libtool: link: x86_64-pc-linux-gnu-gcc -Wall -Waggregate-return -Wmissing-declarations -Wmissing-prototypes -Wredundant-decls -Wshadow -Wstrict-prototypes -Winline -pipe -DALL_INCLUSIVE -DENABLE_IPV4 -DENABLE_IPV6 -O2 -march=corei7-avx -pipe -Wl,-O1 -o .libs/xtables-multi xtables_multi-xtables-multi.o xtables_multi-iptables-xml.o xtables_multi-iptables-save.o xtables_multi-iptables-restore.o xtables_multi-iptables-standalone.o xtables_multi-iptables.o xtables_multi-ip6tables-save.o xtables_multi-ip6tables-restore.o xtables_multi-ip6tables-standalone.o xtables_multi-ip6tables.o xtables_multi-xshared.o -Wl,--as-needed ../extensions/libext.a ../libiptc/.libs/libip4tc.so ../extensions/libext4.a ../libiptc/.libs/libip6tc.so ../extensions/libext6.a ../libxtables/.libs/libxtables.so -lm ../extensions/libext.a(libxt_connlabel.o): In function `connlabel_get_name': libxt_connlabel.c:(.text+0x30): undefined reference to `nfct_labelmap_get_name' ../extensions/libext.a(libxt_connlabel.o): In function `connlabel_mt_parse': libxt_connlabel.c:(.text+0x24b): undefined reference to `nfct_labelmap_get_bit' ../extensions/libext.a(libxt_connlabel.o): In function `libxt_connlabel_init': libxt_connlabel.c:(.text+0x3a9): undefined reference to `nfct_labelmap_new' collect2: error: ld returned 1 exit status make[2]: *** [xtables-multi] Error 1 make[2]: Leaving directory `/var/tmp/portage/net-firewall/iptables-1.4.21/work/iptables-1.4.21/iptables' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/var/tmp/portage/net-firewall/iptables-1.4.21/work/iptables-1.4.21' make: *** [all] Error 2 Reproducible: Always Steps to Reproduce: -lnetfilter_conntrack must be also listed for linking besides -lm Actual Results: Some related pages: Thread: http://www.spinics.net/lists/netfilter-devel/msg27651.html Patch: http://git.buildroot.net/buildroot/commit/?id=24606a241660c4128fddceca88a17374d7f935c8 - note: iptables/Makefile still needs an additional -lnetfilter_conntrack
And even if it compiles and links fine, there is a runtime problem manifested with the error message: cannot open connlabel.conf, not registering 'connlabel' match: No such file or directory
1) Please attach the entire build log to this bug report. 2) Please post your `emerge --info' output in a comment.
Created attachment 364132 [details] net-firewall/iptables-1.4.20 build.log
# emerge --info '=net-firewall/iptables-1.4.20::gentoo' Portage 2.2.7 (hardened/linux/amd64, gcc-4.6.3, glibc-2.16.0, 3.10.17-gentoo x86_64) ================================================================= System Settings ================================================================= System uname: Linux-3.10.17-gentoo-x86_64-Intel-R-_Atom-TM-_CPU_D525_@_1.80GHz-with-gentoo-2.2 KiB Mem: 4040376 total, 3459344 free KiB Swap: 0 total, 0 free Timestamp of tree: Thu, 28 Nov 2013 02:45:01 +0000 ld GNU ld (GNU Binutils) 2.23.1 app-shells/bash: 4.2_p45 dev-lang/python: 2.7.5-r3, 3.2.5-r3 dev-util/cmake: 2.8.11.2 dev-util/pkgconfig: 0.28 sys-apps/baselayout: 2.2 sys-apps/openrc: 0.12.4 sys-apps/sandbox: 2.6-r1 sys-devel/autoconf: 2.69 sys-devel/automake: 1.11.6, 1.12.6, 1.13.4 sys-devel/binutils: 2.23.1 sys-devel/gcc: 4.6.3, 4.7.3-r1 sys-devel/gcc-config: 1.7.3 sys-devel/libtool: 2.4.2 sys-devel/make: 3.82-r4 sys-kernel/linux-headers: 3.9 (virtual/os-headers) sys-libs/glibc: 2.16.0 Repositories: gentoo ACCEPT_KEYWORDS="amd64" ACCEPT_LICENSE="* -@EULA" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=native" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /var/bind /var/spool/munin-async/.ssh" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php5.3/ext-active/ /etc/php/apache2-php5.5/ext-active/ /etc/php/cgi-php5.3/ext-active/ /etc/php/cgi-php5.5/ext-active/ /etc/php/cli-php5.3/ext-active/ /etc/php/cli-php5.5/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/splash /etc/terminfo" CXXFLAGS="-march=native" DISTDIR="/usr/portage/distfiles" FCFLAGS="-O2 -pipe" FEATURES="assume-digests binpkg-logs config-protect-if-modified distlocks ebuild-locks fixlafiles merge-sync