* Re: Static compile issues
@ 2003-06-09 15:59 Cory Visi
0 siblings, 0 replies; 11+ messages in thread
From: Cory Visi @ 2003-06-09 15:59 UTC (permalink / raw)
To: netfilter
[-- Attachment #1: Type: TEXT/PLAIN, Size: 873 bytes --]
A couple people have emailed me and the list regarding this issue, so I
thought I'd post for everyone's benefit.
Martin Josefsson <gandalf@wlug.westbo.se> was absolutely correct. The
Invalid Argument problem can be fixed by recompiling iptables with the new
linux kernel headers. That means /usr/include/linux needs to link to your
kernel tree, NOT the glibc headers (bad distributions!)
Martin, I apologize for not searching the list archives before posting.
As for my iptables compile errors, I fixed that with a patch, which I
have attached to this email. I'm sure it's something that's already been
fixed, but there's no new patch-o-matic release, so I guess there's no
harm in posting. It was an error caused by the "talk" protocol connection
tracking patch in "extra". The kernel headers need to be able to be
included in userland applications.
Enjoy!
Cory Visi
[-- Attachment #2: Type: TEXT/PLAIN, Size: 844 bytes --]
diff -Naur linux-2.4.20-orig/include/linux/netfilter_ipv4/ip_conntrack_talk.h linux-2.4.20/include/linux/netfilter_ipv4/ip_conntrack_talk.h
--- linux-2.4.20-orig/include/linux/netfilter_ipv4/ip_conntrack_talk.h 2003-06-01 20:20:07.000000000 -0400
+++ linux-2.4.20/include/linux/netfilter_ipv4/ip_conntrack_talk.h 2003-06-01 20:32:48.000000000 -0400
@@ -2,9 +2,7 @@
#define _IP_CONNTRACK_TALK_H
/* TALK tracking. */
-#ifndef __KERNEL__
-#error Only in kernel.
-#endif
+#ifdef __KERNEL__
#include <linux/in.h>
#include <linux/netfilter_ipv4/lockhelp.h>
@@ -138,6 +136,8 @@
#define SELECTIVE_REFUSAL 11 /* User Filter refusal. */
#define MAX_RESPONSE_TYPE 11 /* Make sure this is updated */
+#endif /* __KERNEL__ */
+
/* We don't really need much for talk */
struct ip_ct_talk_expect
{
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: Static compile issues
[not found] <Pine.LNX.4.30.0305311905310.29484-100000@phear.lwz.org>
@ 2003-06-06 23:45 ` Cory Visi
0 siblings, 0 replies; 11+ messages in thread
From: Cory Visi @ 2003-06-06 23:45 UTC (permalink / raw)
To: netfilter
[-- Attachment #1: Type: TEXT/PLAIN, Size: 672 bytes --]
A couple people have emailed me and the list regarding this issue, so I
thought I'd post for everyone's benefit.
Martin Josefsson <gandalf@wlug.westbo.se> was absolutely correct. The
Invalid Argument problem can be fixed by recompiling iptables with the new
linux kernel headers. That means /usr/include/linux needs to link to your
kernel tree, NOT the glibc headers (bad distributions!)
As for my iptables compile errors, I fixed that with a patch, which I
attached. I'm sure it's something that's already been fixed, but there's
no new patch-o-matic release, so no harm in posting. It was an error
caused by the "talk" protocol connection tracking.
Enjoy!
Cory Visi
[-- Attachment #2: Type: TEXT/PLAIN, Size: 844 bytes --]
diff -Naur linux-2.4.20-orig/include/linux/netfilter_ipv4/ip_conntrack_talk.h linux-2.4.20/include/linux/netfilter_ipv4/ip_conntrack_talk.h
--- linux-2.4.20-orig/include/linux/netfilter_ipv4/ip_conntrack_talk.h 2003-06-01 20:20:07.000000000 -0400
+++ linux-2.4.20/include/linux/netfilter_ipv4/ip_conntrack_talk.h 2003-06-01 20:32:48.000000000 -0400
@@ -2,9 +2,7 @@
#define _IP_CONNTRACK_TALK_H
/* TALK tracking. */
-#ifndef __KERNEL__
-#error Only in kernel.
-#endif
+#ifdef __KERNEL__
#include <linux/in.h>
#include <linux/netfilter_ipv4/lockhelp.h>
@@ -138,6 +136,8 @@
#define SELECTIVE_REFUSAL 11 /* User Filter refusal. */
#define MAX_RESPONSE_TYPE 11 /* Make sure this is updated */
+#endif /* __KERNEL__ */
+
/* We don't really need much for talk */
struct ip_ct_talk_expect
{
^ permalink raw reply [flat|nested] 11+ messages in thread
* RE: Static compile issues
2003-05-29 15:45 ` Cory Visi
@ 2003-05-29 19:01 ` Martin Josefsson
0 siblings, 0 replies; 11+ messages in thread
From: Martin Josefsson @ 2003-05-29 19:01 UTC (permalink / raw)
To: Cory Visi; +Cc: Netfilter
On Thu, 2003-05-29 at 17:45, Cory Visi wrote:
> > Recompile iptables against your new kernel and it _will_ work again.
