- Status Closed
- Percent Complete
- Task Type Bug Report
- Category Base system
-
Assigned To
Hans Dedecker - Operating System All
- Severity Low
- Priority Very Low
- Reported Version Trunk
- Due in Version Undecided
-
Due Date
Undecided
- Private
Attached to Project: OpenWrt/LEDE Project
Opened by Nathaniel Wesley Filardo - 13.04.2017
Last edited by Hans Dedecker - 29.12.2017
Opened by Nathaniel Wesley Filardo - 13.04.2017
Last edited by Hans Dedecker - 29.12.2017
FS#711 - iptables 600-shared-libext.patch broken and incomplete
Building LEDE HEAD (but, I think, anything after 5e2d15b4a6fc979497b252c617c4b353d6c84fa2) fails with various and exciting errors if IPTABLES_NFTABLES is turned on.
For starters, 600-shared-libext.patch erroneously changes ${libext_ebt_objs} to ${libext_ebt__objs} and similarly for ${libext_arpt_objs}, resulting in missing .o files and a subsequent link failure. Fixing that, however, reveals that the xtables-compat-multi dependencies are still referring to .a files, not the .so-s that actually get built.
Closed by Hans Dedecker
29.12.2017 17:21
Reason for closing: Fixed
Additional comments about closing:
29.12.2017 17:21
Reason for closing: Fixed
Additional comments about closing:
Fixed in https://git.lede- project.org/?p=source.git;a=commit;h=0f7 2690a2df92d8701b96c55c870be22704cc7c7
I confirm, I am unable to compile with IPTABLES_NFTABLES, linked to commit 98e43b13a7f0f747d4625ba0209ba37ae22f3b48.
And now rules with "-m state –state NEW" does not work.
Edit: Sorry "-m state –state NEW" is now "-m conntrack –ctstate NEW"
"-m state –state NEW" must be replaced with "-m conntrack –ctstate NEW"
Yes like I added in my edit.
But the initial problem persist, we are unable to compile with IPTABLES_NFTABLES.
Hi!
Exact same issue here. :(
Hi, I happen exactly the same, even reversing the commit 5e2d15b4a6fc979497b252c617c4b353d6c84fa2 fails to compile.
Hi Folks,
I've been able to fix that issue. At least for my scenario.
Due to some reasons, the LEDE iptables maintainer decided to turn various auxiliary libraries, e.g., libext, into shared libraries (instead of a static one). To do so, they've written a patch to modify the appropriate makefile.am file. Those changes can be found in ./package/network/utils/iptables/patches/600-shared-libext.patch.
However, the iptables maintainter more or less recently added another target called xtables_compat_multi. Guess what, that target relies on static libraries instead of shared libraries as the origin iptables project used to do.
To overcome that issue, I've added the following lines to the aforementioned patch file:
# nftables compatibility layer
if ENABLE_NFTABLES
BUILT_SOURCES += xtables-config-parser.h
xtables_compat_multi_SOURCES = xtables-compat-multi.c iptables-xml.c
xtables_compat_multi_CFLAGS = ${AM_CFLAGS}
-xtables_compat_multi_LDADD = ../extensions/libext.a ../extensions/libext_ebt.a
+xtables_compat_multi_LDADD =
+xtables_compat_multi_LDFLAGS = -L../extensions/ -liptext -liptext_ebt
Et voilá, the issue is fixed.
Can one of the maintainers please confirm my fix?
Regards,
Alex
Hi Alex, I have modified the patch 600-shared-libext.patch with your modifications, but I still have the same compilation error. Could you upload your 600-shared-libext.patch file with your modifications?
In my case the error that throws me when compiling is the following one: " *** No rule to make target '../extensions/libext.a', needed by 'xtables-compat-multi'. "
Hi, All.
Please see attached patch. It helps in my case.