* [ANNOUNCE] ipset 7.8 released
@ 2020-11-19 20:48 Jozsef Kadlecsik
2020-11-19 21:10 ` Jan Engelhardt
2020-12-04 12:47 ` Ed W
0 siblings, 2 replies; 10+ messages in thread
From: Jozsef Kadlecsik @ 2020-11-19 20:48 UTC (permalink / raw)
To: netfilter, netfilter-devel
Hi,
I'm happy to announce ipset 7.8 which includes a couple of fixes,
compatibility fixes. Small improvements like the new flags of the hash:*
types make possible to optimize sets for speed or memory and to restore
exactly the same set (from internal structure point of view) as the saved
one.
Kernel part changes:
- Complete backward compatibility fix for package copy of
<linux/jhash.h>
- Compatibility: check for kvzalloc() and GFP_KERNEL_ACCOUNT
- netfilter: ipset: enable memory accounting for ipset allocations
(Vasily Averin)
- netfilter: ipset: prevent uninit-value in hash_ip6_add (Eric Dumazet)
- Compatibility: use skb_policy() from if_vlan.h if available
- Compatibility: Check for the fourth arg of list_for_each_entry_rcu()
- Backward compatibility fix for the package copy of <linux/jhash.h>
ipset 7.7 was released without announcement, so the changelogs are listed
here for the sake of completeness:
Userspace changes:
- Expose the initval hash parameter to userspace
- Handle all variable header parts in helper scripts instead ot test
tasks
- Add bucketsize parameter to all hash types
- Support the -exist flag with the destroy command
Kernel part changes:
- Expose the initval hash parameter to userspace
- Add bucketsize parameter to all hash types
- Use fallthrough pseudo-keyword in the package copy of <linux/jhash.h>
too
- Support the -exist flag with the destroy command
- netfilter: Use fallthrough pseudo-keyword (Gustavo A. R. Silva)
- netfilter: Replace zero-length array with flexible-array member
(Gustavo A. R. Silva)
- netfilter: ipset: call ip_set_free() instead of kfree() (Eric Dumazet)
- netfiler: ipset: fix unaligned atomic access (Russell King)
- netfilter: ipset: Fix subcounter update skip (Phil Sutter)
- ipset: Update byte and packet counters regardless of whether they
match (Stefano Brivio)
- netfilter: ipset: Pass lockdep expression to RCU lists (Amol Grover)
- ip_set: Fix compatibility with kernels between v3.3 and v4.5
(Serhey Popovych)
- ip_set: Fix build on kernels without INIT_DEFERRABLE_WORK
(Serhey Popovych)
- ipset: Support kernels with at least system_wq support
- ip_set: Fix build on kernels without system_power_efficient_wq
(Serhey Popovych)
You can download the source code of ipset from:
http://ipset.netfilter.org
ftp://ftp.netfilter.org/pub/ipset/
git://git.netfilter.org/ipset.git
Best regards,
Jozsef
-
E-mail : kadlec@blackhole.kfki.hu, kadlecsik.jozsef@wigner.hu
PGP key : https://wigner.hu/~kadlec/pgp_public_key.txt
Address : Wigner Research Centre for Physics
H-1525 Budapest 114, POB. 49, Hungary
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [ANNOUNCE] ipset 7.8 released
2020-11-19 20:48 [ANNOUNCE] ipset 7.8 released Jozsef Kadlecsik
@ 2020-11-19 21:10 ` Jan Engelhardt
2020-11-19 21:46 ` Jozsef Kadlecsik
2020-12-04 12:47 ` Ed W
1 sibling, 1 reply; 10+ messages in thread
From: Jan Engelhardt @ 2020-11-19 21:10 UTC (permalink / raw)
To: Jozsef Kadlecsik; +Cc: netfilter, netfilter-devel
On Thursday 2020-11-19 21:48, Jozsef Kadlecsik wrote:
>
>I'm happy to announce ipset 7.8 which includes a couple of fixes,
>compatibility fixes. Small improvements like the new flags of the hash:*
>types make possible to optimize sets for speed or memory and to restore
>exactly the same set (from internal structure point of view) as the saved
>one.
