Hallo,
ich habe ein Problem iptables zu emergen. Ich benutze Kernel 2.6.7.
/usr/src/linux zeigt auf die aktuellen Quellen. Wenn ich emerge -v iptables mache, kommt folgendes:
--------------- snip ------------------
Making dependencies: please wait...
Extensions found: IPv4:recent IPv6:ah IPv6:esp IPv6:frag IPv6:ipv6header IPv6:hbh IPv6:dst IPv6:rt
gcc -O2 -mcpu=i686 -fomit-frame-pointer -Iinclude -Wall -Wunused -I/usr/src/linux/include -DIPTABLES_VERSION=\"1.2.9\" -fPIC -o extensions/libipt_stealth_sh.o -c extensions/libipt_stealth.c
In file included from include/libiptc/libiptc.h:6,
from include/iptables.h:5,
from extensions/libipt_stealth.c:10:
/usr/src/linux/include/linux/netfilter_ipv4/ip_tables.h:255: Warnung: kein Semikolon am Ende von »struct« oder »union«
/usr/src/linux/include/linux/netfilter_ipv4/ip_tables.h:255: error: Syntaxfehler before '*' token
/usr/src/linux/include/linux/netfilter_ipv4/ip_tables.h:259: error: Syntaxfehler before '}' token
/usr/src/linux/include/linux/netfilter_ipv4/ip_tables.h:339: Warnung: type defaults to `int' in declaration of `DECLARE_MUTEX'
/usr/src/linux/include/linux/netfilter_ipv4/ip_tables.h:339: Warnung: Parameternamen (ohne Typen) in Funktionsdeklaration
/usr/src/linux/include/linux/netfilter_ipv4/ip_tables.h:339: Warnung: `DECLARE_MUTEX' declared `static' but never defined
make: *** [extensions/libipt_stealth_sh.o] Fehler 1
!!! ERROR: net-firewall/iptables-1.2.9-r1 failed.
!!! Function src_compile, Line 64, Exitcode 2
!!! (no error message)
-------------- snip --------------------
Ich habe auch schon versucht die Version 1.2.7 zu emergen, klappt aber auch nicht. Unterstützung ist Fest im Kernel eincompiliert. Vielleicht kann mir jemand einen Tipp geben, woran es genauer liegen könnte.
emerge info vielleicht noch:
Portage 2.0.50-r8 (default-x86-2004.0, gcc-3.3.3, glibc-2.3.3.20040420-r0, 2.6.7)
Vielen Dank im Voraus,
Frank
iptables emerge problem kernel 2.6.7
Message
- Frankieboy
- n00b
- Posts: 14
- Joined: Fri Jun 11, 2004 8:31 am
Hi,
Greetings
Frank
Thanks.agent_jdh wrote:Not in German, but there is a bug report / patch here-
http://bugs.gentoo.org/show_bug.cgi?id=53537
Greetings
Frank
Removing the /usr/src/linux symlink worked for me (2.6.7-gentoo-r5)
Daniel Haus
http://danielhaus.de
http://danielhaus.de
Fix for 2.6.7-gentoo-r6:
copy over ip_tables.h from /usr/include to /usr/src..
cp /usr/include/linux/netfilter_ipv4/ip_tables.h \
/usr/src/linux/include/linux/netfilter_ipv4/
If you use ipv6, you must copy the netfilter_ipv6/ip6_tables.h to usr/src..foo/netfilter_ipv6/ as well.
And I guess for arp_tables works the same. I'm not using ARP tables.
Bye
copy over ip_tables.h from /usr/include to /usr/src..
cp /usr/include/linux/netfilter_ipv4/ip_tables.h \
/usr/src/linux/include/linux/netfilter_ipv4/
If you use ipv6, you must copy the netfilter_ipv6/ip6_tables.h to usr/src..foo/netfilter_ipv6/ as well.
And I guess for arp_tables works the same. I'm not using ARP tables.
Bye
iptables-1.2.9-r3 failure bug report
all my boxen have gentoo-dev-sources-2.6.7-r5 and all of them (various archs, P1, P2, P3, Athlon-XP, Celerons) Fail to emerge iptables-1.2.9-r3
This is with USE="extensions" and without.
