New ipset 6.0 version is available, please bump net-firevall/ipset OR/AND update ipset in net-firevall/xtables-addons P.S NOTE: IMHO, ipset block net-firevall/xtables-addons[xtables_addons_ipset]
Note: in 2.6.38 kernel ipset included in main tree sources
I think ipset is merged in 2.6.39? However, yes, I'm also looking for an ebuild for ipset-6.4 So far I tried patching the ebuild to: - inherit autotools - delete src_prepare and recreate with a call to "eautoconf --with-kbuild=${KERNEL_DIR}" However, this isn't passing the kernel param down to configure? I'm not sure how to correctly setup the ebuild at this point? Anyone with more experience care to take it further?
@kernel, ipset requires custom kernel patch which is included into upstream sources in commit: f703651ef870bd6b94ddc98ae07488b7d3fd9335 Is it possible to have this patch applied in 2.6.34-2.6.38 kernels too, please?
Created attachment 270703 [details, diff] netlink.patch This is patch I'm talking about. Upstream patch differs: it does not change static char __initdata nfversion...
Well, ipset-6.4 is in the tree. Kernel, so could you add this patch to 2.6.34-2.6.38 kernels, please?
Well ipset-6.4.ebuild is compile ok without any error, i apply netlink.patch to kernel, but when execute any command except ipset -V kerel is return: Kernel error received: Invalid argument. Then i reboot and kerel is dump error: Error inserting ip_set (/lib/modules/2.6.38-gentoo-r3/kernel/net/netfilter/ipset/ip_set.ko): Device or resource busy ip_set: cannot register with nfnetlink.
if current version kernel and version, selected with "eselect kernel" is different, build fail with error Invalid kernel source directory /lib/modules/<current-version>/source. IMHO, build system not check source symlink and use uname -r. * Package: net-firewall/ipset-6.4 * Repository: gentoo * Maintainer: robbat2@gentoo.org pva@gentoo.org * USE: amd64 consolekit elibc_glibc kernel_linux multilib policykit userland_GNU * FEATURES: preserve-libs sandbox userpriv * Determining the location of the kernel source code * Found kernel source directory: * /usr/src/linux * Found sources for kernel version: * 2.6.39-rc6-git5-1.04 >>> Unpacking source... >>> Unpacking ipset-6.4.tar.bz2 to /var/tmp/portage/net-firewall/ipset-6.4/work >>> Source unpacked in /var/tmp/portage/net-firewall/ipset-6.4/work >>> Preparing source in /var/tmp/portage/net-firewall/ipset-6.4/work/ipset-6.4 ... * Running eautoreconf in '/var/tmp/portage/net-firewall/ipset-6.4/work/ipset-6.4' ... * Running aclocal -I m4 ... [ ok ] * Running libtoolize --copy --force --install --automake ... [ ok ] * Running aclocal -I m4 ... [ ok ] * Running autoconf ... [ ok ] * Running autoheader ... [ ok ] * Running automake --add-missing --copy --foreign ... [ ok ] * Running elibtoolize in: ipset-6.4/ * Applying portage-1.2.0.patch ... * Applying sed-1.5.6.patch ... * Applying as-needed-2.2.6.patch ... >>> Source prepared. >>> Configuring source in /var/tmp/portage/net-firewall/ipset-6.4/work/ipset-6.4 ... * econf: updating ipset-6.4/config.guess with /usr/share/gnuconfig/config.guess * econf: updating ipset-6.4/config.sub with /usr/share/gnuconfig/config.sub ./configure --prefix=/usr --build=x86_64-pc-linux-gnu --host=x86_64-pc-linux-gnu --mandir=/usr/share/man --infodir=/usr/share/info --datadir=/usr/share --sysconfdir=/etc --localstatedir=/var/lib --disable-dependency-tracking --with-maxsets=256 --libdir=/lib64 --disable-static checking build system type... x86_64-pc-linux-gnu checking host system type... x86_64-pc-linux-gnu checking for a BSD-compatible install... /usr/bin/install -c checking whether build environment is sane... yes checking for a thread-safe mkdir -p... /bin/mkdir -p checking for gawk... gawk checking whether make sets $(MAKE)... yes configure: error: Invalid kernel source directory /lib/modules//source !!! Please attach the following file when seeking support: In this case host work with 2.6.38-gentoo-r1-1.04 kernel, selected kernel is 2.6.39-rc6-git5-1.04 eselect kernel list Available kernel symlink targets: [1] linux-2.6.38-gentoo-r4 [2] linux-2.6.39-rc6-git5 *
