Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 950506 - net-firewall/ipt_netflow: fails to build with kernel 6.12
Summary: net-firewall/ipt_netflow: fails to build with kernel 6.12
Status: CONFIRMED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Gentoo Netmon project
URL:
Whiteboard:
Keywords: PATCH, PullRequest
: 951328 (view as bug list)
Depends on:
Blocks:
 
Reported: 2025-03-03 15:12 UTC by Eli Schwartz
Modified: 2025-03-17 15:40 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Eli Schwartz gentoo-dev 2025-03-03 15:12:45 UTC
Selected by lottery to build on the binhost today.

>>> Emerging (10 of 10) net-firewall/ipt_netflow-2.6-r1::gentoo
>>> Failed to emerge net-firewall/ipt_netflow-2.6-r1, Log file:
>>>  '/var/tmp/portage/net-firewall/ipt_netflow-2.6-r1/temp/build.log'
 * Package:    net-firewall/ipt_netflow-2.6-r1:0
 * Repository: gentoo
 * Maintainer: netmon@gentoo.org
 * USE:        abi_x86_64 amd64 dist-kernel elibc_glibc kernel_linux strip
 * FEATURES:   preserve-libs sandbox userpriv usersandbox
 * Determining the location of the kernel source code
 * Found kernel source directory:
 *     /usr/src/linux
 * Found sources for kernel version:
 *     6.12.16-gentoo-dist
 * Checking for suitable kernel configuration options ...
 [ ok ]
 * Preparing x86_64-pc-linux-gnu toolchain for kernel modules (override with KERNEL_CHOST) ...
 * Toolchain picked for kernel modules (override with KERNEL_CC, _LD, ...): '/usr/bin/x86_64-pc-linux-gnu-gcc-14' '/usr/bin/x86_64-pc-linux-gnu-g++-14' '/usr/bin/x86_64-pc-linux-gnu-ld.bfd' '/usr/bin/x86_64-pc-l
inux-gnu-gcc-ar' '/usr/bin/x86_64-pc-linux-gnu-gcc-nm' '/usr/bin/x86_64-pc-linux-gnu-objcopy' '/usr/bin/x86_64-pc-linux-gnu-objdump' '/usr/bin/x86_64-pc-linux-gnu-readelf' '/usr/bin/x86_64-pc-linux-gnu-strip'
 * Applying ipt_netflow-2.0-configure.patch ...
 [ ok ]
 * Applying ipt_netflow-2.6-gentoo.patch ...
 [ ok ]
 * Applying ipt_netflow-2.6-ref_module_fix.patch ...
 [ ok ]
 * Applying ipt_netflow-2.6-fix-linux-headers-5.14.patch ...
 [ ok ]
 * Applying ipt_netflow-2.6-kernel-6.4.patch ...
 [ ok ]
./configure --disable-dkms --enable-aggregation --enable-direction --enable-macaddress --enable-vlan --ipt-lib=/usr/lib64/xtables --ipt-src=/usr/ --ipt-ver=1.8.11 --kdir=/usr/src/linux --kver=6.12.16-gentoo-dist
 --disable-snmp-agent
Module version: 2.6
Kernel version: 6.12.16-gentoo-dist (requested)
Kernel sources: /usr/src/linux (requested)
Checking for presence of include/linux/netfilter.h... Yes
netfilter.h uses CONFIG_NF_NAT_NEEDED... No
Checking for presence of include/linux/llist.h... Yes
Checking for presence of include/linux/grsecurity.h... No
Iptables binary version: 1.8.11 (user specified)
pkg-config for version 1.8.11 exists: Yes
Check for working gcc: Yes (x86_64-pc-linux-gnu-gcc)
Checking for presence of xtables.h... Yes
Iptables include flags:  (pkg-config)
Iptables module path: /usr/lib64/xtables (user specified)
Creating Makefile.. done.

