Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: iptables: User

ipset and kernel 2.6.22

  

 
iptables user RSS feed   Index | Next | Previous | View Threaded


pud at safeTpin

Jul 23, 2007, 3:24 AM

Post #1 of 4 (1090 views)
Permalink
ipset and kernel 2.6.22
hi list,

just wanted to ask if i'm the only one who is unable to compile
an ipset-patched kernel 2.6.22...
(any of the devs around? - can't find any contact address at the
ipset website)

CC [M] net/ipv4/netfilter/ipt_SET.o
net/ipv4/netfilter/ipt_SET.c:25:46: error: linux/netfilter_ipv4/ip_nat_rule.h: No such file or directory
net/ipv4/netfilter/ipt_SET.c:40: warning: 'struct xt_target' declared inside parameter list
net/ipv4/netfilter/ipt_SET.c:40: warning: its scope is only this definition or declaration, which is probably not what you want
net/ipv4/netfilter/ipt_SET.c: In function 'target':
net/ipv4/netfilter/ipt_SET.c:54: error: 'IPT_CONTINUE' undeclared (first use in this function)
net/ipv4/netfilter/ipt_SET.c:54: error: (Each undeclared identifier is reported only once
net/ipv4/netfilter/ipt_SET.c:54: error: for each function it appears in.)
net/ipv4/netfilter/ipt_SET.c: At top level:
net/ipv4/netfilter/ipt_SET.c:71: warning: 'struct xt_target' declared inside parameter list
net/ipv4/netfilter/ipt_SET.c:117: warning: 'struct xt_target' declared inside parameter list
net/ipv4/netfilter/ipt_SET.c:134: error: variable 'SET_target' has initializer but incomplete type
net/ipv4/netfilter/ipt_SET.c:135: error: unknown field 'name' specified in initializer
net/ipv4/netfilter/ipt_SET.c:135: warning: excess elements in struct initializer
net/ipv4/netfilter/ipt_SET.c:135: warning: (near initialization for 'SET_target')
net/ipv4/netfilter/ipt_SET.c:137: error: unknown field 'family' specified in initializer
net/ipv4/netfilter/ipt_SET.c:137: warning: excess elements in struct initializer
net/ipv4/netfilter/ipt_SET.c:137: warning: (near initialization for 'SET_target')
net/ipv4/netfilter/ipt_SET.c:139: error: unknown field 'target' specified in initializer
net/ipv4/netfilter/ipt_SET.c:139: warning: excess elements in struct initializer
net/ipv4/netfilter/ipt_SET.c:139: warning: (near initialization for 'SET_target')
net/ipv4/netfilter/ipt_SET.c:141: error: unknown field 'targetsize' specified in initializer
net/ipv4/netfilter/ipt_SET.c:141: warning: excess elements in struct initializer
net/ipv4/netfilter/ipt_SET.c:141: warning: (near initialization for 'SET_target')
net/ipv4/netfilter/ipt_SET.c:143: error: unknown field 'checkentry' specified in initializer
net/ipv4/netfilter/ipt_SET.c:143: warning: excess elements in struct initializer
net/ipv4/netfilter/ipt_SET.c:143: warning: (near initialization for 'SET_target')
net/ipv4/netfilter/ipt_SET.c:144: error: unknown field 'destroy' specified in initializer
net/ipv4/netfilter/ipt_SET.c:144: warning: excess elements in struct initializer
net/ipv4/netfilter/ipt_SET.c:144: warning: (near initialization for 'SET_target')
net/ipv4/netfilter/ipt_SET.c:145: error: unknown field 'me' specified in initializer
net/ipv4/netfilter/ipt_SET.c:146: warning: excess elements in struct initializer
net/ipv4/netfilter/ipt_SET.c:146: warning: (near initialization for 'SET_target')
net/ipv4/netfilter/ipt_SET.c: In function 'ipt_SET_init':
net/ipv4/netfilter/ipt_SET.c:159: warning: implicit declaration of function 'xt_register_target'
net/ipv4/netfilter/ipt_SET.c: In function 'ipt_SET_fini':
net/ipv4/netfilter/ipt_SET.c:164: warning: implicit declaration of function 'xt_unregister_target'
make[3]: *** [net/ipv4/netfilter/ipt_SET.o] Error 1
make[2]: *** [net/ipv4/netfilter] Error 2
make[1]: *** [net/ipv4] Error 2
make: *** [net] Error 2


anyone?


