Compiling 1.3.6

Compiling 1.3.6

[Jorge Bastos]

I was compiling the 1.3.6 version of iptables, agains my 2.6.19-rc1 kernel 
version and i get this (it also happens with the final 2.6.18).
Is there some livrary that needs an upgrade or am i missing something?
I already tryed the svn last version and the same happens.

Thanks,
Jorge


Extensions found: IPv4:CLUSTERIP IPv4:connbytes IPv4:dccp IPv4:quota 
IPv4:recent IPv4:statistic IPv4:string IPv6:REJECT IPv6:ah IPv6:esp 
IPv6:frag IPv6:ipv6header IPv6:rt
cc -O2 -Wall -Wunused -I/usr/src/linux-2.6.18/include -Iinclude/ -DIPTABLES_VERSION=\"1.3.6\" 
  -fPIC -o extensions/libipt_iprange_sh.o -c extensions/libipt_iprange.c
In file included from extensions/libipt_iprange.c:9:
/usr/src/linux-2.6.18/include/linux/netfilter_ipv4/ipt_iprange.h:11: error: 
expected specifier-qualifier-list before '__be32'
extensions/libipt_iprange.c: In function 'parse_iprange':
extensions/libipt_iprange.c:43: error: 'struct ipt_iprange' has no member 
named 'min_ip'
extensions/libipt_iprange.c:50: error: 'struct ipt_iprange' has no member 
named 'max_ip'
extensions/libipt_iprange.c:52: error: 'struct ipt_iprange' has no member 
named 'max_ip'
extensions/libipt_iprange.c:52: error: 'struct ipt_iprange' has no member 
named 'min_ip'
extensions/libipt_iprange.c: In function 'print_iprange':
extensions/libipt_iprange.c:116: error: 'const struct ipt_iprange' has no 
member named 'min_ip'
extensions/libipt_iprange.c:117: error: 'const struct ipt_iprange' has no 
member named 'max_ip'
make: *** [extensions/libipt_iprange_sh.o] Error 1 

Re: Compiling 1.3.6

[Pablo Neira Ayuso]

[-- Attachment #1: Type: text/plain, Size: 711 bytes --]

Hi Patrick,

Jorge Bastos wrote:
> I was compiling the 1.3.6 version of iptables, agains my 2.6.19-rc1
> kernel version and i get this (it also happens with the final 2.6.18).
> Is there some livrary that needs an upgrade or am i missing something?
> I already tryed the svn last version and the same happens.

min_ip and max_ip type has been changed from u_int32_t to __be32 that is
not defined in userspace, this breaks iptables compilation. Attached a
patch that recovers the use of u_int32_t. I'm not sure if this is the
best fix so let me know what you think.

-- 
The dawn of the fourth age of Linux firewalling is coming; a time of
great struggle and heroic deeds -- J.Kadlecsik got inspired by J.Morris

[-- Attachment #2: x --]
[-- Type: text/plain, Size: 721 bytes --]

[PATCH] Fix iptables compilation with support for iprange

iptables requires ipt_iprange.h that defines max_ip and min_ip as __be32
that is not defined in userspace.

Reported by Jorge Bastos.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

Index: net-2.6/include/linux/netfilter_ipv4/ipt_iprange.h
===================================================================
--- net-2.6.orig/include/linux/netfilter_ipv4/ipt_iprange.h	2006-10-09 00:15:42.000000000 +0200
+++ net-2.6/include/linux/netfilter_ipv4/ipt_iprange.h	2006-10-09 00:15:55.000000000 +0200
@@ -8,7 +8,7 @@
 
 struct ipt_iprange {
 	/* Inclusive: network order. */
-	__be32 min_ip, max_ip;
+	u_int32_t min_ip, max_ip;
 };
 
 struct ipt_iprange_info

Re: Compiling 1.3.6

[Patrick McHardy]

[-- Attachment #1: Type: text/plain, Size: 394 bytes --]

Pablo Neira Ayuso wrote:
> min_ip and max_ip type has been changed from u_int32_t to __be32 that is
> not defined in userspace, this breaks iptables compilation. Attached a
> patch that recovers the use of u_int32_t. I'm not sure if this is the
> best fix so let me know what you think.

I think we should just define the endian-annotation types in userspace.
Does this patch fix compilation?