Here is the error I get with USE="extensions" emerge iptables
------------------------------------------
>>> Source unpacked.
extensions
Making dependencies: please wait...
Extensions found: IPv4:recent IPv6:ah IPv6:esp IPv6:frag IPv6:ipv6header IPv6:hbh IPv6:dst IPv6:rt
gcc -march=athlon-xp -O3 -pipe -fno-stack-protector -Iinclude -Wall -Wunused -I/usr/src/linux/include -DIPTABLES_VERSION=\"1.2.9\" -fPIC -o extensions/libipt_stealth_sh.o -c extensions/libipt_stealth.c
In file included from include/libiptc/libiptc.h:6,
from include/iptables.h:5,
from extensions/libipt_stealth.c:10:
/usr/src/linux/include/linux/netfilter_ipv4/ip_tables.h:255: warning: no semicolon at end of struct or union
/usr/src/linux/include/linux/netfilter_ipv4/ip_tables.h:255: error: syntax error before '*' token
/usr/src/linux/include/linux/netfilter_ipv4/ip_tables.h:259: error: syntax error before '}' token
/usr/src/linux/include/linux/netfilter_ipv4/ip_tables.h:339: warning: type defaults to `int' in declaration of `DECLARE_MUTEX'
/usr/src/linux/include/linux/netfilter_ipv4/ip_tables.h:339: warning: parameter names (without types) in function declaration
/usr/src/linux/include/linux/netfilter_ipv4/ip_tables.h:339: warning: `DECLARE_MUTEX' declared `static' but never defined
make: *** [extensions/libipt_stealth_sh.o] Error 1
!!! ERROR: net-firewall/iptables-1.2.9-r3 failed.
!!! Function src_compile, Line 85, Exitcode 2
!!! Please check http://cvs.iptables.org/patch-o-matic-ng/updates/ if your kernel needs to be patched for iptables
And here is the error I get with just plain emerge iptables
---------------------------------------------
) in function declaration
/usr/src/linux/include/linux/netfilter_ipv4/ip_tables.h:339: warning: `DECLARE_MUTEX' declared `static' but never defined
make: *** [extensions/libipt_recent_sh.o] Error 1
gcc -march=athlon-xp -O3 -pipe -fno-stack-protector -Iinclude -Wall -Wunused -I/usr/src/linux/include -DIPTABLES_VERSION=\"1.2.9\" -fPIC -o extensions/libipt_recent_sh.o -c extensions/libipt_recent.c
In file included from include/libiptc/libiptc.h:6,
from include/iptables.h:5,
from extensions/libipt_recent.c:8:
/usr/src/linux/include/linux/netfilter_ipv4/ip_tables.h:255: warning: no semicolon at end of struct or union
/usr/src/linux/include/linux/netfilter_ipv4/ip_tables.h:255: error: syntax error before '*' token
/usr/src/linux/include/linux/netfilter_ipv4/ip_tables.h:259: error: syntax error before '}' token
/usr/src/linux/include/linux/netfilter_ipv4/ip_tables.h:339: warning: type defaults to `int' in declaration of `DECLARE_MUTEX'
/usr/src/linux/include/linux/netfilter_ipv4/ip_tables.h:339: warning: parameter names (without types) in function declaration
/usr/src/linux/include/linux/netfilter_ipv4/ip_tables.h:339: warning: `DECLARE_MUTEX' declared `static' but never defined
make: *** [extensions/libipt_recent_sh.o] Error 1
I've just tried, on one of my boxes, erasing the /usr/src/linux symlink, and this caused the ebuild to work successfully on that box. Do you think this will be a problem considering the kernel-headers are from a 2.4 kernel? (and speaking of which, should i upgrade kernel-headers to ~x86 ie 2.6 ones)
So.. should I log a new bug for iptables-1.2.9-r3 ?
This is with USE="extensions" and without.
Here is the error I get with USE="extensions" emerge iptables
------------------------------------------
>>> Source unpacked.
extensions
Making dependencies: please wait...
