ipset-4.4 on 2.6.16.60 kernel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I am trying to install ipset on the above kernel version after successfully recompiling and installing my iptables v1.3.7.

When I unzip ipset-4.4.tar.bz2, then copy both kernel/include/linux/netfilter_ipv4/ip_set.h AND kernel/include/linux/netfilter_ipv4/ipt_set.h to include/linux/netfilter_ipv4 (the latter was also needed for building iptables as well, though the installation page did not mention that as a requirement) and then ran make I've got the following error:

=================
 CC [M]  /root/ipset-4.4/kernel/ipt_set.o
/root/ipset-4.4/kernel/ipt_set.c: In function `checkentry':
/root/ipset-4.4/kernel/ipt_set.c:167: warning: implicit declaration of function `IPT_ALIGN'
/root/ipset-4.4/kernel/ipt_set.c: In function `ipt_ipset_init':
/root/ipset-4.4/kernel/ipt_set.c:244: warning: passing arg 1 of `xt_register_match' makes integer from pointer without a cast /root/ipset-4.4/kernel/ipt_set.c:244: error: too few arguments to function `xt_register_match'
/root/ipset-4.4/kernel/ipt_set.c: In function `ipt_ipset_fini':
/root/ipset-4.4/kernel/ipt_set.c:249: warning: passing arg 1 of `xt_unregister_match' makes integer from pointer without a cast /root/ipset-4.4/kernel/ipt_set.c:249: error: too few arguments to function `xt_unregister_match'
make[2]: *** [/root/ipset-4.4/kernel/ipt_set.o] Error 1
make[1]: *** [_module_/root/ipset-4.4/kernel] Error 2
=================

Looking at the source of ipt_set.c I think this is what causes the error:

=================
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,16)
#include <linux/netfilter_ipv4/ip_tables.h>
#define xt_register_match       ipt_register_match
#define xt_unregister_match     ipt_unregister_match
#define xt_match                ipt_match
#else
#include <linux/netfilter/x_tables.h>
#endif
#include <linux/netfilter_ipv4/ip_set.h>
#include <linux/netfilter_ipv4/ipt_set.h>
.....
static int __init ipt_ipset_init(void)
{
       return xt_register_match(&set_match);
}

static void __exit ipt_ipset_fini(void)
{
       xt_unregister_match(&set_match);
}
=================

I looked at both x_tables.h and ip_tables.h files and they do contain the following:

x_tables.h
~~~~~~~~~~
extern int xt_register_match(int af, struct xt_match *target);
extern void xt_unregister_match(int af, struct xt_match *target);

ip_tables.h
~~~~~~~~~~~
#define ipt_register_match(mtch) xt_register_match(AF_INET, mtch)
#define ipt_unregister_match(mtch) xt_unregister_match(AF_INET, mtch)

According to the above as my kernel version appears to be > 2,6,16 x_tables.h include triggers and it defines the 2 functions, but requiring two parameters instead of the one defined in ipt_set.c! I tried to change the version to KERNEL_VERSION(2,6,17) to force include of netfilter_ipv4/ip_tables.h - that passes, though for this file I get the following warning:

=================
 CC [M]  /root/ipset-4.4/kernel/ipt_set.o
/root/ipset-4.4/kernel/ipt_set.c: In function `ipt_ipset_init':
/root/ipset-4.4/kernel/ipt_set.c:244: warning: implicit declaration of function `ipt_register_match'
/root/ipset-4.4/kernel/ipt_set.c: In function `ipt_ipset_fini':
/root/ipset-4.4/kernel/ipt_set.c:249: warning: implicit declaration of function `ipt_unregister_match'
=================

and then get a similar error for ipt_SET.c:

=================
 CC [M]  /root/ipset-4.4/kernel/ipt_SET.o
/root/ipset-4.4/kernel/ipt_SET.c: In function `checkentry':
/root/ipset-4.4/kernel/ipt_SET.c:157: warning: implicit declaration of function `IPT_ALIGN'
/root/ipset-4.4/kernel/ipt_SET.c: In function `ipt_SET_init':
/root/ipset-4.4/kernel/ipt_SET.c:247: warning: passing arg 1 of `xt_register_target' makes integer from pointer without a cast /root/ipset-4.4/kernel/ipt_SET.c:247: error: too few arguments to function `xt_register_target'
/root/ipset-4.4/kernel/ipt_SET.c: In function `ipt_SET_fini':
/root/ipset-4.4/kernel/ipt_SET.c:252: warning: passing arg 1 of `xt_unregister_target' makes integer from pointer without a cast /root/ipset-4.4/kernel/ipt_SET.c:252: error: too few arguments to function `xt_unregister_target'
make[2]: *** [/root/ipset-4.4/kernel/ipt_SET.o] Error 1
make[1]: *** [_module_/root/ipset-4.4/kernel] Error 2
=================