LIBVERSION changed from 14:0:1 (ipset 7.6) to 14:1:2,
producing libipset.so.13 (7.6) and now libipset.so.12
That seems incorrect! It should have been
- 14:0:1 (no changes)
- 15:0:2 (compatible changes)
- 15:0:0 (incompatible changes)
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [ANNOUNCE] ipset 7.8 released
2020-11-19 21:10 ` Jan Engelhardt
@ 2020-11-19 21:46 ` Jozsef Kadlecsik
2020-11-19 22:07 ` Jan Engelhardt
0 siblings, 1 reply; 10+ messages in thread
From: Jozsef Kadlecsik @ 2020-11-19 21:46 UTC (permalink / raw)
To: Jan Engelhardt; +Cc: netfilter, netfilter-devel
Hi Jan,
On Thu, 19 Nov 2020, Jan Engelhardt wrote:
> LIBVERSION changed from 14:0:1 (ipset 7.6) to 14:1:2,
> producing libipset.so.13 (7.6) and now libipset.so.12
>
> That seems incorrect! It should have been
> - 14:0:1 (no changes)
> - 15:0:2 (compatible changes)
> - 15:0:0 (incompatible changes)
Oh, my. It should be 15:0:2 (compatible changes). I dunno how many times I
can mix it up, this numbering scheme is simply alien to my brain wiring.
I released 7.9. Thanks for the quick feedback!
Best regards,
Jozsef
-
E-mail : kadlec@blackhole.kfki.hu, kadlecsik.jozsef@wigner.hu
PGP key : https://wigner.hu/~kadlec/pgp_public_key.txt
Address : Wigner Research Centre for Physics
H-1525 Budapest 114, POB. 49, Hungary
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [ANNOUNCE] ipset 7.8 released
2020-11-19 21:46 ` Jozsef Kadlecsik
@ 2020-11-19 22:07 ` Jan Engelhardt
2020-11-20 3:01 ` Neutron Soutmun
0 siblings, 1 reply; 10+ messages in thread
From: Jan Engelhardt @ 2020-11-19 22:07 UTC (permalink / raw)
To: Jozsef Kadlecsik; +Cc: netfilter, netfilter-devel
On Thursday 2020-11-19 22:46, Jozsef Kadlecsik wrote:
>Hi Jan,
>
>On Thu, 19 Nov 2020, Jan Engelhardt wrote:
>
>> LIBVERSION changed from 14:0:1 (ipset 7.6) to 14:1:2,
>> producing libipset.so.13 (7.6) and now libipset.so.12
>>
>> That seems incorrect! It should have been
>> - 14:0:1 (no changes)
>> - 15:0:2 (compatible changes)
>> - 15:0:0 (incompatible changes)
>
>Oh, my. It should be 15:0:2 (compatible changes). I dunno how many times I
>can mix it up, this numbering scheme is simply alien to my brain wiring.
If in doubt, always use :0:0 --- and make a mental note of exactly the
:0:0 requirement in Make_global.am. :-)
Distros can always rebuild transitively. They have to do that anyway for
things like /usr/lib64/libbfd-2.35.0.20200915-1.so (with a date, it
could change daily anyway). But recovering from a backjumping lib...
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [ANNOUNCE] ipset 7.8 released
2020-11-19 22:07 ` Jan Engelhardt
@ 2020-11-20 3:01 ` Neutron Soutmun
2020-11-20 8:07 ` Jozsef Kadlecsik
0 siblings, 1 reply; 10+ messages in thread
From: Neutron Soutmun @ 2020-11-20 3:01 UTC (permalink / raw)
To: Jan Engelhardt; +Cc: Jozsef Kadlecsik, netfilter, netfilter-devel
Hi,
For the ipset 7.9, I found the released download url is
http://ipset.netfilter.org/ipset-7.9.tar.bz2,
however, it's previous releases are in http://ftp.netfilter.org/pub/ipset/
The Debian has the tool to detect the new release with package watch [1] file.
Could you please consider uploading the new release to the
fpt.netfiler.org/pub/ipset also.
