Installing net-firewall/ipset-6.9.1 generates an elog postinst message: LOG: postinst Note you need to rebuid and run kernel with netlink.patch or you'll get error: Kernel error received: Invalid argument Actually, I think all the 6.* ipset ebuilds have been doing this. I am not using any netlink.patch, and I am getting no such error (although, from the elog, it's not clear where this error would appear, whether this is a failure during build or a runtime error). From some of what I've read, it seems like the netlink.patch is only required for certain kernel versions (the ones that do not have builtin ipset support). I don't think this patch is necessary for 2.6.39 and later. Perhaps the elog message could be more specific, indicating under what circumstances this error message will appear (kernel versions, whether using netlink or not using it makes a difference, etc.), and where it will appear (build, syslog, etc.)? Reproducible: Always
Thank you for report! Actually it shows this message only in case /usr/src/include/linux/netfilter/nfnetlink.h has no NFNL_SUBSYS_IPSET inside and thus this message should not be shown in case you have your sources patched? What kernel do you use?
(In reply to comment #1) > Thank you for report! Actually it shows this message only in case > /usr/src/include/linux/netfilter/nfnetlink.h has no NFNL_SUBSYS_IPSET inside > and thus this message should not be shown in case you have your sources > patched? What kernel do you use? hardened-sources-2.6.39-r8
ok and could you attach (or send me by mail) linux/netfilter/nfnetlink.h fot this sources, please?
(In reply to comment #3) > ok and could you attach (or send me by mail) linux/netfilter/nfnetlink.h fot > this sources, please? There is no such directory. The header file is also not with the netlink source files in linux/net/netfilter/". ----------------------------------------------------------------- netfilter # ls -l *netlink* -rw-r--r-- 1 root root 54229 May 19 00:06 nf_conntrack_netlink.c -rw-r----- 1 root root 21472 Aug 13 23:03 nf_conntrack_netlink.o -rw-r--r-- 1 root root 5667 May 19 00:06 nfnetlink.c -rw-r--r-- 1 root root 24785 Sep 2 23:19 nfnetlink_log.c -rw-r----- 1 root root 5768 Aug 13 23:03 nfnetlink.o -rw-r--r-- 1 root root 22579 Sep 2 23:19 nfnetlink_queue.c ----------------------------------------------------------------- I do find the header file in in linux/include/netfilter/, however: /usr/src/linux-2.6.39-hardened-r8/include/linux/netfilter/nfnetlink.h I have attached the file. It contains the following: #define NFNL_SUBSYS_IPSET 6
Attached /usr/src/linux/include/linux/netfilter/nfnetlink.h It occurs to me now I should have known you meant that location when you typed "linux/netfilter/nfnetlink.h".
Created attachment 286503 [details] nfnetlink.h from hardened-sources-2.6.39-r8 Doh. Here's the file.
(In reply to comment #4) > There is no such directory. And this is the reason. It should be there. I'll add code to workaround.
(In reply to comment #7) > (In reply to comment #4) > > There is no such directory. > > And this is the reason. It should be there. I'll add code to workaround. So you were NOT referring to the header file I found: '/usr/src/linux/include/linux/netfilter/nfnetlink.h'? As noted above, it DOES contain "NFNL_SUBSYS_IPSET". I'm just double-checking, because when I said, "there is no such directory", I may have been looking in the wrong place.
As I SAID, ebuild "shows this message only in case /usr/src/include/linux/netfilter/nfnetlink.h has no NFNL_SUBSYS_IPSET inside". ebuild should work correctly and no confusing message should be shown in case kernel was patched or have such support by default. The problem you have lays somewhere else and from you words I guess that the reason you saw this message - is the absense of file. Now, telling me that file is in place, you've made me wonder and I'd like you to debug this problem even more (since I'm unable to reproduce it). So do you have file there? Does portage user have access to that file?