Trying the same 'trick' for ipt_SET.c won't work though, I am getting this:

=================
 CC [M]  /root/ipset-4.4/kernel/ipt_SET.o
/root/ipset-4.4/kernel/ipt_SET.c:24:1: warning: "XT_CONTINUE" redefined
In file included from include/linux/netfilter_ipv4/ip_tables.h:28,
                from /root/ipset-4.4/kernel/ipt_SET.c:20:
include/linux/netfilter/x_tables.h:17:1: warning: this is the location of the previous definition
/root/ipset-4.4/kernel/ipt_SET.c: In function `target':
/root/ipset-4.4/kernel/ipt_SET.c:94: error: `XT_CONTINUE' undeclared (first use in this function) /root/ipset-4.4/kernel/ipt_SET.c:94: error: (Each undeclared identifier is reported only once /root/ipset-4.4/kernel/ipt_SET.c:94: error: for each function it appears in.)
/root/ipset-4.4/kernel/ipt_SET.c: In function `ipt_SET_init':
/root/ipset-4.4/kernel/ipt_SET.c:247: warning: implicit declaration of function `ipt_register_target'
/root/ipset-4.4/kernel/ipt_SET.c: In function `ipt_SET_fini':
/root/ipset-4.4/kernel/ipt_SET.c:252: warning: implicit declaration of function `ipt_unregister_target'
make[2]: *** [/root/ipset-4.4/kernel/ipt_SET.o] Error 1
make[1]: *** [_module_/root/ipset-4.4/kernel] Error 2
make[1]: Leaving directory `/usr/src/expresscore/distrib/build/sources/kernel-runtime/linux-2.6.16.60'
make: *** [modules] Error 2
=================

XT_CONTINUE is defined as IPT_CONTINUE, which, in ip_tables.h is defined as ... XT_CONTINUE in ip_tables.h! After a bit more digging I found that netfilter/x_tables.h defines XT_CONTINUE as 0xFFFFFFFF, so I tried to replace this in ipt_SET.c, but when tried make again I've got this:

=================
 CC [M]  /root/ipset-4.4/kernel/ipt_set.o
/root/ipset-4.4/kernel/ipt_set.c: In function `ipt_ipset_init':
/root/ipset-4.4/kernel/ipt_set.c:244: warning: implicit declaration of function `ipt_register_match'
/root/ipset-4.4/kernel/ipt_set.c: In function `ipt_ipset_fini':
/root/ipset-4.4/kernel/ipt_set.c:249: warning: implicit declaration of function `ipt_unregister_match'
 CC [M]  /root/ipset-4.4/kernel/ipt_SET.o
/root/ipset-4.4/kernel/ipt_SET.c: In function `ipt_SET_init':
/root/ipset-4.4/kernel/ipt_SET.c:247: warning: implicit declaration of function `ipt_register_target'
/root/ipset-4.4/kernel/ipt_SET.c: In function `ipt_SET_fini':
/root/ipset-4.4/kernel/ipt_SET.c:252: warning: implicit declaration of function `ipt_unregister_target'

 Building modules, stage 2.
 MODPOST
*** Warning: "ipt_unregister_match" [/root/ipset-4.4/kernel/ipt_set.ko] undefined! *** Warning: "ipt_register_match" [/root/ipset-4.4/kernel/ipt_set.ko] undefined! *** Warning: "ipt_unregister_target" [/root/ipset-4.4/kernel/ipt_SET.ko] undefined! *** Warning: "ipt_register_target" [/root/ipset-4.4/kernel/ipt_SET.ko] undefined!
=================

Where I am now stuck and would appreciate a bit of help.

My iptables 1.3.7 compiled and installed successfully (from what I can gather it added two additional files in /usr/lib/iptables - libipt_set.so and libipt_SET.so), so I don't think this is iptables problem.


ipset-4.4 has just been released with one important fix and some small corrections:

Kernel part changes:
- The ipporthash, ipportiphash and ipportnethash set types did not work with mixed "src" and "dst" direction parameters of the "set" and "SET" iptables match and target (reported by Dash Four) - Errorneous semaphore handling in error path fixed (reported by Jan Engelhardt, bugzilla id 668)

--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux