* Re: iptables-1.3.7 Requires ip_tables to be built as module
@ 2007-02-13 13:46 Harvey Muller
0 siblings, 0 replies; 8+ messages in thread
From: Harvey Muller @ 2007-02-13 13:46 UTC (permalink / raw)
To: netfilter
Graham,
Thanks, that's information I can use. I'll research the ebuilds to see what
the Gentoo devs did differently between versions.
I come from Gentoo userland, but am using LFS/CLFS variants lately to learn
more about what goes into the guts of building a distribution. So presently,
I can't lean on portage to do things automatically for me. But I'll check the
ebuilds out to see what I can learn.
Best regards,
Harvey
^ permalink raw reply [flat|nested] 8+ messages in thread
* iptables-1.3.7 Requires ip_tables to be built as module
@ 2007-02-15 19:49 Harvey Muller
0 siblings, 0 replies; 8+ messages in thread
From: Harvey Muller @ 2007-02-15 19:49 UTC (permalink / raw)
To: netfilter
Yasuyuki,
During the review, I noticed the inclusion of the load_iptables_ko function within the
compatible_revision function. Removal of the inclusion results in no error messages,
and testing of firewall doesn't seem to show adverse affects.
This is the patch I created for testing:
diff -Naur iptables-1.3.7.orig/ip6tables.c iptables-1.3.7/ip6tables.c
--- iptables-1.3.7.orig/ip6tables.c 2007-02-15 14:04:54.000000000 -0500
+++ iptables-1.3.7/ip6tables.c 2007-02-15 14:06:32.000000000 -0500
@@ -1120,8 +1120,6 @@
strcpy(rev.name, name);
rev.revision = revision;
- load_ip6tables_ko(modprobe);
-
max_rev = getsockopt(sockfd, IPPROTO_IPV6, opt, &rev, &s);
if (max_rev < 0) {
/* Definitely don't support this? */
diff -Naur iptables-1.3.7.orig/iptables.c iptables-1.3.7/iptables.c
--- iptables-1.3.7.orig/iptables.c 2007-02-15 14:04:54.000000000 -0500
+++ iptables-1.3.7/iptables.c 2007-02-15 14:06:09.000000000 -0500
@@ -1148,8 +1148,6 @@
exit(1);
}
- load_iptables_ko(modprobe);
-
strcpy(rev.name, name);
rev.revision = revision;
Best regards,
Harvey
^ permalink raw reply [flat|nested] 8+ messages in thread* iptables-1.3.7 Requires ip_tables to be built as module
@ 2007-02-15 18:41 Harvey Muller
0 siblings, 0 replies; 8+ messages in thread
From: Harvey Muller @ 2007-02-15 18:41 UTC (permalink / raw)
To: netfilter
Yasuyuki,
I did not see your post until Wednesday. I tried all the methods the Gentoo devs used in their ebuild,
but I still get the error, FATAL: module ip_tables not found.
I understand from your post that iptables is probably still working correctly despite the errors.
I've only begun to learn C, so much of the source I read is still unclear to me. But after reviewing iptables.c,
I believe the problem is related to function load_iptables_ko. It is the only new addition to the code that would
seem to be creating the problem.
Best regards,
Harvey
^ permalink raw reply [flat|nested] 8+ messages in thread
* iptables-1.3.7 Requires ip_tables to be built as module
@ 2007-02-12 19:49 Harvey Muller
2007-02-13 7:21 ` Graham Murray
0 siblings, 1 reply; 8+ messages in thread
From: Harvey Muller @ 2007-02-12 19:49 UTC (permalink / raw)
To: netfilter
Graham,
Assuming you've built ip_tables into the kernel (not as a module), then I'd be interested in learning the difference in the process you used to install iptables between versions 1.3.5 and 1.3.7. Version 1.3.5 works fine for me with kernel version 2.6.20 built in (not as a module). But when I use the same install process for 1.3.7, I get the error messages. And when I go back and configure ip_tables as a module, then the error message goes away, which is what one would expect.
Thanks,
Harvey
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: iptables-1.3.7 Requires ip_tables to be built as module
2007-02-12 19:49 Harvey Muller
@ 2007-02-13 7:21 ` Graham Murray
2007-02-13 7:47 ` Yasuyuki KOZAKAI
0 siblings, 1 reply; 8+ messages in thread
From: Graham Murray @ 2007-02-13 7:21 UTC (permalink / raw)
To: netfilter
Harvey Muller <hlmuller@yahoo.com> writes:
> Graham,
>
> Assuming you've built ip_tables into the kernel (not as a module),
> then I'd be interested in learning the difference in the process you
> used to install iptables between versions 1.3.5 and 1.3.7. Version
> 1.3.5 works fine for me with kernel version 2.6.20 built in (not as
> a module). But when I use the same install process for 1.3.7, I get
> the error messages. And when I go back and configure ip_tables as a
> module, then the error message goes away, which is what one would
> expect.