>
> Ahh, but that's the best part:
> (This is iptables-1.2.7a)
>
> # make
> Extensions found: IPv4:ipv4options IPv4:IPV4OPTSSTRIP IPv4:mport IPv4:NETMAP IPv4:nth IPv4:pool IPv4:POOL IPv4:psd IPv4:quota IPv4:random IPv4:realm IPv4:time IPv6:ah IPv6:esp IPv6:frag IPv6:ipv6header IPv6:hbh IPv6:dst IPv6:REJECT IPv6:rt
> cc -O2 -Wall -Wunused -I/usr/src/linux/include -Iinclude/ -DIPTABLES_VERSION=\"1.2.7a\" -fPIC -o extensions/libipt_conntrack_sh.o -c extensions/libipt_conntrack.c
> In file included from /usr/src/linux/include/linux/netfilter_ipv4/ip_conntrack_talk.h:9,
> from /usr/src/linux/include/linux/netfilter_ipv4/ip_conntrack.h:69,
> from extensions/libipt_conntrack.c:12:
> /usr/src/linux/include/linux/in.h:25: conflicting types for `IPPROTO_IP'
> /usr/include/netinet/in.h:32: previous declaration of `IPPROTO_IP'
[snip lots of warnings and errors]
> make: *** [extensions/libipt_conntrack_sh.o] Error 1
I just tested to compile iptables from cvs and it compiled just fine,
I've never seen the errors you got before, you appear to have seriously
screwed up includes.
--
/Martin
^ permalink raw reply [flat|nested] 11+ messages in thread
* RE: Static compile issues
2003-05-29 12:54 ` Martin Josefsson
@ 2003-05-29 15:45 ` Cory Visi
2003-05-29 19:01 ` Martin Josefsson
0 siblings, 1 reply; 11+ messages in thread
From: Cory Visi @ 2003-05-29 15:45 UTC (permalink / raw)
To: Netfilter, Martin Josefsson
On 29 May 2003, Martin Josefsson wrote:
> On Thu, 2003-05-29 at 01:10, George Vieira wrote:
> > No, don't enable it.. why bother.
> >
> > I've noticed that there are more and more people with problems on 2.4.20 kernel. Not sure the reason behind it or if it's the kernel or netfilter causing it.. but so far my 2.4.19 is fine.. not that it helps you...
>
> Why oh why can't anyone use google or read through an archive of this
> list? I've helped _lots_ of people with this problem.
>
> The solution is _very_ simple.
>
> Recompile iptables against your new kernel and it _will_ work again.
Ahh, but that's the best part:
(This is iptables-1.2.7a)
# make
Extensions found: IPv4:ipv4options IPv4:IPV4OPTSSTRIP IPv4:mport IPv4:NETMAP IPv4:nth IPv4:pool IPv4:POOL IPv4:psd IPv4:quota IPv4:random IPv4:realm IPv4:time IPv6:ah IPv6:esp IPv6:frag IPv6:ipv6header IPv6:hbh IPv6:dst IPv6:REJECT IPv6:rt
cc -O2 -Wall -Wunused -I/usr/src/linux/include -Iinclude/ -DIPTABLES_VERSION=\"1.2.7a\" -fPIC -o extensions/libipt_conntrack_sh.o -c extensions/libipt_conntrack.c
In file included from /usr/src/linux/include/linux/netfilter_ipv4/ip_conntrack_talk.h:9,
from /usr/src/linux/include/linux/netfilter_ipv4/ip_conntrack.h:69,
from extensions/libipt_conntrack.c:12:
/usr/src/linux/include/linux/in.h:25: conflicting types for `IPPROTO_IP'
/usr/include/netinet/in.h:32: previous declaration of `IPPROTO_IP'
/usr/src/linux/include/linux/in.h:26: conflicting types for `IPPROTO_ICMP'
/usr/include/netinet/in.h:36: previous declaration of `IPPROTO_ICMP'
/usr/src/linux/include/linux/in.h:27: conflicting types for `IPPROTO_IGMP'
/usr/include/netinet/in.h:38: previous declaration of `IPPROTO_IGMP'
/usr/src/linux/include/linux/in.h:28: conflicting types for `IPPROTO_IPIP'
/usr/include/netinet/in.h:40: previous declaration of `IPPROTO_IPIP'
/usr/src/linux/include/linux/in.h:29: conflicting types for `IPPROTO_TCP'
/usr/include/netinet/in.h:42: previous declaration of `IPPROTO_TCP'
/usr/src/linux/include/linux/in.h:30: conflicting types for `IPPROTO_EGP'
/usr/include/netinet/in.h:44: previous declaration of `IPPROTO_EGP'
/usr/src/linux/include/linux/in.h:31: conflicting types for `IPPROTO_PUP'
/usr/include/netinet/in.h:46: previous declaration of `IPPROTO_PUP'
/usr/src/linux/include/linux/in.h:32: conflicting types for `IPPROTO_UDP'
/usr/include/netinet/in.h:48: previous declaration of `IPPROTO_UDP'
/usr/src/linux/include/linux/in.h:33: conflicting types for `IPPROTO_IDP'
