In file included from ../include/xtables.h:19, from libxt_CHECKSUM.c:12: ../include/linux/netfilter/x_tables.h:99:21: warning: implicit declaration of function '__ALIGN_KERNEL' [-Wimplicit-function-declaration] 99 | #define XT_ALIGN(s) __ALIGN_KERNEL((s), __alignof__(struct _xt_align)) | ^~~~~~~~~~~~~~ libxt_CHECKSUM.c:65:27: note: in expansion of macro 'XT_ALIGN' 65 | .size = XT_ALIGN(sizeof(struct xt_CHECKSUM_info)), | ^~~~~~~~ ../include/linux/netfilter/x_tables.h:99:21: error: initializer element is not constant 99 | #define XT_ALIGN(s) __ALIGN_KERNEL((s), __alignof__(struct _xt_align)) | ^~~~~~~~~~~~~~ There is a bunch of issues: 1. Iptables shipped with its own "include" folder. 2. Includes are outdated. 3. Iptables 1.8.7 ebuild removes "linux/kernel.h" from local "include" folder (# use the saner headers from the kernel). 4. Linux headers 5.15-r2 ebuild adds a specific glibc ifdef inside global "linux/kernel.h" (linux-headers-5.15-remove-inclusion-sysinfo.h.patch). 5. Global "kernel.h" includes the following lines: #ifdef __GLIBC__ #include <linux/sysinfo.h> #include <linux/const.h> #endif Iptables wants "__ALIGN_KERNEL" macro from "const.h", it includes "kernel.h", but it has no info for musl system. We can see this issue has already been fixed by the following commit: https://github.com/gentoo/gentoo/commit/de6cb5ec34088e967ec58b0ea1f73972e6cad3b9 I want just to mention this issue, so everyone can find it using google and understand what happened. Please resolve issue related to https://bugs.gentoo.org/830338, thank you! Reproducible: Always
Thanks for the analysis & report. I meant to fix it earlier today but I was too tired. Let me know if there's anything else, but I think this is OK to close now. Feel free to ping me on #gentoo-hardened on libera if there's ever anything easy I need to quickly do too (or someone else on the team).