problem section code in configure.ac dnl Additional arguments dnl Kernel build directory or source tree AC_ARG_WITH([kbuild], AS_HELP_STRING([--with-kbuild=PATH], [Path to kernel build directory]), [KBUILDDIR="$withval";]) AC_ARG_WITH([ksource], AS_HELP_STRING([--with-ksource=PATH], [Path to kernel source directory, if not the same as the kernel build directory]), [KSOURCEDIR="$withval";]) AM_CONDITIONAL(WITH_KBUILDDIR, test "$KBUILDDIR" != "") AC_SUBST(KBUILDDIR) dnl Sigh: check kernel version dependencies if test "$KBUILDDIR" != "" then kbuilddir="$KBUILDDIR" else kbuilddir="/lib/modules/`uname -r`/build" fi if test -n "$KSOURCEDIR"; then ksourcedir="$KSOURCEDIR" elif test -e "$kbuilddir/include/linux/netfilter/nfnetlink.h"; then ksourcedir="$kbuilddir" else ksourcedir="/lib/modules/$(uname -r)/source" fi if test ! -e "$ksourcedir/include/linux/netfilter/nfnetlink.h" then AC_MSG_ERROR([Invalid kernel source directory $ksourcedir]) fi if test ! -e "$kbuilddir/.config" then AC_MSG_ERROR([The kernel build directory $kbuilddir is not configured]) fi
I already sent a fix for this by email to Peter Volkov, I am not sure if he has committed the change or not? Basically if you want to build against something other than the running kernel then patch the ebuild as such: src_configure() { econf \ --with-maxsets=${IP_NF_SET_MAX} \ --libdir=${EPREFIX}/$(get_libdir) \ --disable-static \ + --with-kbuild=${KV_DIR} } I haven't yet tested the resulting modules, my build is cross compile architectures (x86 target, amd64 host), and there may turn out to be an additional patch needed to force the architecture? However, the above at least lets you build
(In reply to comment #9) > I already sent a fix for this by email to Peter Volkov, I am not sure if he has > committed the change or not? > I contacted Peter to jabber, and discussed this issue. It is likely that he commit changes to weekend
(In reply to comment #6) > Well ipset-6.4.ebuild is compile ok without any error, i apply netlink.patch to > kernel, but when execute any command except ipset -V kerel is return: Kernel > error received: Invalid argument. Then i reboot and kerel is dump error: Error > inserting ip_set > (/lib/modules/2.6.38-gentoo-r3/kernel/net/netfilter/ipset/ip_set.ko): Device or > resource busy > ip_set: cannot register with nfnetlink. This is happening when i compile ipset from working kernel source to exactly same kernel source (fore example i'm with 2.6.38-gentoo-r4 and the eslect kernel is 2.6.38-gentoo-r4 linux simlink is to 2.6.38-gentoo-r4).I thing that something is not working with netlink.patch for me, and i'm using ipset-4.5 for that reason.
Boyan, please, open new bug. Attach full build log there. Ed, Andreis, I've committed fix. Thank you! @kernel, your turn ;)
Ill just write here since its minor... kernel check in 6.4 (i think there is 6.5 out now as well), should be greater then .38 (and not .39) since greater then .38 is .39 that have modules inside already.
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f703651ef870bd6b94ddc98ae07488b7d3fd9335
I tested the upstream patch with genpatches for kernel versions 2.6.35 - 2.6.38. It applies without any problems, and ipset builds fine. I hope I'll be able to boot with those kernels too, just to make sure that ipset indeed works without problems, and if Mike has no objections, I can commit this patch to genpatches 2.6.35 - 2.6.38, and release them when upstream release new stable versions for these kernels. Until then, anyone wishing to use ipset-6.x, 2.6.39 with the netlink patch included, is in Portage. So, if there are no objections, after the patch hits the genpatches trunk, we can close this bug, and whenever a new 2.6.3[5-8] kernel gets released, it will contain the netlink patch.
Well, actually since 2.6.39 with the netlink patch is already in Portage, and 3.0 will get released really soon, I'm going to close this bug. If anyone wants to use ipset-6.x, they can either upgrade to 2.6.39, or apply the patch manually. The patch is really easy to apply (no changes required) to older kernels, and since it's not fixing any serious build failure or bug, there's really no need to add it to genpatches. Thanks.