/usr/include/netinet/in.h:50: previous declaration of `IPPROTO_IDP'
/usr/src/linux/include/linux/in.h:34: conflicting types for `IPPROTO_RSVP'
/usr/include/netinet/in.h:60: previous declaration of `IPPROTO_RSVP'
/usr/src/linux/include/linux/in.h:35: conflicting types for `IPPROTO_GRE'
/usr/include/netinet/in.h:62: previous declaration of `IPPROTO_GRE'
/usr/src/linux/include/linux/in.h:37: conflicting types for `IPPROTO_IPV6'
/usr/include/netinet/in.h:54: previous declaration of `IPPROTO_IPV6'
/usr/src/linux/include/linux/in.h:39: conflicting types for `IPPROTO_PIM'
/usr/include/netinet/in.h:78: previous declaration of `IPPROTO_PIM'
/usr/src/linux/include/linux/in.h:41: conflicting types for `IPPROTO_ESP'
/usr/include/netinet/in.h:64: previous declaration of `IPPROTO_ESP'
/usr/src/linux/include/linux/in.h:42: conflicting types for `IPPROTO_AH'
/usr/include/netinet/in.h:66: previous declaration of `IPPROTO_AH'
/usr/src/linux/include/linux/in.h:43: conflicting types for `IPPROTO_COMP'
/usr/include/netinet/in.h:80: previous declaration of `IPPROTO_COMP'
/usr/src/linux/include/linux/in.h:45: conflicting types for `IPPROTO_RAW'
/usr/include/netinet/in.h:82: previous declaration of `IPPROTO_RAW'
/usr/src/linux/include/linux/in.h:47: conflicting types for `IPPROTO_MAX'
/usr/include/netinet/in.h:85: previous declaration of `IPPROTO_MAX'
/usr/src/linux/include/linux/in.h:51: redefinition of `struct in_addr'
/usr/src/linux/include/linux/in.h:92: redefinition of `struct ip_mreq'
/usr/src/linux/include/linux/in.h:98: redefinition of `struct ip_mreqn'
/usr/src/linux/include/linux/in.h:105: redefinition of `struct in_pktinfo'
/usr/src/linux/include/linux/in.h:113: redefinition of `struct sockaddr_in'
In file included from /usr/src/linux/include/linux/netfilter_ipv4/ip_conntrack_talk.h:9,
from /usr/src/linux/include/linux/netfilter_ipv4/ip_conntrack.h:69,
from extensions/libipt_conntrack.c:12:
/usr/src/linux/include/linux/in.h:130:1: warning: "IN_CLASSA" redefined
In file included from /usr/include/netdb.h:28,
from extensions/libipt_conntrack.c:6:
/usr/include/netinet/in.h:145:1: warning: this is the location of the previous definition
In file included from /usr/src/linux/include/linux/netfilter_ipv4/ip_conntrack_talk.h:9,
from /usr/src/linux/include/linux/netfilter_ipv4/ip_conntrack.h:69,
from extensions/libipt_conntrack.c:12:
/usr/src/linux/include/linux/in.h:136:1: warning: "IN_CLASSB" redefined
In file included from /usr/include/netdb.h:28,
from extensions/libipt_conntrack.c:6:
/usr/include/netinet/in.h:151:1: warning: this is the location of the previous definition
In file included from /usr/src/linux/include/linux/netfilter_ipv4/ip_conntrack_talk.h:9,
from /usr/src/linux/include/linux/netfilter_ipv4/ip_conntrack.h:69,
from extensions/libipt_conntrack.c:12:
/usr/src/linux/include/linux/in.h:142:1: warning: "IN_CLASSC" redefined
In file included from /usr/include/netdb.h:28,
from extensions/libipt_conntrack.c:6:
/usr/include/netinet/in.h:157:1: warning: this is the location of the previous definition
In file included from /usr/src/linux/include/linux/netfilter_ipv4/ip_conntrack_talk.h:9,
from /usr/src/linux/include/linux/netfilter_ipv4/ip_conntrack.h:69,
from extensions/libipt_conntrack.c:12:
/usr/src/linux/include/linux/in.h:147:1: warning: "IN_CLASSD" redefined
In file included from /usr/include/netdb.h:28,
from extensions/libipt_conntrack.c:6:
/usr/include/netinet/in.h:162:1: warning: this is the location of the previous definition
In file included from /usr/src/linux/include/linux/netfilter_ipv4/ip_conntrack_talk.h:9,
from /usr/src/linux/include/linux/netfilter_ipv4/ip_conntrack.h:69,
from extensions/libipt_conntrack.c:12:
/usr/src/linux/include/linux/in.h:151:1: warning: "IN_EXPERIMENTAL" redefined
In file included from /usr/include/netdb.h:28,
from extensions/libipt_conntrack.c:6:
/usr/include/netinet/in.h:165:1: warning: this is the location of the previous definition