tia,

=;p/ud aka nerdpunk

--
gpg-key #C3B04767


nofast at welnowiec

Jul 23, 2007, 4:24 AM

Post #2 of 4 (1034 views)
Permalink
Re: ipset and kernel 2.6.22 [In reply to]
> hi list,
>
> just wanted to ask if i'm the only one who is unable to compile
> an ipset-patched kernel 2.6.22...
> (any of the devs around? - can't find any contact address at the
> ipset website)

Use patch 130-netfilter-ipset.patch
from this page
https://dev.openwrt.org/browser/trunk/target/linux/generic-2.6/patches-2.6.22/

In my opninion ipset iptree still does not work as it should be.
My test:

[]# ipset -N viruses iptree --timeout 100
[]# ipset -A viruses 172.16.14.12

Test1:
[]# ipset -T viruses 172.16.14.12
172.16.14.12 is in set viruses
Test2:
[]# ipset -T viruses 172.16.14.111
172.16.14.111 is in set viruses
Test3:
[]# ipset -T viruses 172.16.140.111
172.16.140.111 is NOT in set viruses

...

Test2 172.16.14.111 shoud NOT be in set viruses, every IP from example
subnet 172.16.14.0/24
is reported as "in set", (look at test2).

Everything is ok after IPTRE_GC_TIME 5*60 (line 33 in ip_set_iptree.c)
When I changed this label to 60 this module iptree worked ok after 60s.

To test again you have to unload ipset module. Something is wrong few
minutes
after module is loaded...

I do not know if any other ipset module has bugs.



> CC [M] net/ipv4/netfilter/ipt_SET.o
> net/ipv4/netfilter/ipt_SET.c:25:46: error:
> linux/netfilter_ipv4/ip_nat_rule.h: No such file or directory
> net/ipv4/netfilter/ipt_SET.c:40: warning: 'struct xt_target' declared
> inside parameter list
> net/ipv4/netfilter/ipt_SET.c:40: warning: its scope is only this
> definition or declaration, which is probably not what you want
> net/ipv4/netfilter/ipt_SET.c: In function 'target':
> net/ipv4/netfilter/ipt_SET.c:54: error: 'IPT_CONTINUE' undeclared (first
> use in this function)
> net/ipv4/netfilter/ipt_SET.c:54: error: (Each undeclared identifier is
> reported only once
> net/ipv4/netfilter/ipt_SET.c:54: error: for each function it appears in.)
> net/ipv4/netfilter/ipt_SET.c: At top level:
> net/ipv4/netfilter/ipt_SET.c:71: warning: 'struct xt_target' declared
> inside parameter list
> net/ipv4/netfilter/ipt_SET.c:117: warning: 'struct xt_target' declared
> inside parameter list
> net/ipv4/netfilter/ipt_SET.c:134: error: variable 'SET_target' has
> initializer but incomplete type
> net/ipv4/netfilter/ipt_SET.c:135: error: unknown field 'name' specified
> in initializer
> net/ipv4/netfilter/ipt_SET.c:135: warning: excess elements in struct
> initializer
> net/ipv4/netfilter/ipt_SET.c:135: warning: (near initialization for
> 'SET_target')
> net/ipv4/netfilter/ipt_SET.c:137: error: unknown field 'family'
> specified in initializer
> net/ipv4/netfilter/ipt_SET.c:137: warning: excess elements in struct
> initializer
> net/ipv4/netfilter/ipt_SET.c:137: warning: (near initialization for
> 'SET_target')
> net/ipv4/netfilter/ipt_SET.c:139: error: unknown field 'target'
> specified in initializer
> net/ipv4/netfilter/ipt_SET.c:139: warning: excess elements in struct
> initializer
> net/ipv4/netfilter/ipt_SET.c:139: warning: (near initialization for
> 'SET_target')
> net/ipv4/netfilter/ipt_SET.c:141: error: unknown field 'targetsize'
> specified in initializer
> net/ipv4/netfilter/ipt_SET.c:141: warning: excess elements in struct
> initializer
> net/ipv4/netfilter/ipt_SET.c:141: warning: (near initialization for
> 'SET_target')
> net/ipv4/netfilter/ipt_SET.c:143: error: unknown field 'checkentry'
> specified in initializer
> net/ipv4/netfilter/ipt_SET.c:143: warning: excess elements in struct
> initializer
> net/ipv4/netfilter/ipt_SET.c:143: warning: (near initialization for
> 'SET_target')
> net/ipv4/netfilter/ipt_SET.c:144: error: unknown field 'destroy'
> specified in initializer
> net/ipv4/netfilter/ipt_SET.c:144: warning: excess elements in struct
> initializer
> net/ipv4/netfilter/ipt_SET.c:144: warning: (near initialization for
> 'SET_target')
> net/ipv4/netfilter/ipt_SET.c:145: error: unknown field 'me' specified in
> initializer
> net/ipv4/netfilter/ipt_SET.c:146: warning: excess elements in struct
> initializer
> net/ipv4/netfilter/ipt_SET.c:146: warning: (near initialization for
> 'SET_target')
> net/ipv4/netfilter/ipt_SET.c: In function 'ipt_SET_init':
> net/ipv4/netfilter/ipt_SET.c:159: warning: implicit declaration of
> function 'xt_register_target'
> net/ipv4/netfilter/ipt_SET.c: In function 'ipt_SET_fini':
> net/ipv4/netfilter/ipt_SET.c:164: warning: implicit declaration of
> function 'xt_unregister_target'
> make[3]: *** [net/ipv4/netfilter/ipt_SET.o] Error 1
> make[2]: *** [net/ipv4/netfilter] Error 2
> make[1]: *** [net/ipv4] Error 2
> make: *** [net] Error 2
> anyone?