[-- Attachment #2: x --]
[-- Type: text/plain, Size: 395 bytes --]

Index: include/iptables_common.h
===================================================================
--- include/iptables_common.h	(Revision 6660)
+++ include/iptables_common.h	(Arbeitskopie)
@@ -42,4 +42,9 @@
   extern void init_extensions(void);
 #endif
 
+#define __be32	u_int32_t
+#define __le32	u_int32_t
+#define __be16	u_int16_t
+#define __le16	u_int16_t
+
 #endif /*_IPTABLES_COMMON_H*/

Re: Compiling 1.3.6

[Pablo Neira Ayuso]

Patrick McHardy wrote:
> Pablo Neira Ayuso wrote:
> 
>>min_ip and max_ip type has been changed from u_int32_t to __be32 that is
>>not defined in userspace, this breaks iptables compilation. Attached a
>>patch that recovers the use of u_int32_t. I'm not sure if this is the
>>best fix so let me know what you think.
> 
> 
> I think we should just define the endian-annotation types in userspace.
> Does this patch fix compilation?

But this breaks previous iptables version with new kernels :(. An 
alternative can be exporting ipt_iprange.h to iptables/include although 
this is also a hack.

-- 
The dawn of the fourth age of Linux firewalling is coming; a time of 
great struggle and heroic deeds -- J.Kadlecsik got inspired by J.Morris

Re: Compiling 1.3.6

[Pablo Neira Ayuso]

Pablo Neira Ayuso wrote:
> Patrick McHardy wrote:
> 
>> Pablo Neira Ayuso wrote:
>>
>>> min_ip and max_ip type has been changed from u_int32_t to __be32 that is
>>> not defined in userspace, this breaks iptables compilation. Attached a
>>> patch that recovers the use of u_int32_t. I'm not sure if this is the
>>> best fix so let me know what you think.
>>
>>
>>
>> I think we should just define the endian-annotation types in userspace.
>> Does this patch fix compilation?
> 
> 
> But this breaks previous iptables version with new kernels :(.  An
> alternative can be exporting ipt_iprange.h to iptables/include although 
> this is also a hack.

Forget the alternative, it won't work either

-- 
The dawn of the fourth age of Linux firewalling is coming; a time of 
great struggle and heroic deeds -- J.Kadlecsik got inspired by J.Morris

Re: Compiling 1.3.6

[Marco Berizzi]

Pablo Neira Ayuso wrote:

>Pablo Neira Ayuso wrote:
>>Patrick McHardy wrote:
>>
>>>Pablo Neira Ayuso wrote:
>>>
>>>>min_ip and max_ip type has been changed from u_int32_t to __be32 that is
>>>>not defined in userspace, this breaks iptables compilation.

I'm able to compile iptables 1.3.6 with 2.6.18 kernel
headers without any errors.
However iptables 1.3.6 + linux 2.6.19-rc1 kernel
headers give me this error:

cc -O2 -Wall -Wunused -I/usr/src/linux/include -Iinclude/ 
-DIPTABLES_VERSION=\"1.3.6\"  -fPIC -o extensions/libipt_iprange_sh.o -c 
exte
nsions/libipt_iprange.c
In file included from extensions/libipt_iprange.c:9:
/usr/src/linux/include/linux/netfilter_ipv4/ipt_iprange.h:11: error: syntax 
error before "__be32"
/usr/src/linux/include/linux/netfilter_ipv4/ipt_iprange.h:11: warning: no 
semicolon at end of struct or union
/usr/src/linux/include/linux/netfilter_ipv4/ipt_iprange.h:16: error: field 
`src' has incomplete type
/usr/src/linux/include/linux/netfilter_ipv4/ipt_iprange.h:17: error: field 
`dst' has incomplete type
extensions/libipt_iprange.c: In function `parse_iprange':
extensions/libipt_iprange.c:43: error: dereferencing pointer to incomplete 
type
extensions/libipt_iprange.c:50: error: dereferencing pointer to incomplete 
type
extensions/libipt_iprange.c:52: error: dereferencing pointer to incomplete 
type
extensions/libipt_iprange.c:52: error: dereferencing pointer to incomplete 
type
extensions/libipt_iprange.c: In function `print_iprange':
extensions/libipt_iprange.c:116: error: dereferencing pointer to incomplete 
type
extensions/libipt_iprange.c:117: error: dereferencing pointer to incomplete 
type
make: *** [extensions/libipt_iprange_sh.o] Error 1

My env: Slackware Linux 11.0

Linux Calimero 2.6.19-rc1 #1 PREEMPT Thu Oct 5 15:26:06 CEST 2006 i686 
pentium3 i386 GNU/Linux