In file included from /usr/src/linux/include/linux/netfilter_ipv4/ip_conntrack_talk.h:9,
from /usr/src/linux/include/linux/netfilter_ipv4/ip_conntrack.h:69,
from extensions/libipt_conntrack.c:12:
/usr/src/linux/include/linux/in.h:152:1: warning: "IN_BADCLASS" redefined
In file included from /usr/include/netdb.h:28,
from extensions/libipt_conntrack.c:6:
/usr/include/netinet/in.h:166:1: warning: this is the location of the previous definition
In file included from /usr/src/linux/include/linux/netfilter_ipv4/ip_conntrack_talk.h:9,
from /usr/src/linux/include/linux/netfilter_ipv4/ip_conntrack.h:69,
from extensions/libipt_conntrack.c:12:
/usr/src/linux/include/linux/in.h:155:1: warning: "INADDR_ANY" redefined
In file included from /usr/include/netdb.h:28,
from extensions/libipt_conntrack.c:6:
/usr/include/netinet/in.h:169:1: warning: this is the location of the previous definition
In file included from /usr/src/linux/include/linux/netfilter_ipv4/ip_conntrack_talk.h:9,
from /usr/src/linux/include/linux/netfilter_ipv4/ip_conntrack.h:69,
from extensions/libipt_conntrack.c:12:
/usr/src/linux/include/linux/in.h:158:1: warning: "INADDR_BROADCAST" redefined
In file included from /usr/include/netdb.h:28,
from extensions/libipt_conntrack.c:6:
/usr/include/netinet/in.h:171:1: warning: this is the location of the previous definition
In file included from /usr/src/linux/include/linux/netfilter_ipv4/ip_conntrack_talk.h:9,
from /usr/src/linux/include/linux/netfilter_ipv4/ip_conntrack.h:69,
from extensions/libipt_conntrack.c:12:
/usr/src/linux/include/linux/in.h:161:1: warning: "INADDR_NONE" redefined
In file included from /usr/include/netdb.h:28,
from extensions/libipt_conntrack.c:6:
/usr/include/netinet/in.h:173:1: warning: this is the location of the previous definition
In file included from /usr/src/linux/include/linux/netfilter_ipv4/ip_conntrack_talk.h:9,
from /usr/src/linux/include/linux/netfilter_ipv4/ip_conntrack.h:69,
from extensions/libipt_conntrack.c:12:
/usr/src/linux/include/linux/in.h:167:1: warning: "INADDR_LOOPBACK" redefined
In file included from /usr/include/netdb.h:28,
from extensions/libipt_conntrack.c:6:
/usr/include/netinet/in.h:179:1: warning: this is the location of the previous definition
In file included from /usr/src/linux/include/linux/netfilter_ipv4/ip_conntrack_talk.h:9,
from /usr/src/linux/include/linux/netfilter_ipv4/ip_conntrack.h:69,
from extensions/libipt_conntrack.c:12:
/usr/src/linux/include/linux/in.h:171:1: warning: "INADDR_UNSPEC_GROUP" redefined
In file included from /usr/include/netdb.h:28,
from extensions/libipt_conntrack.c:6:
/usr/include/netinet/in.h:183:1: warning: this is the location of the previous definition
In file included from /usr/src/linux/include/linux/netfilter_ipv4/ip_conntrack_talk.h:9,
from /usr/src/linux/include/linux/netfilter_ipv4/ip_conntrack.h:69,
from extensions/libipt_conntrack.c:12:
/usr/src/linux/include/linux/in.h:172:1: warning: "INADDR_ALLHOSTS_GROUP" redefined
In file included from /usr/include/netdb.h:28,
from extensions/libipt_conntrack.c:6:
/usr/include/netinet/in.h:184:1: warning: this is the location of the previous definition
In file included from /usr/src/linux/include/linux/netfilter_ipv4/ip_conntrack_talk.h:9,
from /usr/src/linux/include/linux/netfilter_ipv4/ip_conntrack.h:69,
from extensions/libipt_conntrack.c:12:
/usr/src/linux/include/linux/in.h:173:1: warning: "INADDR_ALLRTRS_GROUP" redefined
In file included from /usr/include/netdb.h:28,
from extensions/libipt_conntrack.c:6:
/usr/include/netinet/in.h:185:1: warning: this is the location of the previous definition
In file included from /usr/src/linux/include/linux/netfilter_ipv4/ip_conntrack_talk.h:9,
from /usr/src/linux/include/linux/netfilter_ipv4/ip_conntrack.h:69,
from extensions/libipt_conntrack.c:12:
/usr/src/linux/include/linux/in.h:174:1: warning: "INADDR_MAX_LOCAL_GROUP" redefined
In file included from /usr/include/netdb.h:28,