Best regards,
Neutron Soutmun
---
[1] https://salsa.debian.org/pkg-netfilter-team/pkg-ipset/-/blob/debian/master/debian/watch
On Fri, Nov 20, 2020 at 5:09 AM Jan Engelhardt <jengelh@inai.de> wrote:
>
> On Thursday 2020-11-19 22:46, Jozsef Kadlecsik wrote:
>
> >Hi Jan,
> >
> >On Thu, 19 Nov 2020, Jan Engelhardt wrote:
> >
> >> LIBVERSION changed from 14:0:1 (ipset 7.6) to 14:1:2,
> >> producing libipset.so.13 (7.6) and now libipset.so.12
> >>
> >> That seems incorrect! It should have been
> >> - 14:0:1 (no changes)
> >> - 15:0:2 (compatible changes)
> >> - 15:0:0 (incompatible changes)
> >
> >Oh, my. It should be 15:0:2 (compatible changes). I dunno how many times I
> >can mix it up, this numbering scheme is simply alien to my brain wiring.
>
> If in doubt, always use :0:0 --- and make a mental note of exactly the
> :0:0 requirement in Make_global.am. :-)
>
> Distros can always rebuild transitively. They have to do that anyway for
> things like /usr/lib64/libbfd-2.35.0.20200915-1.so (with a date, it
> could change daily anyway). But recovering from a backjumping lib...
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [ANNOUNCE] ipset 7.8 released
2020-11-20 3:01 ` Neutron Soutmun
@ 2020-11-20 8:07 ` Jozsef Kadlecsik
2020-11-20 13:18 ` Neutron Soutmun
0 siblings, 1 reply; 10+ messages in thread
From: Jozsef Kadlecsik @ 2020-11-20 8:07 UTC (permalink / raw)
To: Neutron Soutmun; +Cc: Jan Engelhardt, netfilter, netfilter-devel
Hi,
On Fri, 20 Nov 2020, Neutron Soutmun wrote:
> For the ipset 7.9, I found the released download url is
> http://ipset.netfilter.org/ipset-7.9.tar.bz2, however, it's previous
> releases are in http://ftp.netfilter.org/pub/ipset/
>
> The Debian has the tool to detect the new release with package watch [1]
> file. Could you please consider uploading the new release to the
> fpt.netfiler.org/pub/ipset also.
It has been fixed. Please note, I switched from md5 to sha512 at
generating the checksum file, so the filename is changed accordingly to
<packagename>.sha512sum.txt.
Best regards,
Jozsef
-
E-mail : kadlec@blackhole.kfki.hu, kadlecsik.jozsef@wigner.hu
PGP key : https://wigner.hu/~kadlec/pgp_public_key.txt
Address : Wigner Research Centre for Physics
H-1525 Budapest 114, POB. 49, Hungary
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [ANNOUNCE] ipset 7.8 released
2020-11-20 8:07 ` Jozsef Kadlecsik
@ 2020-11-20 13:18 ` Neutron Soutmun
0 siblings, 0 replies; 10+ messages in thread
From: Neutron Soutmun @ 2020-11-20 13:18 UTC (permalink / raw)
To: Jozsef Kadlecsik; +Cc: Jan Engelhardt, netfilter, netfilter-devel
Hi,
On Fri, Nov 20, 2020 at 3:07 PM Jozsef Kadlecsik <kadlec@netfilter.org> wrote:
>
> Hi,
>
> On Fri, 20 Nov 2020, Neutron Soutmun wrote:
>
> > For the ipset 7.9, I found the released download url is
> > http://ipset.netfilter.org/ipset-7.9.tar.bz2, however, it's previous
> > releases are in http://ftp.netfilter.org/pub/ipset/
> >
> > The Debian has the tool to detect the new release with package watch [1]
> > file. Could you please consider uploading the new release to the
> > fpt.netfiler.org/pub/ipset also.
>
> It has been fixed. Please note, I switched from md5 to sha512 at
> generating the checksum file, so the filename is changed accordingly to
> <packagename>.sha512sum.txt.
Noted and thanks a lot.
