the new iptables does not build on 2.4.20 kernel with USE="extensions" (which is badly needed for NAT firewalling) doe to some header discrepancies in CONNMARK gcc -march=pentium4 -O2 -pipe -fno-stack-protector -Wall -Wunused -I/usr/src/linux/include -Iinclude/ -DIPTABLES_VERSION=\"1.2.11\" -fPIC -o extensions/libipt_CLASSIFY_sh.o -c extensions/libipt_CLASSIFY.c ld -shared -o extensions/libipt_CLASSIFY.so extensions/libipt_CLASSIFY_sh.o gcc -march=pentium4 -O2 -pipe -fno-stack-protector -Wall -Wunused -I/usr/src/linux/include -Iinclude/ -DIPTABLES_VERSION=\"1.2.11\" -fPIC -o extensions/libipt_CONNMARK_sh.o -c extensions/libipt_CONNMARK.c extensions/libipt_CONNMARK.c: In Funktion
the new iptables does not build on 2.4.20 kernel with USE="extensions" (which is badly needed for NAT firewalling) doe to some header discrepancies in CONNMARK gcc -march=pentium4 -O2 -pipe -fno-stack-protector -Wall -Wunused -I/usr/src/linux/include -Iinclude/ -DIPTABLES_VERSION=\"1.2.11\" -fPIC -o extensions/libipt_CLASSIFY_sh.o -c extensions/libipt_CLASSIFY.c ld -shared -o extensions/libipt_CLASSIFY.so extensions/libipt_CLASSIFY_sh.o gcc -march=pentium4 -O2 -pipe -fno-stack-protector -Wall -Wunused -I/usr/src/linux/include -Iinclude/ -DIPTABLES_VERSION=\"1.2.11\" -fPIC -o extensions/libipt_CONNMARK_sh.o -c extensions/libipt_CONNMARK.c extensions/libipt_CONNMARK.c: In Funktion »parse«: extensions/libipt_CONNMARK.c:79: error: structure has no member named `mask' extensions/libipt_CONNMARK.c:82: error: structure has no member named `mask' extensions/libipt_CONNMARK.c:92: error: structure has no member named `mask' extensions/libipt_CONNMARK.c:100: error: structure has no member named `mask' extensions/libipt_CONNMARK.c: In Funktion »print«: extensions/libipt_CONNMARK.c:140: error: structure has no member named `mask' extensions/libipt_CONNMARK.c:141: error: structure has no member named `mask' extensions/libipt_CONNMARK.c:146: error: structure has no member named `mask' ... make: *** [extensions/libipt_CONNMARK_sh.o] Fehler 1 !!! ERROR: net-firewall/iptables-1.2.11-r2 failed. !!! Function src_compile, Line 90, Exitcode 2 !!! Please check http://cvs.iptables.org/patch-o-matic-ng/updates/ if your kernel needs to be patched for iptables (btw i tried the above site for additional info but it wasnt reachable then - timeout) Reproducible: Always Steps to Reproduce: 1. have gentoo-sources-2.4.20 (and probably other 2.4.20 kernels, too 2. try to update your iptables 3. fry Actual Results: iptables did not compile Expected Results: iptables shall compile and run Portage 2.0.50-r10 (default-x86-1.4, gcc-3.3.4, glibc-2.3.3.20040420-r1, 2.4.20-gentoo-r25) ================================================================= System uname: 2.4.20-gentoo-r25 i686 Mobile Intel(R) Pentium(R) 4 - M CPU 1.70GHz Gentoo Base System version 1.4.16 Autoconf: sys-devel/autoconf-2.59-r4 Automake: sys-devel/automake-1.8.5-r1 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CFLAGS="-march=pentium4 -O2 -pipe" CHOST="i686-pc-linux-gnu" COMPILER="" CONFIG_PROTECT="/etc /usr/X11R6/lib/X11/xkb /usr/kde/2/share/config /usr/kde/3.2/share/config /usr/kde/3/share/config /usr/share/config /usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/ /usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/ /usr/share/texmf/xdvi/ /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d" CXXFLAGS="-march=pentium4 -O2 -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="autoaddcvs ccache fixpackages sandbox" GENTOO_MIRRORS="ftp://sunsite.informatik.rwth-aachen.de/pub/Linux/gentoo http://gentoo.oregonstate.edu/ http://www.ibiblio.org/pub/Linux/distributions/gentoo" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/etc/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="X aalib apm avi cdr crypt dga doc dvd encode esd evo extensions flash foomaticdb gd gdbm gif gphoto2 gpm gtk gtk2 gtkhtml guile imlib ipv6 java jpeg kde libg++ libwww mad mikmod motif mozilla mpeg mysql ncurses nls oggvorbis opengl oss pam pcmcia pdflib perl png pnp python qt quicktime readline samba sdl slang spell ssl svga tcltk tcpd tetex threads truetype x86 xml xml2 xmms xv zlib" I had the same error on 4 other systems with different configuration and different (2.4.20 based) kernels, too in /var/tmp/portage/iptables-1.2.11-r2/work/iptables-1.2.11/extensions/libipt_CONNMARK.c: ------------------------- ... #include <iptables.h> #include <linux/netfilter_ipv4/ip_tables.h> #include <linux/netfilter_ipv4/ipt_CONNMARK.h> ... ------------------------- in /usr/src/linux-2.4.20-gentoo-r25/include/linux/netfilter_ipv4/ipt_CONNMARK.h: ------------------------- #ifndef _IPT_CONNMARK_H_target #define _IPT_CONNMARK_H_target enum { IPT_CONNMARK_SET = 0, IPT_CONNMARK_SAVE, IPT_CONNMARK_RESTORE }; struct ipt_connmark_target_info { unsigned long mark; u_int8_t mode; }; #endif /*_IPT_CONNMARK_H_target*/ ------------------------- versus 2.4.26-r9: ------------------------- the file is not there in gentoo-sources-2.4.26-r9 at all ?!? (thats strange - but i need connmark !) ------------------------- so either the kernel, or iptables needs a patch to work around this, or else, if nobody is gonna fix this, iptables needs a minimum kernel version DEPEND entry to not try updating iptables anymore (which I wouldnt like very much) regards, Corvus
726_iptables_CONNMARK breaks compilation with iptables-1.2.11. Hopefully just a new patch from a newver patchomatic is needed.
Fixed in 2.4.20-r28, it should reach the rsync mirrors shortly. Please reopen this bug if you still have any issues. Thanks!