No difference at all. They are both built using the 'standard' Gentoo
ebuild system. In the kernel config I have both
CONFIG_IP_NF_IPTABLES=y and CONFIG_IP6_NF_IPTABLES=y, as well as all
the targets set to yes, all the parts of netfilter which I use are
built into the kernel, none are built as modules.
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: iptables-1.3.7 Requires ip_tables to be built as module
2007-02-13 7:21 ` Graham Murray
@ 2007-02-13 7:47 ` Yasuyuki KOZAKAI
0 siblings, 0 replies; 8+ messages in thread
From: Yasuyuki KOZAKAI @ 2007-02-13 7:47 UTC (permalink / raw)
To: graham; +Cc: netfilter
Hi,
From: Graham Murray <graham@gmurray.org.uk>
Date: Tue, 13 Feb 2007 07:21:58 +0000
> Harvey Muller <hlmuller@yahoo.com> writes:
>
> > Graham,
> >
> > Assuming you've built ip_tables into the kernel (not as a module),
> > then I'd be interested in learning the difference in the process you
> > used to install iptables between versions 1.3.5 and 1.3.7. Version
> > 1.3.5 works fine for me with kernel version 2.6.20 built in (not as
> > a module). But when I use the same install process for 1.3.7, I get
> > the error messages. And when I go back and configure ip_tables as a
> > module, then the error message goes away, which is what one would
> > expect.
>
> No difference at all. They are both built using the 'standard' Gentoo
> ebuild system. In the kernel config I have both
> CONFIG_IP_NF_IPTABLES=y and CONFIG_IP6_NF_IPTABLES=y, as well as all
> the targets set to yes, all the parts of netfilter which I use are
> built into the kernel, none are built as modules.
I've met same error message, too. iptables was build with NO_SHARED_LIBS=1,
and all kernel part is built-in kernel.
BTW, it should work fine even if error message is printed.
I saw the output of 'iptables -L -v -n' printed rules I inserted.
I'll check codes when I have anytime.
Regards,
-- Yasuyuki Kozakai
^ permalink raw reply [flat|nested] 8+ messages in thread
* iptables-1.3.7 Requires ip_tables to be built as module
@ 2007-02-12 15:23 Harvey Muller
2007-02-12 16:17 ` Graham Murray
0 siblings, 1 reply; 8+ messages in thread
From: Harvey Muller @ 2007-02-12 15:23 UTC (permalink / raw)
To: netfilter
This is a duplicate report, Freitas reported it first on this list Feb 2.
I'm using kernel version 2.6.20 on an x86 based system. Iptables emits
errors, "FATAL: module ip_tables not found" when ip_tables is built in the
kernel. The only workaround is to build ip_tables as a module.
If iptables is being developed to be used ONLY as a module, you might include
a note in the INSTALL document to alert the users.
Best regards,
Harvey
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: iptables-1.3.7 Requires ip_tables to be built as module
2007-02-12 15:23 Harvey Muller
@ 2007-02-12 16:17 ` Graham Murray
0 siblings, 0 replies; 8+ messages in thread
From: Graham Murray @ 2007-02-12 16:17 UTC (permalink / raw)
To: netfilter
Harvey Muller <hlmuller@yahoo.com> writes:
> I'm using kernel version 2.6.20 on an x86 based system. Iptables emits
> errors, "FATAL: module ip_tables not found" when ip_tables is built in the
> kernel. The only workaround is to build ip_tables as a module.
I too am running kernel 2.6.20 and running iptables 1.3.7 and have all
of the iptables features built into the kernel and it works with no
problems or error messages.
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2007-02-15 19:49 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2007-02-13 13:46 iptables-1.3.7 Requires ip_tables to be built as module Harvey Muller
-- strict thread matches above, loose matches on Subject: below --
2007-02-15 19:49 Harvey Muller
2007-02-15 18:41 Harvey Muller
2007-02-12 19:49 Harvey Muller
2007-02-13 7:21 ` Graham Murray
2007-02-13 7:47 ` Yasuyuki KOZAKAI
2007-02-12 15:23 Harvey Muller
2007-02-12 16:17 ` Graham Murray
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.