Extensions found: IPv4:recent IPv6:ah IPv6:esp IPv6:frag IPv6:ipv6header IPv6:hbh IPv6:dst IPv6:rt
gcc -march=athlon-xp -O3 -pipe -fno-stack-protector -Iinclude -Wall -Wunused -I/usr/src/linux/include -DIPTABLES_VERSION=\"1.2.9\" -fPIC -o extensions/libipt_stealth_sh.o -c extensions/libipt_stealth.c
In file included from include/libiptc/libiptc.h:6,
from include/iptables.h:5,
from extensions/libipt_stealth.c:10:
/usr/src/linux/include/linux/netfilter_ipv4/ip_tables.h:255: warning: no semicolon at end of struct or union
/usr/src/linux/include/linux/netfilter_ipv4/ip_tables.h:255: error: syntax error before '*' token
/usr/src/linux/include/linux/netfilter_ipv4/ip_tables.h:259: error: syntax error before '}' token
/usr/src/linux/include/linux/netfilter_ipv4/ip_tables.h:339: warning: type defaults to `int' in declaration of `DECLARE_MUTEX'
/usr/src/linux/include/linux/netfilter_ipv4/ip_tables.h:339: warning: parameter names (without types) in function declaration
/usr/src/linux/include/linux/netfilter_ipv4/ip_tables.h:339: warning: `DECLARE_MUTEX' declared `static' but never defined
make: *** [extensions/libipt_stealth_sh.o] Error 1
!!! ERROR: net-firewall/iptables-1.2.9-r3 failed.
!!! Function src_compile, Line 85, Exitcode 2
!!! Please check http://cvs.iptables.org/patch-o-matic-ng/updates/ if your kernel needs to be patched for iptables
And here is the error I get with just plain emerge iptables
---------------------------------------------
) in function declaration
/usr/src/linux/include/linux/netfilter_ipv4/ip_tables.h:339: warning: `DECLARE_MUTEX' declared `static' but never defined
make: *** [extensions/libipt_recent_sh.o] Error 1
gcc -march=athlon-xp -O3 -pipe -fno-stack-protector -Iinclude -Wall -Wunused -I/usr/src/linux/include -DIPTABLES_VERSION=\"1.2.9\" -fPIC -o extensions/libipt_recent_sh.o -c extensions/libipt_recent.c
In file included from include/libiptc/libiptc.h:6,
from include/iptables.h:5,
from extensions/libipt_recent.c:8:
/usr/src/linux/include/linux/netfilter_ipv4/ip_tables.h:255: warning: no semicolon at end of struct or union
/usr/src/linux/include/linux/netfilter_ipv4/ip_tables.h:255: error: syntax error before '*' token
/usr/src/linux/include/linux/netfilter_ipv4/ip_tables.h:259: error: syntax error before '}' token
/usr/src/linux/include/linux/netfilter_ipv4/ip_tables.h:339: warning: type defaults to `int' in declaration of `DECLARE_MUTEX'
/usr/src/linux/include/linux/netfilter_ipv4/ip_tables.h:339: warning: parameter names (without types) in function declaration
/usr/src/linux/include/linux/netfilter_ipv4/ip_tables.h:339: warning: `DECLARE_MUTEX' declared `static' but never defined
make: *** [extensions/libipt_recent_sh.o] Error 1
I've just tried, on one of my boxes, erasing the /usr/src/linux symlink, and this caused the ebuild to work successfully on that box. Do you think this will be a problem considering the kernel-headers are from a 2.4 kernel? (and speaking of which, should i upgrade kernel-headers to ~x86 ie 2.6 ones)
So.. should I log a new bug for iptables-1.2.9-r3 ?
iptables-1.2.11-r1 doesnt emerge either
I can confirm the above problem also exists in exactly the same way for iptables-1.2.11-r1.ebuild
The *REALLY* annoying thing is that it still MERGES the incomplete compile into the live system and unmerges the old version. This means that although the compile fails, it also breaks the live system.
