
>>> 2009/6/29 Nishit Shah <nsshah.82@gmail.com>:
>>>> Hi,
>>>>        I am compiling arptables-v0.0.3-3/arptables-v0.0.3-2 on
>>>> fedora6,7,8/centos 5/redhat 5. Module is compiled successfully.
>>>> Following are the simple steps.
>
> Which kernel versions (the lowest) are these running?

FWIW, this is reproducable on 2.6.29.5-i386 openSUSE 11.1 arptables_jf-0.0.8
glibc-kernel-headers-2.6.27, so this seems something kernel-related.

Re: arptables ruleset not working when compiling on fedora6,7,8/centos 5/redhat 5

[Nishit Shah]

[-- Attachment #1: Type: text/plain, Size: 1730 bytes --]

On Mon, Jun 29, 2009 at 9:48 PM, Nishit Shah<nsshah.82@gmail.com> wrote:
> On Mon, Jun 29, 2009 at 9:14 PM, Patrick McHardy<kaber@trash.net> wrote:
>> Nishit Shah wrote:
>>>
>>> On Mon, Jun 29, 2009 at 8:28 PM, Patrick McHardy<kaber@trash.net> wrote:
>>>>
>>>> Nishit Shah wrote:
>>>>>
>>>>> On Mon, Jun 29, 2009 at 7:51 PM, Richard
>>>>> Horton<arimus.uk@googlemail.com>
>>>>> wrote:
>>>>>>
>>>>>> 2009/6/29 Nishit Shah <nsshah.82@gmail.com>:
>>>>>>>
>>>>>>> Hi,
>>>>>>>       I am compiling arptables-v0.0.3-3/arptables-v0.0.3-2 on
>>>>>>> fedora6,7,8/centos 5/redhat 5. Module is compiled successfully.
>>>>>>> Following are the simple steps.
>>>>
>>>> Which kernel versions (the lowest) are these running?
>>>>
>>>
>>> lowest is 2.6.18.
>>
>> Ah, I remember, we had some breakage with of the ARPT codes with the
>> introduction of x_tables in 2.6.16. Please try to figure out the
>> difference of those values between working and non-working state
>> (ARPT_CONTINUE, ARPT_RETURN etc.)
>>
>
> Bingo !!!
>
> It is due to the value of ARPT_RETURN. ARPT_RETURN defined in
> arptables-v0.0.3-3 is
>
> ./include/linux/netfilter_arp/arp_tables.h:#define ARPT_RETURN
> (-NF_MAX_VERDICT - 1)
>
> and value of NF_MAX_VERDICT is different on machine running with gcc
> 2.96/glibc 2.2.4 and above all machines.
>
> value of NF_MAX_VERDICT on machine running gcc 2.96 and glibc 2.2.4,
>
>        /usr/include/linux/netfilter.h:#define NF_MAX_VERDICT NF_REPEAT
>
> and same file on all above machines,
>
>        /usr/include/linux/netfilter.h:#define NF_MAX_VERDICT NF_STOP
>
> Thanks Patrick :)
>
> Rgds,
> Nishit Shah.
>

I am adding the patch for the same.

Rgds,
Nishit Shah.

[-- Attachment #2: arpt-return-fix.patch --]
[-- Type: application/octet-stream, Size: 1052 bytes --]

diff -Paur arptables-v0.0.3-3/include/arp_tables.h arptables-v0.0.3-3-tmp/include/arp_tables.h
--- arptables-v0.0.3-3/include/arp_tables.h	2007-08-19 18:34:51.000000000 +0530
+++ arptables-v0.0.3-3-tmp/include/arp_tables.h	2009-06-30 12:38:22.000000000 +0530
@@ -154,7 +154,7 @@
 #define ARPT_CONTINUE 0xFFFFFFFF
 
 /* For standard target */
-#define ARPT_RETURN (-NF_MAX_VERDICT - 1)
+#define ARPT_RETURN (-NF_REPEAT - 1)
 
 /* The argument to ARPT_SO_GET_INFO */
 struct arpt_getinfo
diff -Paur arptables-v0.0.3-3/include/linux/netfilter_arp/arp_tables.h arptables-v0.0.3-3-tmp/include/linux/netfilter_arp/arp_tables.h
--- arptables-v0.0.3-3/include/linux/netfilter_arp/arp_tables.h	2007-08-19 18:36:01.000000000 +0530
+++ arptables-v0.0.3-3-tmp/include/linux/netfilter_arp/arp_tables.h	2009-06-30 12:38:11.000000000 +0530
@@ -154,7 +154,7 @@
 #define ARPT_CONTINUE 0xFFFFFFFF
 
