Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 9347 - fwbuilder: fwb_ipt fails to compile firewall script from xml source ruleset
Summary: fwbuilder: fwb_ipt fails to compile firewall script from xml source ruleset
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: x86 Linux
: High major (vote)
Assignee: Nick Hadaway
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2002-10-19 13:46 UTC by KiTaSuMbA
Modified: 2003-04-04 01:27 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description KiTaSuMbA 2002-10-19 13:46:17 UTC 
Fwbuilder loads without trouble but when I request a compile the generated 
script is empty but for the shebang header line (#!/bin/sh). 

Performing a strace directly on fwb_ipt (with the relative 
arguements of course) produces a SIGABRT: 

......... 
......... 
open("MYFRW.fw", 
O_WRONLY|O_CREAT|O_TRUNC, 0666) = 3 
rt_sigprocmask(SIG_UNBLOCK, [ABRT], NULL, 8) = 0 
kill(6416, SIGABRT)           = 0 
--- SIGABRT (Aborted) --- 
+++ killed by SIGABRT +++ 

fwbuilder was compiled and used on the following system: 

Gentoo 1.4rc1 
2.4.19 with XFS, devfs 
gcc 3.2 (CFLAGS = CXXFLAGS = -march=athlon-xp 
-O3 -pipe -fomit-frame-pointer -ffast-math -fforce-addr 
-falign-functions=4) 
gnome 2.0 
I also tried with "conservative" flags and still had no luck. In contrast, 
building the tarball in slackware 8.0 with gcc 2.95 results to a 
fully-working fwb_ipt.
Comment 1 Nick Hadaway 2002-10-29 13:45:32 UTC 
Is your kernel compiled with full support for iptables and it's laundry list of 
features?
Also, what were your "conservative" settings?
What version fo fwbuilder are you installing?
Comment 2 KiTaSuMbA 2002-10-30 15:32:47 UTC 
> Is your kernel compiled with full support for iptables and it's laundry
> list of features?
Yes, as modules. Same as the slackware (though slack runs a 2.4.18). 
However, 
I think that fwb_ipt does not check for the kernel modules (after all, it's 
supposed to built a shell script that could be run on another machine). In 
any case, the SIGABRT appears in the strace while fwb_ipt is parsing the xml 
rules file.

> Also, what were your "conservative" settings?
i686 O2

> What version fo fwbuilder are you installing?
1.0.6 with libfwbuilder 0.10.10 (the exact same tarballs that emerge 
fetched, 
I used sucessfuly in slack).

Thanks for the feedback.
Comment 3 Nick Hadaway 2002-12-01 19:30:48 UTC 
fwbuilder-1.0.7 is currently in portage marked unstable.  Have you tested this
version?
Comment 4 KiTaSuMbA 2002-12-02 10:42:17 UTC 
still no luck... :-(
it seems like fwbuilder does not like gcc 3. argh!
Comment 5 Nick Hadaway 2003-01-20 08:00:48 UTC 
fwbuilder-1.0.8 is currently in portage.  I have tested the ebuild and it appears to work like a charm.  Let me know how your experience faires.
Comment 6 KiTaSuMbA 2003-01-20 18:39:51 UTC 
> fwbuilder-1.0.8 is currently in portage.  I have tested the ebuild and it
> appears to work like a charm.  Let me know how your experience faires.

Doh! I get this:
PolicyCompiler_pf.cc:491: parse error before `(' token
PolicyCompiler_pf.cc:492: parse error before `(' token
PolicyCompiler_pf.cc:493: parse error before `(' token
make[2]: *** [PolicyCompiler_pf.o] Error 1

Okay, fwbuilder simply hates me....
Comment 7 Nick Hadaway 2003-01-21 02:01:54 UTC 
Maybe you have some bad ram or something?  Problems running a program and problems compiling a program... 
www.memtest86.com

Let me know if that comes up with anything...
Comment 8 Nick Hadaway 2003-02-13 00:59:44 UTC 
One last thought here... what kernel are you using? and what version of ipchains?
Comment 9 John Davis (zhen) (RETIRED) gentoo-dev 2003-04-04 01:22:22 UTC 
db fix
Comment 10 John Davis (zhen) (RETIRED) gentoo-dev 2003-04-04 01:27:14 UTC 
db fix