Best regards,
Neutron Soutmun
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [ANNOUNCE] ipset 7.8 released
2020-11-19 20:48 [ANNOUNCE] ipset 7.8 released Jozsef Kadlecsik
2020-11-19 21:10 ` Jan Engelhardt
@ 2020-12-04 12:47 ` Ed W
2020-12-07 14:54 ` Jozsef Kadlecsik
1 sibling, 1 reply; 10+ messages in thread
From: Ed W @ 2020-12-04 12:47 UTC (permalink / raw)
To: Jozsef Kadlecsik, netfilter, netfilter-devel
Hi, I'm having some difficulty compiling ipset 7.9 in kernel 4.14.78 as provided by Variscite for an
arm board
I've trimmed the build log and errors, but it seems to revolve around:
Pre kernel 4.18 the header
./include/linux/ipc.h
would include
./include/linux/rhashtable.h
(later it includes rhashtable-types.h)
This in turn draws in the jhash.c copy, which in turn includes ip_set_compat.h, which then causes
some errors due to drawing in things where we haven't yet finished reading all the header files
I'm not sure how to work around the compile fail in ipset-7.9? I agree I can't rule it out to be a
problem due to the vendor kernel, but the include tree seems to point clearly to the issue above in
ipc.h
Note: ipset7.7 gives me errors about
error: 'fallthrough' undeclared
Which seems fair enough given the age of my kernel. I could probably fix this
ipset 7.6 compiles ok for me.
Any guidance please?
Thanks
Ed W
make[1]: Entering directory '/var/embedded/src/linux-kernel'
CC [M] /var/tmp/portage/net-firewall/ipset-7.9/work/ipset-7.9/kernel/net/netfilter/xt_set.o
CC [M] /var/tmp/portage/net-firewall/ipset-7.9/work/ipset-7.9/kernel/net/sched/em_ipset.o
CC [M]
/var/tmp/portage/net-firewall/ipset-7.9/work/ipset-7.9/kernel/net/netfilter/ipset/ip_set_core.o
CC [M]
/var/tmp/portage/net-firewall/ipset-7.9/work/ipset-7.9/kernel/net/netfilter/ipset/ip_set_getport.o
CC [M] /var/tmp/portage/net-firewall/ipset-7.9/work/ipset-7.9/kernel/net/netfilter/ipset/pfxlen.o
CC [M]
/var/tmp/portage/net-firewall/ipset-7.9/work/ipset-7.9/kernel/net/netfilter/ipset/ip_set_bitmap_ip.o
CC [M]
/var/tmp/portage/net-firewall/ipset-7.9/work/ipset-7.9/kernel/net/netfilter/ipset/ip_set_bitmap_ipmac.o
CC [M]
/var/tmp/portage/net-firewall/ipset-7.9/work/ipset-7.9/kernel/net/netfilter/ipset/ip_set_bitmap_port.o
CC [M]
/var/tmp/portage/net-firewall/ipset-7.9/work/ipset-7.9/kernel/net/netfilter/ipset/ip_set_hash_ip.o
CC [M]
/var/tmp/portage/net-firewall/ipset-7.9/work/ipset-7.9/kernel/net/netfilter/ipset/ip_set_hash_ipport.o
CC [M]
/var/tmp/portage/net-firewall/ipset-7.9/work/ipset-7.9/kernel/net/netfilter/ipset/ip_set_hash_ipportip.o
CC [M]
/var/tmp/portage/net-firewall/ipset-7.9/work/ipset-7.9/kernel/net/netfilter/ipset/ip_set_hash_ipportnet.o
CC [M]
/var/tmp/portage/net-firewall/ipset-7.9/work/ipset-7.9/kernel/net/netfilter/ipset/ip_set_hash_ipmac.o
CC [M]
/var/tmp/portage/net-firewall/ipset-7.9/work/ipset-7.9/kernel/net/netfilter/ipset/ip_set_hash_ipmark.o
CC [M]
/var/tmp/portage/net-firewall/ipset-7.9/work/ipset-7.9/kernel/net/netfilter/ipset/ip_set_hash_net.o
CC [M]
/var/tmp/portage/net-firewall/ipset-7.9/work/ipset-7.9/kernel/net/netfilter/ipset/ip_set_hash_netport.o
CC [M]
/var/tmp/portage/net-firewall/ipset-7.9/work/ipset-7.9/kernel/net/netfilter/ipset/ip_set_hash_netiface.o
CC [M]
/var/tmp/portage/net-firewall/ipset-7.9/work/ipset-7.9/kernel/net/netfilter/ipset/ip_set_hash_netnet.o
CC [M]
/var/tmp/portage/net-firewall/ipset-7.9/work/ipset-7.9/kernel/net/netfilter/ipset/ip_set_hash_netportnet.o
CC [M]
/var/tmp/portage/net-firewall/ipset-7.9/work/ipset-7.9/kernel/net/netfilter/ipset/ip_set_hash_mac.o
CC [M]