 /* For standard target */
-#define ARPT_RETURN (-NF_MAX_VERDICT - 1)
+#define ARPT_RETURN (-NF_REPEAT - 1)
 
 /* The argument to ARPT_SO_GET_INFO */
 struct arpt_getinfo

Re: arptables ruleset not working when compiling on fedora6,7,8/centos 5/redhat 5

[Patrick McHardy]

Nishit Shah wrote:
> On Mon, Jun 29, 2009 at 9:48 PM, Nishit Shah<nsshah.82@gmail.com> wrote:
>> On Mon, Jun 29, 2009 at 9:14 PM, Patrick McHardy<kaber@trash.net> wrote:
>>> Ah, I remember, we had some breakage with of the ARPT codes with the
>>> introduction of x_tables in 2.6.16. Please try to figure out the
>>> difference of those values between working and non-working state
>>> (ARPT_CONTINUE, ARPT_RETURN etc.)
>>>
>> Bingo !!!
>>
>> It is due to the value of ARPT_RETURN. ARPT_RETURN defined in
>> arptables-v0.0.3-3 is
>>
>> ./include/linux/netfilter_arp/arp_tables.h:#define ARPT_RETURN
>> (-NF_MAX_VERDICT - 1)
>>
>> and value of NF_MAX_VERDICT is different on machine running with gcc
>> 2.96/glibc 2.2.4 and above all machines.
>>
>> value of NF_MAX_VERDICT on machine running gcc 2.96 and glibc 2.2.4,
>>
>>        /usr/include/linux/netfilter.h:#define NF_MAX_VERDICT NF_REPEAT
>>
>> and same file on all above machines,
>>
>>        /usr/include/linux/netfilter.h:#define NF_MAX_VERDICT NF_STOP
>>
>> Thanks Patrick :)
>>
>> Rgds,
>> Nishit Shah.
>>
> 
> I am adding the patch for the same.

Please send this to Bart (CCed), who is maintaining arptables.

Re: arptables ruleset not working when compiling on fedora6,7,8/centos 5/redhat 5

[bdschuym@pandora.be]

>----- Oorspronkelijk bericht -----
>Van
: Patrick McHardy [mailto:kaber@trash.net]
>Verzonden
: woensdag
, juli
 1, 2009 11:56 AM
>Aan
: 'Nishit Shah'

>Nishit Shah wrote:
>> I am adding the patch for the same.
>> Please send this to Bart (CCed), who is maintaining arptables.

I'll double check and apply it and make a new release later this week.

cheers,

Bart

Re: arptables ruleset not working when compiling on fedora6,7,8/centos 5/redhat 5

[Jan Engelhardt]

On Wednesday 2009-07-01 11:56, Patrick McHardy wrote:
> Nishit Shah wrote:
>> On Mon, Jun 29, 2009 at 9:48 PM, Nishit Shah<nsshah.82@gmail.com> wrote:
>>>
>>> -/usr/include/linux/netfilter.h:#define NF_MAX_VERDICT NF_REPEAT
>>> +/usr/include/linux/netfilter.h:#define NF_MAX_VERDICT NF_STOP
>>>
>>
>> I am adding the patch for the same.
>
> Please send this to Bart (CCed), who is maintaining arptables.

There is also a rogue arptables_jf clone by some RedHat person —
no homepage, no point of download except distro .src.rpms —
and used by Fedora and openSUSE.

Ccing the relevant persons responsible for that clone, which I am also 
hereby accusing of failing to submit their stuff upstream causing 
unnecessary extra hurdles for users.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: arptables ruleset not working when compiling on fedora6,7,8/centos 5/redhat 5

[Patrick McHardy]

Jan Engelhardt wrote:
> On Wednesday 2009-07-01 11:56, Patrick McHardy wrote:
>> Nishit Shah wrote:
>>> On Mon, Jun 29, 2009 at 9:48 PM, Nishit Shah<nsshah.82@gmail.com> wrote:
>>>> -/usr/include/linux/netfilter.h:#define NF_MAX_VERDICT NF_REPEAT
>>>> +/usr/include/linux/netfilter.h:#define NF_MAX_VERDICT NF_STOP
>>>>
>>> I am adding the patch for the same.
>> Please send this to Bart (CCed), who is maintaining arptables.
> 
> There is also a rogue arptables_jf clone by some RedHat person —
> no homepage, no point of download except distro .src.rpms —
> and used by Fedora and openSUSE.
> 
> Ccing the relevant persons responsible for that clone, which I am also 
> hereby accusing of failing to submit their stuff upstream causing 
> unnecessary extra hurdles for users.