from extensions/libipt_conntrack.c:6:
/usr/include/netinet/in.h:186:1: warning: this is the location of the previous definition
In file included from /usr/src/linux/include/asm/smp.h:15,
from /usr/src/linux/include/linux/smp.h:14,
from /usr/src/linux/include/linux/interrupt.h:7,
from /usr/src/linux/include/linux/netfilter_ipv4/lockhelp.h:7,
from /usr/src/linux/include/linux/netfilter_ipv4/ip_conntrack_talk.h:10,
from /usr/src/linux/include/linux/netfilter_ipv4/ip_conntrack.h:69,
from extensions/libipt_conntrack.c:12:
/usr/src/linux/include/asm/fixmap.h:77: `FIX_ACPI_PAGES' undeclared here (not in a function)
/usr/src/linux/include/asm/fixmap.h:77: enumerator value for `FIX_ACPI_END' not integer constant
/usr/src/linux/include/asm/fixmap.h:88: parse error before "pgprot_t"
/usr/src/linux/include/asm/fixmap.h: In function `virt_to_fix':
/usr/src/linux/include/asm/fixmap.h:137: warning: implicit declaration of function `BUG'
In file included from /usr/src/linux/include/asm/smp.h:17,
from /usr/src/linux/include/linux/smp.h:14,
from /usr/src/linux/include/linux/interrupt.h:7,
from /usr/src/linux/include/linux/netfilter_ipv4/lockhelp.h:7,
from /usr/src/linux/include/linux/netfilter_ipv4/ip_conntrack_talk.h:10,
from /usr/src/linux/include/linux/netfilter_ipv4/ip_conntrack.h:69,
from extensions/libipt_conntrack.c:12:
/usr/src/linux/include/asm/mpspec.h: At top level:
/usr/src/linux/include/asm/mpspec.h:223: parse error before "id"
/usr/src/linux/include/asm/mpspec.h:224: parse error before "address"
/usr/src/linux/include/asm/mpspec.h:227: parse error before "id"
/usr/src/linux/include/asm/mpspec.h:228: parse error before "bus_irq"
In file included from /usr/src/linux/include/asm/smp.h:21,
from /usr/src/linux/include/linux/smp.h:14,
from /usr/src/linux/include/linux/interrupt.h:7,
from /usr/src/linux/include/linux/netfilter_ipv4/lockhelp.h:7,
from /usr/src/linux/include/linux/netfilter_ipv4/ip_conntrack_talk.h:10,
from /usr/src/linux/include/linux/netfilter_ipv4/ip_conntrack.h:69,
from extensions/libipt_conntrack.c:12:
/usr/src/linux/include/asm/apic.h:85: parse error before "unsigned"
In file included from /usr/src/linux/include/linux/interrupt.h:7,
from /usr/src/linux/include/linux/netfilter_ipv4/lockhelp.h:7,
from /usr/src/linux/include/linux/netfilter_ipv4/ip_conntrack_talk.h:10,
from /usr/src/linux/include/linux/netfilter_ipv4/ip_conntrack.h:69,
from extensions/libipt_conntrack.c:12:
/usr/src/linux/include/linux/smp.h:29: parse error before '(' token
In file included from /usr/src/linux/include/linux/irq.h:19,
from /usr/src/linux/include/asm/hardirq.h:6,
from /usr/src/linux/include/linux/interrupt.h:46,
from /usr/src/linux/include/linux/netfilter_ipv4/lockhelp.h:7,
from /usr/src/linux/include/linux/netfilter_ipv4/ip_conntrack_talk.h:10,
from /usr/src/linux/include/linux/netfilter_ipv4/ip_conntrack.h:69,
from extensions/libipt_conntrack.c:12:
/usr/src/linux/include/asm/irq.h:40: warning: `struct task_struct' declared inside parameter list
/usr/src/linux/include/asm/irq.h:40: warning: its scope is only this definition or declaration, which is probably not what you want
In file included from /usr/src/linux/include/linux/irq.h:69,
from /usr/src/linux/include/asm/hardirq.h:6,
from /usr/src/linux/include/linux/interrupt.h:46,
from /usr/src/linux/include/linux/netfilter_ipv4/lockhelp.h:7,
from /usr/src/linux/include/linux/netfilter_ipv4/ip_conntrack_talk.h:10,
from /usr/src/linux/include/linux/netfilter_ipv4/ip_conntrack.h:69,
from extensions/libipt_conntrack.c:12:
/usr/src/linux/include/asm/hw_irq.h:78: parse error before '(' token
/usr/src/linux/include/asm/hw_irq.h: In function `x86_do_profile':
/usr/src/linux/include/asm/hw_irq.h:210: `current' undeclared (first use in this function)
/usr/src/linux/include/asm/hw_irq.h:210: (Each undeclared identifier is reported only once
/usr/src/linux/include/asm/hw_irq.h:210: for each function it appears in.)