/var/tmp/portage/net-firewall/ipset-7.9/work/ipset-7.9/kernel/net/netfilter/ipset/ip_set_list_set.o
In file included from ./include/linux/netlink.h:9,
from
/var/tmp/portage/net-firewall/ipset-7.9/work/ipset-7.9/kernel/include/linux/netfilter/ipset/ip_set_compat.h:95,
from
/var/tmp/portage/net-firewall/ipset-7.9/work/ipset-7.9/kernel/include/linux/jhash.h:3,
from ./include/linux/rhashtable.h:24,
from ./include/linux/ipc.h:7,
from ./include/uapi/linux/sem.h:5,
from ./include/linux/sem.h:9,
from ./include/linux/sched.h:15,
from ./include/linux/uaccess.h:5,
from ./include/net/checksum.h:25,
from ./include/linux/skbuff.h:31,
from
/var/tmp/portage/net-firewall/ipset-7.9/work/ipset-7.9/kernel/net/sched/em_ipset.c:16:
./include/net/scm.h: In function 'scm_send':
./include/net/scm.h:84:21: error: implicit declaration of function 'task_tgid'; did you mean
'task_uid'? [-Werror=implicit-function-declaration]
84 | scm_set_cred(scm, task_tgid(current), current_uid(), current_gid());
| ^~~~~~~~~
| task_uid
In file included from ./include/linux/srcu.h:33,
from ./include/linux/notifier.h:16,
from ./include/linux/memory_hotplug.h:7,
from ./include/linux/mmzone.h:782,
from ./include/linux/gfp.h:6,
from
/var/tmp/portage/net-firewall/ipset-7.9/work/ipset-7.9/kernel/net/sched/em_ipset.c:11:
./include/linux/cred.h:276:35: error: dereferencing pointer to incomplete type 'struct task_struct'
276 | rcu_dereference_protected(current->cred, 1)
| ^~
./include/linux/rcupdate.h:358:12: note: in definition of macro '__rcu_dereference_protected'
358 | ((typeof(*p) __force __kernel *)(p)); \
| ^
./include/linux/cred.h:276:2: note: in expansion of macro 'rcu_dereference_protected'
276 | rcu_dereference_protected(current->cred, 1)
| ^~~~~~~~~~~~~~~~~~~~~~~~~
./include/linux/cred.h:354:2: note: in expansion of macro 'current_cred'
354 | current_cred()->xxx; \
| ^~~~~~~~~~~~
./include/linux/cred.h:357:25: note: in expansion of macro 'current_cred_xxx'
357 | #define current_uid() (current_cred_xxx(uid))
| ^~~~~~~~~~~~~~~~
./include/net/scm.h:84:41: note: in expansion of macro 'current_uid'
84 | scm_set_cred(scm, task_tgid(current), current_uid(), current_gid());
| ^~~~~~~~~~~
In file included from ./include/linux/netlink.h:9,
from
/var/tmp/portage/net-firewall/ipset-7.9/work/ipset-7.9/kernel/include/linux/netfilter/ipset/ip_set_compat.h:95,
from
/var/tmp/portage/net-firewall/ipset-7.9/work/ipset-7.9/kernel/include/linux/jhash.h:3,
from ./include/linux/rhashtable.h:24,
from ./include/linux/ipc.h:7,
from ./include/uapi/linux/sem.h:5,
from ./include/linux/sem.h:9,
from ./include/linux/sched.h:15,
from ./include/linux/uaccess.h:5,
from ./include/net/checksum.h:25,
from ./include/linux/skbuff.h:31,
from
/var/tmp/portage/net-firewall/ipset-7.9/work/ipset-7.9/kernel/net/sched/em_ipset.c:16:
./include/net/scm.h:84:21: warning: passing argument 2 of 'scm_set_cred' makes pointer from integer
without a cast [-Wint-conversion]
84 | scm_set_cred(scm, task_tgid(current), current_uid(), current_gid());
| ^~~~~~~~~~~~~~~~~~
| |
| int
./include/net/scm.h:56:21: note: expected 'struct pid *' but argument is of type 'int'
56 | struct pid *pid, kuid_t uid, kgid_t gid)
| ~~~~~~~~~~~~^~~
In file included from
/var/tmp/portage/net-firewall/ipset-7.9/work/ipset-7.9/kernel/include/linux/netfilter/ipset/ip_set_compat.h:95,
from
/var/tmp/portage/net-firewall/ipset-7.9/work/ipset-7.9/kernel/include/linux/jhash.h:3,
from ./include/linux/rhashtable.h:24,
from ./include/linux/ipc.h:7,
from ./include/uapi/linux/sem.h:5,
from ./include/linux/sem.h:9,
from ./include/linux/sched.h:15,