Gnu C                  3.4.6
Gnu make               3.81
binutils               2.15.92.0.2
util-linux             2.12r
mount                  2.12r
module-init-tools      3.2.2
e2fsprogs              1.38
Linux C Library        2.3.6
Dynamic linker (ldd)   2.3.6
Linux C++ Library      6.0.3
Procps                 3.2.7
Net-tools              1.60
Kbd                    1.12
Sh-utils               5.97

Re: Compiling 1.3.6

[Patrick McHardy]

Marco Berizzi wrote:
> Pablo Neira Ayuso wrote:
> 
>> Pablo Neira Ayuso wrote:
>>
>>> Patrick McHardy wrote:
>>>
>>>> Pablo Neira Ayuso wrote:
>>>>
>>>>> min_ip and max_ip type has been changed from u_int32_t to __be32
>>>>> that is
>>>>> not defined in userspace, this breaks iptables compilation.
> 
> 
> I'm able to compile iptables 1.3.6 with 2.6.18 kernel
> headers without any errors.
> However iptables 1.3.6 + linux 2.6.19-rc1 kernel
> headers give me this error:

Does the patch I just sent fix it?

Re: Compiling 1.3.6

[Marco Berizzi]

Patrick McHardy wrote:

>Marco Berizzi wrote:
> > Pablo Neira Ayuso wrote:
> >
> >> Pablo Neira Ayuso wrote:
> >>
> >>> Patrick McHardy wrote:
> >>>
> >>>> Pablo Neira Ayuso wrote:
> >>>>
> >>>>> min_ip and max_ip type has been changed from u_int32_t to __be32
> >>>>> that is
> >>>>> not defined in userspace, this breaks iptables compilation.
> >
> >
> > I'm able to compile iptables 1.3.6 with 2.6.18 kernel
> > headers without any errors.
> > However iptables 1.3.6 + linux 2.6.19-rc1 kernel
> > headers give me this error:
>
>Does the patch I just sent fix it?

Yes, now I'm able to compile iptables 1.3.6 with 2.6.19-rc1
kernel headers with your patch:

Index: include/iptables_common.h
===================================================================
--- include/iptables_common.h   (Revision 6660)
+++ include/iptables_common.h   (Arbeitskopie)
@@ -42,4 +42,9 @@
   extern void init_extensions(void);
#endif

+#define __be32 u_int32_t
+#define __le32 u_int32_t
+#define __be16 u_int16_t
+#define __le16 u_int16_t
+
#endif /*_IPTABLES_COMMON_H*/

Re: Compiling 1.3.6

[Patrick McHardy]

Marco Berizzi wrote:
> Patrick McHardy wrote:
> 
>> Does the patch I just sent fix it?
> 
> 
> Yes, now I'm able to compile iptables 1.3.6 with 2.6.19-rc1
> kernel headers with your patch:

Thanks, I've committed it to SVN.

Re: Compiling 1.3.6

[Jorge Bastos]

Great!
I'm going to try it.

Jorge

----- Original Message ----- 
From: "Patrick McHardy" <kaber@trash.net>
To: "Marco Berizzi" <pupilla@hotmail.com>
Cc: <pablo@netfilter.org>; <mysql.jorge@decimal.pt>; 
<netfilter-devel@lists.netfilter.org>; <netfilter@lists.netfilter.org>
Sent: Monday, October 09, 2006 6:23 PM
Subject: Re: Compiling 1.3.6


> Marco Berizzi wrote:
>> Patrick McHardy wrote:
>>
>>> Does the patch I just sent fix it?
>>
>>
>> Yes, now I'm able to compile iptables 1.3.6 with 2.6.19-rc1
>> kernel headers with your patch:
>
> Thanks, I've committed it to SVN.
> 

Re: Compiling 1.3.6

[Patrick McHardy]

Pablo Neira Ayuso wrote:
> Patrick McHardy wrote:
> 
>> Pablo Neira Ayuso wrote:
>>
>>> min_ip and max_ip type has been changed from u_int32_t to __be32 that is
>>> not defined in userspace, this breaks iptables compilation. Attached a
>>> patch that recovers the use of u_int32_t. I'm not sure if this is the
>>> best fix so let me know what you think.
>>
>>
>>
>> I think we should just define the endian-annotation types in userspace.
>> Does this patch fix compilation?
> 
> 
> But this breaks previous iptables version with new kernels :(. An
> alternative can be exporting ipt_iprange.h to iptables/include although
> this is also a hack.

We should consider moving away from using the kernel headers directly.
Breaking compilation of old iptables versions is not too bad IMO,
old binaries will still work and someone compiling old iptables with
a new kernel can just as well just compile a new version.

Unfortunately 1.3.6 won't compile with 2.6.19, so we might have to put
out a new version soon.