Created attachment 405986 [details] xtables-addons emerge build fail log * Package: net-firewall/xtables-addons-2.6 @sabayon we bumped into this while compiling xtables-addons against the 4.1 kernel sources. Fixed it with a revision bump containing a patch taken from netfilter-devel, it is applied only if >=4.1 kernel https://github.com/Sabayon/for-gentoo/commit/c840be5b1389965d33051c86ab2b47902e9b5172 Cheers
Are you sure this patch is working? See http://thread.gmane.org/gmane.comp.security.firewalls.netfilter.devel/58216/focus=58219
`XTABLES_ADDONS="echo" emerge xtables-addons` fails with * Installing compat_xtables module * Installing xt_ECHO module install: cannot stat ‘xt_ECHO.ko’: No such file or directory !!! doins: xt_ECHO.ko does not exist * ERROR: net-firewall/xtables-addons-2.6::gentoo failed (install phase): * doins failed ,too.
We have to have a fix that will work with all versions of the kernel. 2.6 works for < 4.1 so we'll wait till upstream sorts this out for >= 4.1.
okay: 1) There are two issues here. tarpit fails on linux-4.1 and above while echo fails on 4.0 and above. 2) I added xtables-addons-2.7 the tree. Same issues. 3) I added a function to the ebuild to warn and die if modules known to fail on particular kernel versions are chosen. (I actually need to generalize that function to work between kernel version rather than set a upper limit.) 4) I stabilized xtables-addons-2.6. 5) I'm checking to see if these issues are known upstream xtables-addons. 6) I'm not including patches that have not cleared upstream and don't have the appropriate intelligence to check kernel version and adjust for the changed kernel api.
(In reply to Anthony Basile from comment #4) > > 5) I'm checking to see if these issues are known upstream xtables-addons. > tarpit is fixed in 2.7: http://sourceforge.net/p/xtables-addons/xtables-addons/ci/96ce5ec48828d88da703ba00ef734d0c73ca6bc9/
Ran into the same issue on funtoo. xt_delude.c also needs to be patched. I posted a bug report and working ebuild with patches at bugs.funtoo.org. https://bugs.funtoo.org/browse/FL-2579?filter=-2 Found the patches in a netfilter-devel post http://www.spinics.net/lists/netfilter-devel/msg37228.html
Everyone seems to read the message with the patch. But nobody seems to read the follow up from the same person posting the patch saying that it killed his network when he finally used tarpit. Can somebody actual using tarpit or delude module say if these modules are *really* working with these patches or not?
(In reply to Thomas D. from comment #7) > Everyone seems to read the message with the patch. But nobody seems to read > the follow up from the same person posting the patch saying that it killed > his network when he finally used tarpit. > > Can somebody actual using tarpit or delude module say if these modules are > *really* working with these patches or not? I just pushed 2.9 to the tree. Can someone check if tarpit works? I'm also going to start stabilization against 2.8. I know tarpit might be an issue but I don't have enough to say definitively. If it turns out it is, I'll add a pkg_postinst() message pointing to the list email warning. Open another bug if tarpit is broken because the build issue is addressed.