from ./include/linux/uaccess.h:5,
from ./include/net/checksum.h:25,
from ./include/linux/skbuff.h:31,
from
/var/tmp/portage/net-firewall/ipset-7.9/work/ipset-7.9/kernel/net/sched/em_ipset.c:16:
./include/linux/netlink.h: In function 'nlmsg_hdr':
./include/linux/netlink.h:16:31: error: dereferencing pointer to incomplete type 'const struct sk_buff'
16 | return (struct nlmsghdr *)skb->data;
| ^~
./include/linux/netlink.h: In function 'netlink_skb_clone':
./include/linux/netlink.h:147:9: error: implicit declaration of function 'skb_clone'
[-Werror=implicit-function-declaration]
147 | nskb = skb_clone(skb, gfp_mask);
| ^~~~~~~~~
./include/linux/netlink.h:147:7: warning: assignment to 'struct sk_buff *' from 'int' makes pointer
from integer without a cast [-Wint-conversion]
147 | nskb = skb_clone(skb, gfp_mask);
| ^
./include/linux/netlink.h:152:25: error: dereferencing pointer to incomplete type 'struct sk_buff'
152 | if (is_vmalloc_addr(skb->head))
| ^~
In file included from ./include/linux/uaccess.h:5,
from ./include/net/checksum.h:25,
from ./include/linux/skbuff.h:31,
from
/var/tmp/portage/net-firewall/ipset-7.9/work/ipset-7.9/kernel/net/sched/em_ipset.c:16:
./include/linux/sched.h: At top level:
./include/linux/sched.h:1163:27: error: conflicting types for 'task_tgid'
1163 | static inline struct pid *task_tgid(struct task_struct *task)
| ^~~~~~~~~
In file included from ./include/linux/netlink.h:9,
from
/var/tmp/portage/net-firewall/ipset-7.9/work/ipset-7.9/kernel/include/linux/netfilter/ipset/ip_set_compat.h:95,
from
/var/tmp/portage/net-firewall/ipset-7.9/work/ipset-7.9/kernel/include/linux/jhash.h:3,
from ./include/linux/rhashtable.h:24,
from ./include/linux/ipc.h:7,
from ./include/uapi/linux/sem.h:5,
from ./include/linux/sem.h:9,
from ./include/linux/sched.h:15,
from ./include/linux/uaccess.h:5,
from ./include/net/checksum.h:25,
from ./include/linux/skbuff.h:31,
from
/var/tmp/portage/net-firewall/ipset-7.9/work/ipset-7.9/kernel/net/sched/em_ipset.c:16:
./include/net/scm.h:84:21: note: previous implicit declaration of 'task_tgid' was here
84 | scm_set_cred(scm, task_tgid(current), current_uid(), current_gid());
| ^~~~~~~~~
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [ANNOUNCE] ipset 7.8 released
2020-12-04 12:47 ` Ed W
@ 2020-12-07 14:54 ` Jozsef Kadlecsik
[not found] ` <701adbbb-202a-4ee4-ce2e-ecaaed6dc3b5@wildgooses.com>
0 siblings, 1 reply; 10+ messages in thread
From: Jozsef Kadlecsik @ 2020-12-07 14:54 UTC (permalink / raw)
To: Ed W; +Cc: netfilter, netfilter-devel
[-- Attachment #1: Type: text/plain, Size: 4884 bytes --]
Hi,
On Fri, 4 Dec 2020, Ed W wrote:
> Hi, I'm having some difficulty compiling ipset 7.9 in kernel 4.14.78 as
> provided by Variscite for an arm board
>
> I've trimmed the build log and errors, but it seems to revolve around:
>
> Pre kernel 4.18 the header
>
> ./include/linux/ipc.h
>
> would include
>
> ./include/linux/rhashtable.h
>
> (later it includes rhashtable-types.h)
>
> This in turn draws in the jhash.c copy, which in turn includes
> ip_set_compat.h, which then causes some errors due to drawing in things
> where we haven't yet finished reading all the header files
>
> I'm not sure how to work around the compile fail in ipset-7.9? I agree I
> can't rule it out to be a problem due to the vendor kernel, but the
> include tree seems to point clearly to the issue above in ipc.h
>
>
> Note: ipset7.7 gives me errors about
>
> error: 'fallthrough' undeclared
>
> Which seems fair enough given the age of my kernel. I could probably fix this
That is fixed in 7.9.