/usr/src/linux/include/asm/hw_irq.h: In function `hw_resend_irq':
/usr/src/linux/include/asm/hw_irq.h:228: warning: implicit declaration of function `send_IPI_self'
In file included from /usr/src/linux/include/linux/interrupt.h:46,
from /usr/src/linux/include/linux/netfilter_ipv4/lockhelp.h:7,
from /usr/src/linux/include/linux/netfilter_ipv4/ip_conntrack_talk.h:10,
from /usr/src/linux/include/linux/netfilter_ipv4/ip_conntrack.h:69,
from extensions/libipt_conntrack.c:12:
/usr/src/linux/include/asm/hardirq.h: In function `irq_enter':
/usr/src/linux/include/asm/hardirq.h:77: warning: implicit declaration of function `cpu_relax'
In file included from /usr/src/linux/include/linux/netfilter_ipv4/lockhelp.h:7,
from /usr/src/linux/include/linux/netfilter_ipv4/ip_conntrack_talk.h:10,
from /usr/src/linux/include/linux/netfilter_ipv4/ip_conntrack.h:69,
from extensions/libipt_conntrack.c:12:
/usr/src/linux/include/linux/interrupt.h: At top level:
/usr/src/linux/include/linux/interrupt.h:75: syntax error before "void"
/usr/src/linux/include/linux/interrupt.h:79: parse error before '(' token
/usr/src/linux/include/linux/interrupt.h:80: parse error before '(' token
/usr/src/linux/include/linux/interrupt.h: In function `tasklet_unlock':
/usr/src/linux/include/linux/interrupt.h:142: warning: implicit declaration of function `barrier'
/usr/src/linux/include/linux/interrupt.h: At top level:
/usr/src/linux/include/linux/interrupt.h:156: parse error before '(' token
/usr/src/linux/include/linux/interrupt.h: In function `tasklet_schedule':
/usr/src/linux/include/linux/interrupt.h:161: warning: implicit declaration of function `__tasklet_schedule'
/usr/src/linux/include/linux/interrupt.h: At top level:
/usr/src/linux/include/linux/interrupt.h:164: parse error before '(' token
/usr/src/linux/include/linux/interrupt.h: In function `tasklet_hi_schedule':
/usr/src/linux/include/linux/interrupt.h:169: warning: implicit declaration of function `__tasklet_hi_schedule'
make: *** [extensions/libipt_conntrack_sh.o] Error 1
-Cory
^ permalink raw reply [flat|nested] 11+ messages in thread
* RE: Static compile issues
2003-05-28 23:10 George Vieira
@ 2003-05-29 12:54 ` Martin Josefsson
2003-05-29 15:45 ` Cory Visi
0 siblings, 1 reply; 11+ messages in thread
From: Martin Josefsson @ 2003-05-29 12:54 UTC (permalink / raw)
To: George Vieira; +Cc: Cory Visi, Netfilter
On Thu, 2003-05-29 at 01:10, George Vieira wrote:
> No, don't enable it.. why bother.
>
> I've noticed that there are more and more people with problems on 2.4.20 kernel. Not sure the reason behind it or if it's the kernel or netfilter causing it.. but so far my 2.4.19 is fine.. not that it helps you...
Why oh why can't anyone use google or read through an archive of this
list? I've helped _lots_ of people with this problem.
The solution is _very_ simple.
Recompile iptables against your new kernel and it _will_ work again.
--
/Martin
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: Static compile issues
2003-05-28 21:11 ` Cory Visi
@ 2003-05-29 1:48 ` Arnt Karlsen
0 siblings, 0 replies; 11+ messages in thread
From: Arnt Karlsen @ 2003-05-29 1:48 UTC (permalink / raw)
To: netfilter
On Wed, 28 May 2003 17:11:42 -0400 (EDT),
Cory Visi <merlin@phear.lwz.org> wrote in message
<Pine.LNX.4.30.0305281709290.30704-100000@phear.lwz.org>:
> When I compile the kernel statically and enable IP Tables support,
> ipchains compatibilty is becomes no longer available. I have the
> Invalid Argument problem with the static kernel.
>
> When I compile the kernel with module support, I do _not_ enable
> the ipchains compatibility module.
>
> Should I try enabling this? Obviously, I cannot insert it when the IP
> tables module is loaded. Also, this doesn't help my situation with the
> static kernel.
.._no_ and no. Ipchains would require the removal of iptables and that
on top of all the good reasons not to, makes it off-topic here. ;-)
--
..med vennlig hilsen = with Kind Regards from Arnt... ;-)
...with a number of polar bear hunters in his ancestry...
Scenarios always come in sets of three:
best case, worst case, and just in case.
^ permalink raw reply [flat|nested] 11+ messages in thread
* RE: Static compile issues
@ 2003-05-28 23:10 George Vieira
2003-05-29 12:54 ` Martin Josefsson
0 siblings, 1 reply; 11+ messages in thread
From: George Vieira @ 2003-05-28 23:10 UTC (permalink / raw)
To: Cory Visi, netfilter
No, don't enable it.. why bother.
I've noticed that there are more and more people with problems on 2.4.20 kernel. Not sure the reason behind it or if it's the kernel or netfilter causing it.. but so far my 2.4.19 is fine.. not that it helps you...
Thanks,
____________________________________________
George Vieira
Systems Manager
georgev@citadelcomputer.com.au
Citadel Computer Systems Pty Ltd
http://www.citadelcomputer.com.au
-----Original Message-----
From: Cory Visi [mailto:merlin@phear.lwz.org]
Sent: Thursday, May 29, 2003 7:12 AM
To: netfilter@lists.netfilter.org
Subject: Re: Static compile issues
When I compile the kernel statically and enable IP Tables support,
ipchains compatibilty is becomes no longer available. I have the Invalid
Argument problem with the static kernel.
When I compile the kernel with module support, I do _not_ enable
the ipchains compatibility module.
Should I try enabling this? Obviously, I cannot insert it when the IP
tables module is loaded. Also, this doesn't help my situation with the
static kernel.