Thanks for pointing this out. Jay, please elaborate on why you've
chosen to fork this instead of working with upstream.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: arptables ruleset not working when compiling on fedora6,7,8/centos 5/redhat 5

[Bart De Schuymer]

Patrick McHardy schreef:
> Jan Engelhardt wrote:
>> On Wednesday 2009-07-01 11:56, Patrick McHardy wrote:
>>> Nishit Shah wrote:
>>>> On Mon, Jun 29, 2009 at 9:48 PM, Nishit Shah<nsshah.82@gmail.com> 
>>>> wrote:
>>>>> -/usr/include/linux/netfilter.h:#define NF_MAX_VERDICT NF_REPEAT
>>>>> +/usr/include/linux/netfilter.h:#define NF_MAX_VERDICT NF_STOP
>>>>>
>>>> I am adding the patch for the same.
>>> Please send this to Bart (CCed), who is maintaining arptables.
>>
>> There is also a rogue arptables_jf clone by some RedHat person —
>> no homepage, no point of download except distro .src.rpms —
>> and used by Fedora and openSUSE.
>>
>> Ccing the relevant persons responsible for that clone, which I am 
>> also hereby accusing of failing to submit their stuff upstream 
>> causing unnecessary extra hurdles for users.
>
> Thanks for pointing this out. Jay, please elaborate on why you've
> chosen to fork this instead of working with upstream.
>
>
I'm not sure when that code was created but I don't think it was a fork. 
I have no idea why they didn't mention this to the netfilter team, it 
would have spared me the trouble. I received a mail from someone at 
RedHat about their tool on 20/10/2003 and I pointed out the sourceforge 
project ebtables where it's maintained. I didn't know they were still 
using their own version...

cheers,
Bart

Re: arptables ruleset not working when compiling on fedora6,7,8/centos 5/redhat 5

[Bart De Schuymer]

[-- Attachment #1: Type: text/plain, Size: 1039 bytes --]

Patrick McHardy schreef:
> Nishit Shah wrote:
>> On Mon, Jun 29, 2009 at 9:48 PM, Nishit Shah<nsshah.82@gmail.com> wrote:
>>>
>>> Bingo !!!
>>>
>>> It is due to the value of ARPT_RETURN. ARPT_RETURN defined in
>>> arptables-v0.0.3-3 is
>>>
>>> ./include/linux/netfilter_arp/arp_tables.h:#define ARPT_RETURN
>>> (-NF_MAX_VERDICT - 1)
>>>
>>> and value of NF_MAX_VERDICT is different on machine running with gcc
>>> 2.96/glibc 2.2.4 and above all machines.
>>>
>>> value of NF_MAX_VERDICT on machine running gcc 2.96 and glibc 2.2.4,
>>>
>>>        /usr/include/linux/netfilter.h:#define NF_MAX_VERDICT NF_REPEAT
>>>
>>> and same file on all above machines,
>>>
>>>        /usr/include/linux/netfilter.h:#define NF_MAX_VERDICT NF_STOP
>>>
>>> Thanks Patrick :)
>>>
>>> Rgds,
>>> Nishit Shah.
>>>
>>
>> I am adding the patch for the same.
>
> Please send this to Bart (CCed), who is maintaining arptables.
>
Nishit, please try the attached file. It uses more recent kernel headers 
that use x_tables. I prefer that approach...

cheers,
Bart


[-- Attachment #2: arptables-v0.0.3-4.tar.gz --]
[-- Type: application/gzip, Size: 48555 bytes --]

Re: arptables ruleset not working when compiling on fedora6,7,8/centos 5/redhat 5

[Jan Engelhardt]

On Sunday 2009-07-05 14:59, Bart De Schuymer wrote:
>>>>-       /usr/include/linux/netfilter.h:#define NF_MAX_VERDICT NF_REPEAT
>>>>+       /usr/include/linux/netfilter.h:#define NF_MAX_VERDICT NF_STOP
>>
> Nishit, please try the attached file. It uses more recent kernel headers that
> use x_tables. I prefer that approach...