> ipset 7.6 compiles ok for me.
>
> Any guidance please?
Please give a try to the next patch on top of ipset 7.9: it separates the
compiler compatibility stuff from the kernel compatibility part and that
helps to resolve the include file issue.
diff --git a/.gitignore b/.gitignore
index 46a78dd..0e8a087 100644
--- a/.gitignore
+++ b/.gitignore
@@ -20,6 +20,7 @@ Makefile.in
Module.symvers
modules.order
kernel/include/linux/netfilter/ipset/ip_set_compat.h
+kernel/include/linux/netfilter/ipset/ip_set_compiler.h
/aclocal.m4
/autom4te.cache/
diff --git a/configure.ac b/configure.ac
index 1086de3..2f06590 100644
--- a/configure.ac
+++ b/configure.ac
@@ -851,7 +851,8 @@ dnl Checks for library functions.
dnl Generate output
AC_CONFIG_FILES([Makefile include/libipset/Makefile
lib/Makefile lib/libipset.pc src/Makefile utils/Makefile
- kernel/include/linux/netfilter/ipset/ip_set_compat.h])
+ kernel/include/linux/netfilter/ipset/ip_set_compat.h
+ kernel/include/linux/netfilter/ipset/ip_set_compiler.h])
AC_OUTPUT
dnl Summary
diff --git a/kernel/include/linux/jhash.h b/kernel/include/linux/jhash.h
index 8df77ec..d144e33 100644
--- a/kernel/include/linux/jhash.h
+++ b/kernel/include/linux/jhash.h
@@ -1,6 +1,6 @@
#ifndef _LINUX_JHASH_H
#define _LINUX_JHASH_H
-#include <linux/netfilter/ipset/ip_set_compat.h>
+#include <linux/netfilter/ipset/ip_set_compiler.h>
/* jhash.h: Jenkins hash support.
*
diff --git a/kernel/include/linux/netfilter/ipset/ip_set_compat.h.in b/kernel/include/linux/netfilter/ipset/ip_set_compat.h.in
index 8f00e6a..bf99bc0 100644
--- a/kernel/include/linux/netfilter/ipset/ip_set_compat.h.in
+++ b/kernel/include/linux/netfilter/ipset/ip_set_compat.h.in
@@ -519,18 +519,5 @@ static inline void *kvzalloc(size_t size, gfp_t flags)
return members;
}
#endif
-
-/* Compiler attributes */
-#ifndef __has_attribute
-# define __has_attribute(x) __GCC4_has_attribute_##x
-# define __GCC4_has_attribute___fallthrough__ 0
-#endif
-
-#if __has_attribute(__fallthrough__)
-# define fallthrough __attribute__((__fallthrough__))
-#else
-# define fallthrough do {} while (0) /* fallthrough */
-#endif
-
#endif /* IP_SET_COMPAT_HEADERS */
#endif /* __IP_SET_COMPAT_H */
diff --git a/kernel/include/linux/netfilter/ipset/ip_set_compiler.h.in b/kernel/include/linux/netfilter/ipset/ip_set_compiler.h.in
new file mode 100644
index 0000000..1b392f8
--- /dev/null
+++ b/kernel/include/linux/netfilter/ipset/ip_set_compiler.h.in
@@ -0,0 +1,15 @@
+#ifndef __IP_SET_COMPILER_H
+#define __IP_SET_COMPILER_H
+
+/* Compiler attributes */
+#ifndef __has_attribute
+# define __has_attribute(x) __GCC4_has_attribute_##x
+# define __GCC4_has_attribute___fallthrough__ 0
+#endif
+
+#if __has_attribute(__fallthrough__)
+# define fallthrough __attribute__((__fallthrough__))
+#else
+# define fallthrough do {} while (0) /* fallthrough */
+#endif
+#endif /* __IP_SET_COMPILER_H */
