Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

FS#711 - iptables 600-shared-libext.patch broken and incomplete #6195

Closed
openwrt-bot opened this issue Apr 13, 2017 · 9 comments
Closed

FS#711 - iptables 600-shared-libext.patch broken and incomplete #6195

openwrt-bot opened this issue Apr 13, 2017 · 9 comments
Labels
flyspray

Comments

@openwrt-bot
Copy link

nwf:

Building LEDE HEAD (but, I think, anything after 5e2d15b) fails with various and exciting errors if IPTABLES_NFTABLES is turned on.

For starters, 600-shared-libext.patch erroneously changes ${libext_ebt_objs} to ${libext_ebt__objs} and similarly for ${libext_arpt_objs}, resulting in missing .o files and a subsequent link failure. Fixing that, however, reveals that the xtables-compat-multi dependencies are still referring to .a files, not the .so-s that actually get built.
@openwrt-bot
Copy link
Author

manusfreedom:

I confirm, I am unable to compile with IPTABLES_NFTABLES, linked to commit 98e43b1.
And now rules with "-m state --state NEW" does not work.

Edit: Sorry "-m state --state NEW" is now "-m conntrack --ctstate NEW"

@openwrt-bot
Copy link
Author

jow-:

"-m state --state NEW" must be replaced with "-m conntrack --ctstate NEW"

@openwrt-bot
Copy link
Author

manusfreedom:

Yes like I added in my edit.
But the initial problem persist, we are unable to compile with IPTABLES_NFTABLES.

@openwrt-bot
Copy link
Author

Xorkle:

Hi!

Exact same issue here. :(

@openwrt-bot
Copy link
Author

davidkongri:

Hi, I happen exactly the same, even reversing the commit 5e2d15b fails to compile.

@openwrt-bot
Copy link
Author

flipreverse:

Hi Folks,

I've been able to fix that issue. At least for my scenario.
Due to some reasons, the LEDE iptables maintainer decided to turn various auxiliary libraries, e.g., libext, into shared libraries (instead of a static one). To do so, they've written a patch to modify the appropriate makefile.am file. Those changes can be found in ./package/network/utils/iptables/patches/600-shared-libext.patch.
However, the iptables maintainter more or less recently added another target called xtables_compat_multi. Guess what, that target relies on static libraries instead of shared libraries as the origin iptables project used to do.
To overcome that issue, I've added the following lines to the aforementioned patch file:

nftables compatibility layer

if ENABLE_NFTABLES
BUILT_SOURCES += xtables-config-parser.h
xtables_compat_multi_SOURCES = xtables-compat-multi.c iptables-xml.c
xtables_compat_multi_CFLAGS = ${AM_CFLAGS}
-xtables_compat_multi_LDADD = ../extensions/libext.a ../extensions/libext_ebt.a
+xtables_compat_multi_LDADD =
+xtables_compat_multi_LDFLAGS = -L../extensions/ -liptext -liptext_ebt

Et voilá, the issue is fixed.
Can one of the maintainers please confirm my fix?

Regards,
Alex

@openwrt-bot
Copy link
Author

davidkongri:

Hi Alex, I have modified the patch 600-shared-libext.patch with your modifications, but I still have the same compilation error. Could you upload your 600-shared-libext.patch file with your modifications?

@openwrt-bot
Copy link
Author

davidkongri:

In my case the error that throws me when compiling is the following one: " *** No rule to make target '../extensions/libext.a', needed by 'xtables-compat-multi'. "

@openwrt-bot
Copy link
Author

blmink:

Hi, All.

Please see attached patch. It helps in my case.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
flyspray
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@openwrt-bot