Thanks,
Cory
On 28 May 2003, Esteban wrote:
> did you enable the ipchains cmpatibility module?
> (i think is the last one one the netfiler menu con make menuconfig)
>
> good luck
>
> On Wed, 2003-05-28 at 17:09, Cory Visi wrote:
> > I am using a 2.4.20 kernel with pom-20030107 and iptables v1.2.7a. From
> > pom-20030107, I have installed all the pending patches and all the base
> > patches. In addition, I have installed the following extra patches:
> >
> > amanda-conntrack-nat.patch
> > eggdrop-conntrack.patch
> > ip_tables-proc.patch
> > mms-conntrack-nat.patch
> > pptp-conntrack-nat.patch
> > quake3-conntrack.patch
> > rsh.patch
> > tftp-conntrack-nat.patch
> >
> > The problem is, when I compile the kernel statically and enable all the
> > iptables options, I cannot do NAT. Any iptables line that specifies a
> > chain in the nat table causes an Invalid Argument:
> >
> > # iptables -t nat -A POSTROUTING -o $EXTERNAL -s $INTERNAL_NETWORK -j SNAT --to-source $EXTERNAL_IP
> > Invalid argument
> >
> > Another interesting thing to point out, is that I also compiled this
> > kernel with modules and experienced the same problem. I was, however, able
> > to fix it by disabling the IPv4 netfilter option for "NAT of local
> > connections". For the module kernel, disabling this option fixes the
> > problem. For the staticly compiled kernel, disabling this option has no
> > effect-- the error persists.
> >
> > Anyone have any ideas?
> > Please CC me directly if you respond to the list, since I am not
> > subscribed (yet).
> >
> > Thank you,
> > Cory Visi
> >
> >
> >
>
>
>
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: Static compile issues
2003-05-28 20:09 Cory Visi
@ 2003-05-28 21:54 ` Esteban
2003-05-28 21:11 ` Cory Visi
0 siblings, 1 reply; 11+ messages in thread
From: Esteban @ 2003-05-28 21:54 UTC (permalink / raw)
To: Cory Visi; +Cc: netfilter
did you enable the ipchains cmpatibility module?
(i think is the last one one the netfiler menu con make menuconfig)
good luck
On Wed, 2003-05-28 at 17:09, Cory Visi wrote:
> I am using a 2.4.20 kernel with pom-20030107 and iptables v1.2.7a. From
> pom-20030107, I have installed all the pending patches and all the base
> patches. In addition, I have installed the following extra patches:
>
> amanda-conntrack-nat.patch
> eggdrop-conntrack.patch
> ip_tables-proc.patch
> mms-conntrack-nat.patch
> pptp-conntrack-nat.patch
> quake3-conntrack.patch
> rsh.patch
> tftp-conntrack-nat.patch
>
> The problem is, when I compile the kernel statically and enable all the
> iptables options, I cannot do NAT. Any iptables line that specifies a
> chain in the nat table causes an Invalid Argument:
>
> # iptables -t nat -A POSTROUTING -o $EXTERNAL -s $INTERNAL_NETWORK -j SNAT --to-source $EXTERNAL_IP
> Invalid argument
>
> Another interesting thing to point out, is that I also compiled this
> kernel with modules and experienced the same problem. I was, however, able
> to fix it by disabling the IPv4 netfilter option for "NAT of local
> connections". For the module kernel, disabling this option fixes the
> problem. For the staticly compiled kernel, disabling this option has no
> effect-- the error persists.
>
> Anyone have any ideas?
> Please CC me directly if you respond to the list, since I am not
> subscribed (yet).
>
> Thank you,
> Cory Visi
>
>
>
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: Static compile issues
2003-05-28 21:54 ` Esteban
@ 2003-05-28 21:11 ` Cory Visi
2003-05-29 1:48 ` Arnt Karlsen
0 siblings, 1 reply; 11+ messages in thread
From: Cory Visi @ 2003-05-28 21:11 UTC (permalink / raw)
To: netfilter
When I compile the kernel statically and enable IP Tables support,
ipchains compatibilty is becomes no longer available. I have the Invalid
Argument problem with the static kernel.
When I compile the kernel with module support, I do _not_ enable
the ipchains compatibility module.
Should I try enabling this? Obviously, I cannot insert it when the IP
tables module is loaded. Also, this doesn't help my situation with the
static kernel.
Thanks,
Cory
On 28 May 2003, Esteban wrote:
> did you enable the ipchains cmpatibility module?