You need to use the unifdef'ed headers or funny things like
compiler complaining about __user might pop up.

Re: arptables ruleset not working when compiling on fedora6,7,8/centos 5/redhat 5

[Bart De Schuymer]

Jan Engelhardt schreef:
>> Nishit, please try the attached file. It uses more recent kernel headers that
>> use x_tables. I prefer that approach...
>>     
>
> You need to use the unifdef'ed headers or funny things like
> compiler complaining about __user might pop up.
>   
The tarball I sent compiled fine on my (old) system. Does it give such 
warnings on your system?

cheers,
Bart

Re: arptables ruleset not working when compiling on fedora6,7,8/centos 5/redhat 5

[Jan Engelhardt]

On Monday 2009-07-06 21:54, Bart De Schuymer wrote:

> Jan Engelhardt schreef:
>>> Nishit, please try the attached file. It uses more recent kernel headers that
>>> use x_tables. I prefer that approach...
>>>    
>>
>> You need to use the unifdef'ed headers or funny things like
>> compiler complaining about __user might pop up.
>>  
> The tarball I sent compiled fine on my (old) system. Does it give such warnings
> on your system?

You bet. iptables was also cursed by this [our own lack of using
unifdefed headers from the start] before:


$ make
cc -O2 -Wall -Wunused -I.//include/ -Iinclude/ -DARPTABLES_VERSION=\"0.0.3-4\"
-c -o arptables-standalone.o arptables-standalone.c
In file included from .//include/libarptc/libarptc.h:6,
                 from .//include/arptables.h:5,
                 from arptables-standalone.c:38:
.//include/linux/netfilter_arp/arp_tables.h:19:28: error: linux/compiler.h: No
such file or directory
In file included from .//include/libarptc/libarptc.h:6,
                 from .//include/arptables.h:5,
                 from arptables-standalone.c:38:
.//include/linux/netfilter_arp/arp_tables.h:183: error: expected `:', `,', `;',
`}' or `__attribute__' before `*' token
make: *** [arptables-standalone.o] Error 1

Re: arptables ruleset not working when compiling on fedora6,7,8/centos 5/redhat 5

[Nishit Shah]

Should I wait for another version to test ?

Rgds,
Nishit Shah.

On Tue, Jul 7, 2009 at 1:31 AM, Jan Engelhardt<jengelh@medozas.de> wrote:
> On Monday 2009-07-06 21:54, Bart De Schuymer wrote:
>
>> Jan Engelhardt schreef:
>>>> Nishit, please try the attached file. It uses more recent kernel headers that
>>>> use x_tables. I prefer that approach...
>>>>
>>>
>>> You need to use the unifdef'ed headers or funny things like
>>> compiler complaining about __user might pop up.
>>>
>> The tarball I sent compiled fine on my (old) system. Does it give such warnings
>> on your system?
>
> You bet. iptables was also cursed by this [our own lack of using
> unifdefed headers from the start] before:
>
>
> $ make
> cc -O2 -Wall -Wunused -I.//include/ -Iinclude/ -DARPTABLES_VERSION=\"0.0.3-4\"
> -c -o arptables-standalone.o arptables-standalone.c
> In file included from .//include/libarptc/libarptc.h:6,
>                 from .//include/arptables.h:5,
>                 from arptables-standalone.c:38:
> .//include/linux/netfilter_arp/arp_tables.h:19:28: error: linux/compiler.h: No
> such file or directory
> In file included from .//include/libarptc/libarptc.h:6,
>                 from .//include/arptables.h:5,
>                 from arptables-standalone.c:38:
> .//include/linux/netfilter_arp/arp_tables.h:183: error: expected `:', `,', `;',
> `}' or `__attribute__' before `*' token
> make: *** [arptables-standalone.o] Error 1
>

Re: arptables ruleset not working when compiling on fedora6,7,8/centos 5/redhat 5

[Bart De Schuymer]

Nishit Shah schreef:
> Should I wait for another version to test ?
>
>   
I'll have a look this weekend.

cheers,
Bart