So does anyone have any ideas how to deal with this problem? It seems to be effecting lots of people and I've done everything I know how to document and troubleshoot it. Here is a short summary of the problem: > ip_conntrack_pptp.ko needs unknown symbol __ip_conntrack_expect_find Details below Thanks - Greg Scott -----Original Message----- From: Greg Scott Sent: Sunday, August 28, 2005 6:07 PM To: 'netfilter@xxxxxxxxxxxxxxxxxxx' Subject: Problems building ip_conntrack_pptp with kernel 2.6.12.5; and what does nfnetlink do? Hi all - I am trying to build a 2.6.12.5 kernel with the patch-o-matic-20050825 pptp patches. Make modules dies with this problem: WARNING: /lib/modules/2.6.12.5fw20/kernel/net/ipv4/netfilter/ip_conntrack_pptp.ko needs unknown symbol __ip_conntrack_expect_find I edited the EXTRAVERSION line in Makefile and I started with the .config file that came with RedHat fc4 and 2.6.11-1. I updated my copy of .config with make oldconfig. This is how I put in the PPTP and other patch-o-matic patches: cd /usr/src/patch-o-matic-ng-20050825 ./runme --batch connlimit ##./runme --ip_contrack_count (Not in the .tar file) ./runme --batch iprange ./runme --batch mport (multiport match - deprecated soon) ./runme --batch psd ./runme --batch comment ./runme --batch h323-conntrack-nat ##./runme --batch ipp2p (Not in the .tar file) ./runme --batch pptp-conntrack-nat I did some more detective work. A google search led me to a suggestion that the ip_conntrack__pptp patch now depends on another patch called nfnetlink. So I went to my copy of the expanded POM tree and looked. Here is what I found: [root@gsgv-fw nfnetlink]# pwd /usr/src/patch-o-matic-ng-20050825/patchlets/nfnetlink [root@gsgv-fw nfnetlink]# cd .. [root@gsgv-fw patchlets]# grep -R ip_conntrack_expect_find * ctnetlink/linux-2.6.patch:+__ip_conntrack_expect_find(const struct ip_conntrack_tuple *tuple) ctnetlink/linux-2.6.patch:+ip_conntrack_expect_find_get(const struct ip_conntrack_tuple *tuple) ctnetlink/linux-2.6.patch:+ i = __ip_conntrack_expect_find(tuple); ctnetlink/linux-2.6.patch:+EXPORT_SYMBOL(__ip_conntrack_expect_find); ctnetlink/linux-2.6.patch:+EXPORT_SYMBOL(ip_conntrack_expect_find_get); ctnetlink/linux-2.6.patch:+__ip_conntrack_expect_find(const struct ip_conntrack_tuple *tuple); ctnetlink/linux-2.6.patch:+ip_conntrack_expect_find_get(const struct ip_conntrack_tuple *tuple); ctnetlink/linux-2.6.11/net/ipv4/netfilter/ip_conntrack_netlink.c: exp = ip_conntrack_expect_find_get(tuple); ctnetlink/linux-2.6.11/net/ipv4/netfilter/ip_conntrack_netlink.c: exp = ip_conntrack_expect_find_get(tuple); ctnetlink/linux-2.6.11/net/ipv4/netfilter/ip_conntrack_netlink.c: exp = __ip_conntrack_expect_find(tuple); netfilter-docbook/linux-2.4.patch: ip_conntrack_expect_find_get(const struct ip_conntrack_tuple *tuple) netfilter-docbook/linux-2.6.patch: ip_conntrack_expect_find_get(const struct ip_conntrack_tuple *tuple) nfnetlink-ctnetlink-0.13/linux-2.6.patch:+ exp = ip_conntrack_expect_find_get(tuple); nfnetlink-ctnetlink-0.13/linux-2.6.patch:+ exp = ip_conntrack_expect_find_get(tuple); nfnetlink-ctnetlink-0.13/linux.patch: ip_conntrack_expect_find_get(const struct ip_conntrack_tuple *tuple) nfnetlink-ctnetlink-0.13/linux.patch: EXPORT_SYMBOL_GPL(ip_conntrack_expect_find_get); nfnetlink-ctnetlink-0.13/linux/net/ipv4/netfilter/nfnetlink_conntrack.c: exp = ip_conntrack_expect_find_get(tuple); nfnetlink-ctnetlink-0.13/linux/net/ipv4/netfilter/nfnetlink_conntrack.c: exp = ip_conntrack_expect_find_get(tuple); pptp-conntrack-nat/linux-2.6.11/net/ipv4/netfilter/ip_conntrack_pptp.c: exp = __ip_conntrack_expect_find(t); [root@gsgv-fw patchlets]# Based on the above, it looks like ctnetlink defines and exports the missing symbol. A look at the info for ctnetlink tells me it depends on nfnetlink. I see two, maybe three choices for nfnetlink: These are, nfnetlink, nfnetlink-ctnetlink-0.13, and nfnetlink_queue. The info for nfnetliink-ctnetlink-0.13 says this one is deprecated. Although recursive grep above shows that nfnetlink-ctnetlink mentions the missing symbol, its deffinitions may be obsolete. The info for nfnetlink_queue says it depends on nfnetlink. The info for nfnetlink only says it depends on a kernel >= 2.6.0. And the info for all these modules is maddening because it does not tell me what they do! I decided to add nfnetlink and ctnetlink to the list of POM patches I use and try another kernel build. The nfnetlink patch went in with no problems. But ctnetlink gave me this: Testing ctnetlink... not applied The ctnetlink patch: Author: Jay Schulist, Harald Welte, Patrick McHardy, et.al. Status: Stable newfile: 4 files in our way, unable to apply ERROR (6 rejects out of 48 hunks) ----------------------------------------------------------------- Do you want to apply this patch [N/y/t/f/a/r/b/w/q/?] n I said no - the last thing I want is to put in a messed up patch! So now I am stuck again. Is there some order in which I should apply these patches? Am I applying the correct patches? How do we add the pptp patches these days??? Thanks - Greg Scott GregScott@xxxxxxxxxxxxxxxxxxx USA cell phone 1-651-260-1051