This is for all the ebuilds i've tried that have failed (including 1.2.9-r3)
Here is the sample output, including show of the merging of the failed compile:
-----------------------------------------------------------
make: *** [extensions/libipt_recent_sh.o] Error 1
gcc -O3 -march=pentium3 -funroll-loops -pipe -fno-stack-protector -Wall -Wunused -I/usr/src/linux/include -Iinclude/ -DIPTABLES_VERSION=\"1.2.11\" -fPIC -o extensions/libipt_recent_sh.o -c extensions/libipt_recent.c
In file included from include/libiptc/libiptc.h:6,
from include/iptables.h:5,
from extensions/libipt_recent.c:8:
/usr/src/linux/include/linux/netfilter_ipv4/ip_tables.h:255: warning: no semicolon at end of struct or union
/usr/src/linux/include/linux/netfilter_ipv4/ip_tables.h:255: error: syntax error before '*' token
/usr/src/linux/include/linux/netfilter_ipv4/ip_tables.h:259: error: syntax error before '}' token
/usr/src/linux/include/linux/netfilter_ipv4/ip_tables.h:339: warning: type defaults to `int' in declaration of `DECLARE_MUTEX'
/usr/src/linux/include/linux/netfilter_ipv4/ip_tables.h:339: warning: parameter names (without types) in function declaration
/usr/src/linux/include/linux/netfilter_ipv4/ip_tables.h:339: warning: `DECLARE_MUTEX' declared `static' but never defined
distcc[3135] ERROR: compile on distcc@roar/3 failed
make: *** [extensions/libipt_recent_sh.o] Error 1
cp: cannot stat `/usr/portage/net-firewall/iptables/files/iptables-1.2.11-r1.init': No such file or directory
install: cannot stat `/var/tmp/portage/iptables-1.2.11-r1/temp/iptables': No such file or directory
cp: cannot stat `/usr/portage/net-firewall/iptables/files/iptables-1.2.11-r1.confd': No such file or directory
install: cannot stat `/var/tmp/portage/iptables-1.2.11-r1/temp/iptables': No such file or directory
man:
prepallstrip:
strip:
>>> Completed installing into /var/tmp/portage/iptables-1.2.11-r1/image/
>>> Merging net-firewall/iptables-1.2.11-r1 to /
--- /etc/
--- /etc/conf.d/
--- /etc/init.d/
--- /var/
--- /var/lib/
--- /var/lib/iptables/
>>> /var/lib/iptables/.keep
--- /usr/
--- /usr/share/
--- /usr/share/doc/
>>> /usr/share/doc/iptables-1.2.11-r1/
>>> /usr/share/doc/iptables-1.2.11-r1/COPYING.gz
* This package now includes an initscript which loads and saves
* rules stored in /var/lib/iptables/rules-save
* This location can be changed in /etc/conf.d/iptables
*
* If you are using the iptables initsscript you should save your
* rules using the new iptables version before rebooting.
*
* If you are uprading to a >=2.4.21 kernel you may need to rebuild
* iptables.
*
* !!! ipforwarding is now not a part of the iptables initscripts.
* Until a more permanent solution is implemented adding the following
* to /etc/conf.d/local.start will enable ipforwarding at bootup:
* echo "1" > /proc/sys/net/ipv4/conf/all/forwarding
* Caching service dependencies...
>>> net-firewall/iptables-1.2.11-r1 merged.
net-firewall/iptables
selected: 1.2.9
protected: 1.2.11-r1
omitted: none
>>> 'Selected' packages are slated for removal.
>>> 'Protected' and 'omitted' packages will not be removed.
etc
etc (snip unmerging of GOOD compile, to be replaced with merge of failed compile)
Anyone know the problem here?
The *REALLY* annoying thing is that it still MERGES the incomplete compile into the live system and unmerges the old version. This means that although the compile fails, it also breaks the live system.