diff --git a/kernel/net/netfilter/ipset/ip_set_core.c b/kernel/net/netfilter/ipset/ip_set_core.c
index dcbc400..85961fc 100644
--- a/kernel/net/netfilter/ipset/ip_set_core.c
+++ b/kernel/net/netfilter/ipset/ip_set_core.c
@@ -21,6 +21,7 @@
#include <linux/netfilter/x_tables.h>
#include <linux/netfilter/nfnetlink.h>
#include <linux/netfilter/ipset/ip_set.h>
+#include <linux/netfilter/ipset/ip_set_compiler.h>
static LIST_HEAD(ip_set_type_list); /* all registered set types */
static DEFINE_MUTEX(ip_set_type_mutex); /* protects ip_set_type_list */
Best regards,
Jozsef
-
E-mail : kadlec@blackhole.kfki.hu, kadlecsik.jozsef@wigner.hu
PGP key : https://wigner.hu/~kadlec/pgp_public_key.txt
Address : Wigner Research Centre for Physics
H-1525 Budapest 114, POB. 49, Hungary
^ permalink raw reply related [flat|nested] 10+ messages in thread
* Re: ipset 7.9 compilation fix on kernel 4.14
[not found] ` <701adbbb-202a-4ee4-ce2e-ecaaed6dc3b5@wildgooses.com>
@ 2020-12-10 22:19 ` Jozsef Kadlecsik
0 siblings, 0 replies; 10+ messages in thread
From: Jozsef Kadlecsik @ 2020-12-10 22:19 UTC (permalink / raw)
To: Ed W; +Cc: netfilter, netfilter-devel
[-- Attachment #1: Type: text/plain, Size: 1096 bytes --]
Hi,
On Thu, 10 Dec 2020, Ed W wrote:
> There remains a compile warning, just wanted to bring to your attention:
>
> /var/tmp/portage/net-firewall/ipset-7.9/work/ipset-7.9/kernel/net/netfilter/ips
> et/ip_set_core.c: In function 'ip_set_rename':
> /var/tmp/portage/net-firewall/ipset-7.9/work/ipset-7.9/kernel/net/netfilter/ips
> et/ip_set_core.c:1359:2: warning: 'strncpy' specified bound 32 equals
> destination size [-Wstringop-truncation]
> 1359 | strncpy(set->name, name2, IPSET_MAXNAMELEN);
> | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> LD [M] /var/tmp/portage/net-firewall/ipset-7.9/work/ipset-7.9/kernel/net/netfilter/ips
> et/ip_set.o
That's a false warning: name2 comes from a netlink attribute which size
is limited to IPSET_MAXNAMELEN-1, including NUL. The compiler can't figure
it out though.
Best regards,
Jozsef
-
E-mail : kadlec@blackhole.kfki.hu, kadlecsik.jozsef@wigner.hu
PGP key : https://wigner.hu/~kadlec/pgp_public_key.txt
Address : Wigner Research Centre for Physics
H-1525 Budapest 114, POB. 49, Hungary
^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2020-12-10 23:07 UTC | newest]
Thread overview: 10+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-11-19 20:48 [ANNOUNCE] ipset 7.8 released Jozsef Kadlecsik
2020-11-19 21:10 ` Jan Engelhardt
2020-11-19 21:46 ` Jozsef Kadlecsik
2020-11-19 22:07 ` Jan Engelhardt
2020-11-20 3:01 ` Neutron Soutmun
2020-11-20 8:07 ` Jozsef Kadlecsik
2020-11-20 13:18 ` Neutron Soutmun
2020-12-04 12:47 ` Ed W
2020-12-07 14:54 ` Jozsef Kadlecsik
[not found] ` <701adbbb-202a-4ee4-ce2e-ecaaed6dc3b5@wildgooses.com>
2020-12-10 22:19 ` ipset 7.9 compilation fix on kernel 4.14 Jozsef Kadlecsik
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.