kadlec at blackhole

Jul 23, 2007, 6:03 AM

Post #3 of 4 (1035 views)
Permalink
Re: ipset and kernel 2.6.22 [In reply to]
On Mon, 23 Jul 2007, £ukasz Nierych³o wrote:

> In my opninion ipset iptree still does not work as it should be.
> My test:
>
> []# ipset -N viruses iptree --timeout 100
> []# ipset -A viruses 172.16.14.12
>
> Test1:
> []# ipset -T viruses 172.16.14.12
> 172.16.14.12 is in set viruses
> Test2:
> []# ipset -T viruses 172.16.14.111
> 172.16.14.111 is in set viruses
> Test3:
> []# ipset -T viruses 172.16.140.111
> 172.16.140.111 is NOT in set viruses
>
> ...
>
> Test2 172.16.14.111 shoud NOT be in set viruses, every IP from example subnet
> 172.16.14.0/24
> is reported as "in set", (look at test2).
>
> Everything is ok after IPTRE_GC_TIME 5*60 (line 33 in ip_set_iptree.c)
> When I changed this label to 60 this module iptree worked ok after 60s.
>
> To test again you have to unload ipset module. Something is wrong few minutes
> after module is loaded...

That looks like a real bug. Which kernel and pom-ng version are you using?

Best regards,
Jozsef
-
E-mail : kadlec [at] blackhole, kadlec [at] sunserv
PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
Address : KFKI Research Institute for Particle and Nuclear Physics
H-1525 Budapest 114, POB. 49, Hungary


nofast at welnowiec

Jul 23, 2007, 6:58 AM

Post #4 of 4 (1037 views)
Permalink
Re: ipset and kernel 2.6.22 [In reply to]
> On Mon, 23 Jul 2007, £ukasz Nierych³o wrote:
>
>> In my opninion ipset iptree still does not work as it should be.
>> My test:
>>
>> []# ipset -N viruses iptree --timeout 100
>> []# ipset -A viruses 172.16.14.12
>>
>> Test1:
>> []# ipset -T viruses 172.16.14.12
>> 172.16.14.12 is in set viruses
>> Test2:
>> []# ipset -T viruses 172.16.14.111
>> 172.16.14.111 is in set viruses
>> Test3:
>> []# ipset -T viruses 172.16.140.111
>> 172.16.140.111 is NOT in set viruses
>>
>> ...
>>
>> Test2 172.16.14.111 shoud NOT be in set viruses, every IP from example
>> subnet
>> 172.16.14.0/24
>> is reported as "in set", (look at test2).
>>
>> Everything is ok after IPTRE_GC_TIME 5*60 (line 33 in ip_set_iptree.c)
>> When I changed this label to 60 this module iptree worked ok after 60s.
>>
>> To test again you have to unload ipset module. Something is wrong few
>> minutes
>> after module is loaded...
>
> That looks like a real bug. Which kernel and pom-ng version are you
> using?

My kernel: 2.6.22.1 PREEMPT i686 pentium4
Patch: 130-netfilter-ipset.patch
from this page
https://dev.openwrt.org/browser/trunk/target/linux/generic-2.6/patches-2.6.22/

This kernel was not pathed by any other patch than
130-netfilter-ipset.patch
140-netfilter_time.patch
150-netfilter_imq.patch

[]# ipset -V
ipset v2.2.9a Protocol version 2

The same was when I reported this
https://lists.netfilter.org/pipermail/netfilter/2007-May/068730.html
on earlier version of kernel ( + pom-ng )

£ukasz Nierych³o

iptables user RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.