This is for all the ebuilds i've tried that have failed (including 1.2.9-r3)
Here is the sample output, including show of the merging of the failed compile:
-----------------------------------------------------------
make: *** [extensions/libipt_recent_sh.o] Error 1
gcc -O3 -march=pentium3 -funroll-loops -pipe -fno-stack-protector -Wall -Wunused -I/usr/src/linux/include -Iinclude/ -DIPTABLES_VERSION=\"1.2.11\" -fPIC -o extensions/libipt_recent_sh.o -c extensions/libipt_recent.c
In file included from include/libiptc/libiptc.h:6,
from include/iptables.h:5,
from extensions/libipt_recent.c:8:
/usr/src/linux/include/linux/netfilter_ipv4/ip_tables.h:255: warning: no semicolon at end of struct or union
/usr/src/linux/include/linux/netfilter_ipv4/ip_tables.h:255: error: syntax error before '*' token
/usr/src/linux/include/linux/netfilter_ipv4/ip_tables.h:259: error: syntax error before '}' token
/usr/src/linux/include/linux/netfilter_ipv4/ip_tables.h:339: warning: type defaults to `int' in declaration of `DECLARE_MUTEX'
/usr/src/linux/include/linux/netfilter_ipv4/ip_tables.h:339: warning: parameter names (without types) in function declaration
/usr/src/linux/include/linux/netfilter_ipv4/ip_tables.h:339: warning: `DECLARE_MUTEX' declared `static' but never defined
distcc[3135] ERROR: compile on distcc@roar/3 failed
make: *** [extensions/libipt_recent_sh.o] Error 1
cp: cannot stat `/usr/portage/net-firewall/iptables/files/iptables-1.2.11-r1.init': No such file or directory
install: cannot stat `/var/tmp/portage/iptables-1.2.11-r1/temp/iptables': No such file or directory
cp: cannot stat `/usr/portage/net-firewall/iptables/files/iptables-1.2.11-r1.confd': No such file or directory
install: cannot stat `/var/tmp/portage/iptables-1.2.11-r1/temp/iptables': No such file or directory
man:
prepallstrip:
strip:
>>> Completed installing into /var/tmp/portage/iptables-1.2.11-r1/image/
>>> Merging net-firewall/iptables-1.2.11-r1 to /
--- /etc/
--- /etc/conf.d/
--- /etc/init.d/
--- /var/
--- /var/lib/
--- /var/lib/iptables/
>>> /var/lib/iptables/.keep
--- /usr/
--- /usr/share/
--- /usr/share/doc/
>>> /usr/share/doc/iptables-1.2.11-r1/
>>> /usr/share/doc/iptables-1.2.11-r1/COPYING.gz
* This package now includes an initscript which loads and saves
* rules stored in /var/lib/iptables/rules-save
* This location can be changed in /etc/conf.d/iptables
*
* If you are using the iptables initsscript you should save your
* rules using the new iptables version before rebooting.
*
* If you are uprading to a >=2.4.21 kernel you may need to rebuild
* iptables.
*
* !!! ipforwarding is now not a part of the iptables initscripts.
* Until a more permanent solution is implemented adding the following
* to /etc/conf.d/local.start will enable ipforwarding at bootup:
* echo "1" > /proc/sys/net/ipv4/conf/all/forwarding
* Caching service dependencies...
>>> net-firewall/iptables-1.2.11-r1 merged.
net-firewall/iptables
selected: 1.2.9
protected: 1.2.11-r1
omitted: none
>>> 'Selected' packages are slated for removal.
>>> 'Protected' and 'omitted' packages will not be removed.
etc
etc (snip unmerging of GOOD compile, to be replaced with merge of failed compile)
Anyone know the problem here?
srob99
iptables-1.2.11-r1.ebuild emerges fine here on 2 boxes, a p3 and an athlon-xp.
One difference I can see is you use gentoo-dev-sources whereas I use development-sources - iptables uses the headers in your linux kernel source tree instead of those from the linux-headers package.
Also you've got -fno-stack-protector, not checked to see what this does, just pointing out differences.
Might be worth investigating before filing a bug report.
iptables-1.2.11-r1.ebuild emerges fine here on 2 boxes, a p3 and an athlon-xp.
One difference I can see is you use gentoo-dev-sources whereas I use development-sources - iptables uses the headers in your linux kernel source tree instead of those from the linux-headers package.
Also you've got -fno-stack-protector, not checked to see what this does, just pointing out differences.
Might be worth investigating before filing a bug report.
Jingle Jangle Jewellery