> (i think is the last one one the netfiler menu con make menuconfig)
>
> good luck
>
> On Wed, 2003-05-28 at 17:09, Cory Visi wrote:
> > I am using a 2.4.20 kernel with pom-20030107 and iptables v1.2.7a. From
> > pom-20030107, I have installed all the pending patches and all the base
> > patches. In addition, I have installed the following extra patches:
> >
> > amanda-conntrack-nat.patch
> > eggdrop-conntrack.patch
> > ip_tables-proc.patch
> > mms-conntrack-nat.patch
> > pptp-conntrack-nat.patch
> > quake3-conntrack.patch
> > rsh.patch
> > tftp-conntrack-nat.patch
> >
> > The problem is, when I compile the kernel statically and enable all the
> > iptables options, I cannot do NAT. Any iptables line that specifies a
> > chain in the nat table causes an Invalid Argument:
> >
> > # iptables -t nat -A POSTROUTING -o $EXTERNAL -s $INTERNAL_NETWORK -j SNAT --to-source $EXTERNAL_IP
> > Invalid argument
> >
> > Another interesting thing to point out, is that I also compiled this
> > kernel with modules and experienced the same problem. I was, however, able
> > to fix it by disabling the IPv4 netfilter option for "NAT of local
> > connections". For the module kernel, disabling this option fixes the
> > problem. For the staticly compiled kernel, disabling this option has no
> > effect-- the error persists.
> >
> > Anyone have any ideas?
> > Please CC me directly if you respond to the list, since I am not
> > subscribed (yet).
> >
> > Thank you,
> > Cory Visi
> >
> >
> >
>
>
>
^ permalink raw reply [flat|nested] 11+ messages in thread
* Static compile issues
@ 2003-05-28 20:09 Cory Visi
2003-05-28 21:54 ` Esteban
0 siblings, 1 reply; 11+ messages in thread
From: Cory Visi @ 2003-05-28 20:09 UTC (permalink / raw)
To: netfilter
I am using a 2.4.20 kernel with pom-20030107 and iptables v1.2.7a. From
pom-20030107, I have installed all the pending patches and all the base
patches. In addition, I have installed the following extra patches:
amanda-conntrack-nat.patch
eggdrop-conntrack.patch
ip_tables-proc.patch
mms-conntrack-nat.patch
pptp-conntrack-nat.patch
quake3-conntrack.patch
rsh.patch
tftp-conntrack-nat.patch
The problem is, when I compile the kernel statically and enable all the
iptables options, I cannot do NAT. Any iptables line that specifies a
chain in the nat table causes an Invalid Argument:
# iptables -t nat -A POSTROUTING -o $EXTERNAL -s $INTERNAL_NETWORK -j SNAT --to-source $EXTERNAL_IP
Invalid argument
Another interesting thing to point out, is that I also compiled this
kernel with modules and experienced the same problem. I was, however, able
to fix it by disabling the IPv4 netfilter option for "NAT of local
connections". For the module kernel, disabling this option fixes the
problem. For the staticly compiled kernel, disabling this option has no
effect-- the error persists.
Anyone have any ideas?
Please CC me directly if you respond to the list, since I am not
subscribed (yet).
Thank you,
Cory Visi
^ permalink raw reply [flat|nested] 11+ messages in thread
* Static compile issues
@ 2003-05-27 11:42 Cory Visi
0 siblings, 0 replies; 11+ messages in thread
From: Cory Visi @ 2003-05-27 11:42 UTC (permalink / raw)
To: netfilter
I am using a 2.4.20 kernel with pom-20030107 and iptables v1.2.7a. From
pom-20030107, I have installed all the pending patches and all the base
patches. In addition, I have installed the following extra patches:
ipt-amanda-conntrack-nat
ipt-eggdrop-conntrack-nat
ipt-proc
ipt-mms-conntrack-net
ipt-pptp-conntrack-net
ipt-quake3-conntrack-net
ipt-rsh-conntrack-net
ipt-tftp-conntrack-net
The patch names are not official or anything. I just split them up and
called them that. Hopefully, the name is clear enough to you to recognize
an "extra" patch. Please let me know if this is confusing.
The problem is, when I compile the kernel statically and enable all the
iptables options, I cannot do NAT. Any iptables line that specifies a
chain in the nat table causes an Invalid Argument:
# iptables -t nat -A POSTROUTING -o $EXTERNAL -s $INTERNAL_NETWORK -j SNAT
--to-source $EXTERNAL_IP
Invalid argument
Another interesting thing to point out, is that I also compiled this
kernel with modules and experienced the same problem. I was, however, able
to fix it by disabling the IPv4 netfilter option for "NAT of local
connections". For the module kernel, disabling this option fixes the
problem. For the staticly compiled kernel, disabling this option has no
effect-- the error persists.
Anyone have any ideas?
Please CC me directly if you respond to the list, since I am not
subscribed (yet).
Thank you,
Cory Visi
^ permalink raw reply [flat|nested] 11+ messages in thread
end of thread, other threads:[~2003-06-09 15:59 UTC | newest]
Thread overview: 11+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2003-06-09 15:59 Static compile issues Cory Visi
[not found] <Pine.LNX.4.30.0305311905310.29484-100000@phear.lwz.org>
2003-06-06 23:45 ` Cory Visi
-- strict thread matches above, loose matches on Subject: below --
2003-05-28 23:10 George Vieira
2003-05-29 12:54 ` Martin Josefsson
2003-05-29 15:45 ` Cory Visi
2003-05-29 19:01 ` Martin Josefsson
2003-05-28 20:09 Cory Visi
2003-05-28 21:54 ` Esteban
2003-05-28 21:11 ` Cory Visi
2003-05-29 1:48 ` Arnt Karlsen
2003-05-27 11:42 Cory Visi
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.