news parallel-fetch preserve-libs protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr" FFLAGS="-O2 -pipe" GENTOO_MIRRORS="http://distfiles.gentoo.org/ " LDFLAGS="-Wl,-O1 -Wl,--as-needed" MAKEOPTS="-j5" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="" SYNC="rsync://rsync1.uk.gentoo.org/gentoo-portage" USE="=dev-lang/php-5* acl amd64 apache2 berkdb bind bzip2 cli courier cracklib crypt ctype cxx dlz dri fbcondecor freeradius gd gdbm geoip hardened iconv jpg justify libwww maildir metalog mmx modules mudflap multilib mysql mysqli ncurses net-fs/samba nls nptl openmp openssl pam pax_kernel pcre perl png proftp python radius readline sasl sasl2 session squid sse sse2 ssl static-libs svg tcpd tls truetype unicode urandom vhosts xml zlib" ABI_X86="64" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" APACHE2_MODULES="auth_basic authn_file authn_default authn_dbd authz_user authz_default authz_host authz_owner filter access auth auth_dbm auth_anon auth_digest alias file-cache echo charset-lite cache disk-cache mem-cache ext-filter case_filter case-filter-in deflate mime-magic cern-meta expires headers usertrack unique-id proxy proxy-connect proxy-ftp proxy-http info include cgi cgid dav dav-fs vhost_alias vhost-alias speling rewrite log_config logio env setenvif mime status autoindex asis negotiation dir imap actions userdir so" CALLIGRA_FEATURES="kexi words flow plan sheets stage tables krita karbon braindump author" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ublox ubx" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php5-5" PYTHON_SINGLE_TARGET="python2_7" PYTHON_TARGETS="python2_7 python3_2" RUBY_TARGETS="ruby19 ruby18" USERLAND="GNU" VIDEO_CARDS="fbdev glint intel mach64 mga nouveau nv r128 radeon savage sis tdfx trident vesa via vmware dummy v4l" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, USE_PYTHON
*** Bug 533438 has been marked as a duplicate of this bug. ***
should be fixed in the tree now: http://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fcabf1041d7948601c083fdb87c3723a95eef65f
(In reply to SpanKY from comment #6) > should be fixed in the tree now: > http://gitweb.gentoo.org/repo/gentoo.git/commit/ > ?id=fcabf1041d7948601c083fdb87c3723a95eef65f Link errors are still there after the commit. I've just upgraded to 1.4.21-r2 with the new conntrack USE flag. Please note, that I also USE static-libs while compiling iptables. Please refer to this bug: https://patchwork.ozlabs.org/patch/266804/ The patch isn't sufficient to completely overcome linking problems --- a/libxtables/Makefile.am +++ b/libxtables/Makefile.am @@ -11,6 +11,9 @@ if ENABLE_STATIC # With --enable-static, shipped extensions are linked into the main executable, # so we need all the LIBADDs here too libxtables_la_LIBADD += -lm +if HAVE_LIBNETFILTER_CONNTRACK +libxtables_la_LIBADD += @libnetfilter_conntrack_LIBS@ +endif endif if ENABLE_SHARED libxtables_la_CFLAGS = ${AM_CFLAGS} I also have to introduce another conditional LIBADD for the iptables Makefile: --- a/iptables/Makefile.am 2015-08-19 12:57:39.036296635 +0200 +++ b/iptables/Makefile.am 2015-08-19 12:58:17.060687189 +0200 @@ -23,6 +23,9 @@ endif xtables_multi_SOURCES += xshared.c xtables_multi_LDADD += ../libxtables/libxtables.la -lm +if HAVE_LIBNETFILTER_CONNTRACK +xtables_multi_LDADD += @libnetfilter_conntrack_LIBS@ +endif sbin_PROGRAMS = xtables-multi man_MANS = iptables.8 iptables-restore.8 iptables-save.8 \ These two seem to solve the problem for me. I can attach patches if you want. Should I open a new bug, or get this bug reopened? Thanks: Dw.
This is definitely still a bug. I'd reopen if I had a usable computer... I tried the latest versions of both packages, too.
(In reply to Markus Peloquin from comment #8) > This is definitely still a bug. I'd reopen if I had a usable computer... I > tried the latest versions of both packages, too. Additionally, static linking still has issues even with a recent version. Emerge changes made it much easier to maintain user related patches in /etc/portage!