(In reply to comment #9) > As I SAID, ebuild "shows this message only in case > /usr/src/include/linux/netfilter/nfnetlink.h has no NFNL_SUBSYS_IPSET inside". Yes, that's what you said. However, there is no such directory. There is, however, this: /usr/src/linux/include/linux/netfilter/nfnetlink.h That's the file I provided. > ebuild should work correctly and no confusing message should be shown in case > kernel was patched or have such support by default. The problem you have lays > somewhere else and from you words I guess that the reason you saw this message > - is the absense of file. Now, telling me that file is in place, you've made me > wonder and I'd like you to debug this problem even more (since I'm unable to > reproduce it). So do you have file there? Does portage user have access to that > file? Yes, and yes.
(In reply to comment #10) > (In reply to comment #9) > > As I SAID, ebuild "shows this message only in case > > /usr/src/include/linux/netfilter/nfnetlink.h has no NFNL_SUBSYS_IPSET inside". > Yes, that's what you said. However, there is no such directory. > > There is, however, this: > /usr/src/linux/include/linux/netfilter/nfnetlink.h > > That's the file I provided. Ah, that was a typo, of course. Looking on file I've provided I have no idea why you saw that message. BTW are you able to reproduce this problem?
(In reply to comment #11) > Looking on file I've provided I have no idea > why you saw that message. > > BTW are you able to reproduce this problem? Yes. -------------------------------------------------------------------------- twister ~ # emerge -1 ipset Calculating dependencies... done! >>> Verifying ebuild manifests >>> Emerging (1 of 1) net-firewall/ipset-6.9.1 * ipset-6.9.1.tar.bz2 RMD160 SHA1 SHA256 size ;-) ... [ ok ] * Determining the location of the kernel source code * Found kernel source directory: * /usr/src/linux * Found kernel object directory: * /lib/modules/2.6.39-hardened-r8/build * Found sources for kernel version: * 2.6.39-hardened-r8 >>> Unpacking source... >>> Unpacking ipset-6.9.1.tar.bz2 to /var/tmp/portage/net-firewall/ipset-6.9.1/work >>> Source unpacked in /var/tmp/portage/net-firewall/ipset-6.9.1/work >>> Preparing source in /var/tmp/portage/net-firewall/ipset-6.9.1/work/ipset-6.9.1 ... * Running eautoreconf in '/var/tmp/portage/net-firewall/ipset-6.9.1/work/ipset-6.9.1' ... * Running aclocal -I m4 ... ... ... ... ... ... >>> Installing (1 of 1) net-firewall/ipset-6.9.1 * Note you need to rebuid and run kernel with netlink.patch or you'll get error: * Kernel error received: Invalid argument >>> Auto-cleaning packages... >>> No outdated packages were found on your system. * GNU info directory index is up-to-date. -------------------------------------------------------------------------- And in elog: >>> Messages generated for package net-firewall/ipset-6.9.1 by process 11795 on 20110919-101625 EDT: LOG: postinst Note you need to rebuid and run kernel with netlink.patch or you'll get error: Kernel error received: Invalid argument
So, obviously, this is untrue: >As I SAID, ebuild "shows this message only in case >/usr/src/include/linux/netfilter/nfnetlink.h has no NFNL_SUBSYS_IPSET inside". Looking at the ebuild, there does not appear to be any conditional logic determining whether the postinst message is output. It seems it would be output in any case: --------------------------------------------------------------------- pkg_postinst() { linux-mod_pkg_postinst elog "Note you need to rebuid and run kernel with netlink.patch or you'll get error:" elog "Kernel error received: Invalid argument" } --------------------------------------------------------------------- Maybe you are confusing the elog warning issued by pkg_postinst (above) with the eerror message that comes from the "check_header_patch" function called in "src_prepare"? check_header_patch() { if ! $(grep -q NFNL_SUBSYS_IPSET "${KV_DIR}/include/linux/netfilter/nfnetlink.h"); then eerror "Sorry, but you have to patch kernel sources with the following patch:" eerror " # cd ${KV_DIR}" eerror " # patch -i ${S}/netlink.patch -p1" eerror "You do not need to recompile your kernel." die "Unpatched kernel" fi } The problem here is that there is no such conditional logic being applied to the elog warning being generated in pkg_postinst. I suppose I should have looked at this myself earlier.
Well, I've dropped in message in 6.9.1-r1. Thank you.
Thanks, Peter. It was a minor thing and I hope I didn't waste too much of your time with it.