  If you need some options enabled run ./configure --help
  Now run: make all install

 * Building ipt_NETFLOW module in /var/tmp/portage/net-firewall/ipt_netflow-2.6-r1/work/ipt_netflow-2.6 ...
./gen_compat_def > compat_def.h
Test symbol xt_family linux/netfilter_ipv4/ip_tables.h  declared
Test struct timeval linux/ktime.h  undeclared
Test struct proc_ops linux/proc_fs.h  declared
Test symbol synchronize_sched linux/rcupdate.h  undeclared
Test symbol nf_bridge_info_get linux/netfilter_bridge.h  declared
Test struct vlan_dev_priv linux/if_vlan.h  declared
Test symbol register_sysctl_paths linux/sysctl.h  undeclared
Compiling 2.6 for kernel 6.12.16-gentoo-dist
make -C /usr/src/linux M=/var/tmp/portage/net-firewall/ipt_netflow-2.6-r1/work/ipt_netflow-2.6 modules
make[1]: Entering directory '/usr/src/linux-6.12.16-gentoo-dist'
make --no-print-directory -C /usr/src/linux-6.12.16-gentoo-dist \
-f /usr/src/linux-6.12.16-gentoo-dist/Makefile modules
warning: the compiler differs from the one used to build the kernel
  The kernel was built by: x86_64-pc-linux-gnu-gcc (Gentoo 14.2.1_p20241221 p7) 14.2.1 20241221
  You are using:           x86_64-pc-linux-gnu-gcc-14 (Gentoo 14.2.1_p20241221 p7) 14.2.1 20241221
make -f ./scripts/Makefile.build obj=/var/tmp/portage/net-firewall/ipt_netflow-2.6-r1/work/ipt_netflow-2.6 need-builtin=1 need-modorder=1 
# CC [M]  /var/tmp/portage/net-firewall/ipt_netflow-2.6-r1/work/ipt_netflow-2.6/ipt_NETFLOW.o
  /usr/bin/x86_64-pc-linux-gnu-gcc-14 -Wp,-MMD,/var/tmp/portage/net-firewall/ipt_netflow-2.6-r1/work/ipt_netflow-2.6/.ipt_NETFLOW.o.d -nostdinc -I./arch/x86/include -I./arch/x86/include/generated  -I./include -I./arch/x86/include/uapi -I./arch/x86/include/generated/uapi -I./include/uapi -I./include/generated/uapi -include ./include/linux/compiler-version.h -include ./include/linux/kconfig.h -include ./include/linux/compiler_types.h -D__KERNEL__ -fmacro-prefix-map=./= -std=gnu11 -fshort-wchar -funsigned-char -fno-common -fno-PIE -fno-strict-aliasing -mno-sse -mno-mmx -mno-sse2 -mno-3dnow -mno-avx -fcf-protection=branch -fno-jump-tables -m64 -falign-jumps=1 -falign-loops=1 -mno-80387 -mno-fp-ret-in-387 -mpreferred-stack-boundary=3 -mskip-rax-setup -mtune=generic -mno-red-zone -mcmodel=kernel -Wno-sign-compare -fno-asynchronous-unwind-tables -mindirect-branch=thunk-extern -mindirect-branch-register -mindirect-branch-cs-prefix -mfunction-return=thunk-extern -fno-jump-tables -mharden-sls=all -fpatchable-function-entry=16,16 -fno-delete-null-pointer-checks -O2 -fno-allow-store-data-races -fstack-protector-strong -ftrivial-auto-var-init=zero -fno-stack-clash-protection -pg -mrecord-mcount -mfentry -DCC_USING_FENTRY -fmin-function-alignment=16 -fstrict-flex-arrays=3 -fno-strict-overflow -fno-stack-check -fconserve-stack -Wall -Wundef -Werror=implicit-function-declaration -Werror=implicit-int -Werror=return-type -Werror=strict-prototypes -Wno-format-security -Wno-trigraphs -Wno-frame-address -Wno-address-of-packed-member -Wmissing-declarations -Wmissing-prototypes -Wframe-larger-than=2048 -Wno-main -Wno-dangling-pointer -Wvla -Wno-pointer-sign -Wcast-function-type -Wno-stringop-overflow -Wno-array-bounds -Wno-alloc-size-larger-than -Wimplicit-fallthrough=5 -Werror=date-time -Werror=incompatible-pointer-types -Werror=designated-init -Wenum-conversion -Wextra -Wunused -Wno-unused-but-set-variable -Wno-unused-const-variable -Wno-packed-not-aligned -Wno-format-overflow -Wno-format-truncation -Wno-stringop-truncation -Wno-override-init -Wno-missing-field-initializers -Wno-type-limits -Wno-shift-negative-value -Wno-maybe-uninitialized -Wno-sign-compare -Wno-unused-parameter -g -DENABLE_AGGR -DENABLE_DIRECTION -DENABLE_MAC -DENABLE_VLAN -DCONFIG_NF_NAT_NEEDED -DHAVE_LLIST  -fsanitize=bounds-strict -fsanitize=shift    -DMODULE  -DKBUILD_BASENAME='"ipt_NETFLOW"' -DKBUILD_MODNAME='"ipt_NETFLOW"' -D__KBUILD_MODNAME=kmod_ipt_NETFLOW -c -o /var/tmp/portage/net-firewall/ipt_netflow-2.6-r1/work/ipt_netflow-2.6/ipt_NETFLOW.o /var/tmp/portage/net-firewall/ipt_netflow-2.6-r1/work/ipt_netflow-2.6/ipt_NETFLOW.c   ; ./tools/objtool/objtool --hacks=jump_label --hacks=noinstr --hacks=skylake --ibt --orc --retpoline --rethunk --sls --static-call --uaccess --prefix=16  --link  --module /var/tmp/portage/net-firewall/ipt_netflow-2.6-r1/work/ipt_netflow-2.6/ipt_NETFLOW.o
# cmd_mod /var/tmp/portage/net-firewall/ipt_netflow-2.6-r1/work/ipt_netflow-2.6/ipt_NETFLOW.mod
  printf '%s\n'   ipt_NETFLOW.o | awk '!x[$0]++ { print("/var/tmp/portage/net-firewall/ipt_netflow-2.6-r1/work/ipt_netflow-2.6/"$0) }' > /var/tmp/portage/net-firewall/ipt_netflow-2.6-r1/work/ipt_netflow-2.6/ipt_NETFLOW.mod
/var/tmp/portage/net-firewall/ipt_netflow-2.6-r1/work/ipt_netflow-2.6/ipt_NETFLOW.c:71:10: fatal error: asm/unaligned.h: No such file or directory
   71 | #include <asm/unaligned.h>
      |          ^~~~~~~~~~~~~~~~~
compilation terminated.
make[3]: *** [scripts/Makefile.build:229: /var/tmp/portage/net-firewall/ipt_netflow-2.6-r1/work/ipt_netflow-2.6/ipt_NETFLOW.o] Error 1
make[2]: *** [/usr/src/linux-6.12.16-gentoo-dist/Makefile:1934: /var/tmp/portage/net-firewall/ipt_netflow-2.6-r1/work/ipt_netflow-2.6] Error 2
make[1]: *** [Makefile:224: __sub-make] Error 2
make[1]: Leaving directory '/usr/src/linux-6.12.16-gentoo-dist'
make: *** [Makefile:27: ipt_NETFLOW.ko] Error 2
 * ERROR: net-firewall/ipt_netflow-2.6-r1::gentoo failed (compile phase):
 *   emake failed
 * 
 * If you need support, post the output of `emerge --info '=net-firewall/ipt_netflow-2.6-r1::gentoo'`,
 * the complete build log and the output of `emerge -pqv '=net-firewall/ipt_netflow-2.6-r1::gentoo'`.
 * The complete build log is located at '/var/tmp/portage/net-firewall/ipt_netflow-2.6-r1/temp/build.log'.
 * The ebuild environment file is located at '/var/tmp/portage/net-firewall/ipt_netflow-2.6-r1/temp/environment'.
 * Working directory: '/var/tmp/portage/net-firewall/ipt_netflow-2.6-r1/work/ipt_netflow-2.6'
 * S: '/var/tmp/portage/net-firewall/ipt_netflow-2.6-r1/work/ipt_netflow-2.6'


No upstream activity for 2 years.

Header renamed in the kernel: https://lore.kernel.org/all/CAHk-=wgMS-TBfirwuxf+oFA3cTMWVLik=w+mA5KdT9dAvcvhTA@mail.gmail.com/
Comment 1 Andrew A. Sabitov 2025-03-08 13:53:33 UTC
Hi! 

I have the same problem. There is discussion and patches concerning this error: https://github.com/aabc/ipt-netflow/issues/237

Is it possible to add them into net-firewall/ipt_netflow packet?
Comment 2 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2025-03-14 20:47:36 UTC
*** Bug 951328 has been marked as a duplicate of this bug. ***
Comment 3 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2025-03-14 20:49:23 UTC
Perhaps we should do a snapshot and then https://github.com/aabc/ipt-netflow/pull/233 on top.
Comment 4 Jaco Kroon 2025-03-16 14:34:17 UTC
(In reply to Sam James from comment #3)
> Perhaps we should do a snapshot and then
> https://github.com/aabc/ipt-netflow/pull/233 on top.

That seems good on face value, but I'm afraid it's not good enough.  There are a couple of nuances that's incorrect in that PR, as well as it doesn't actually compile on vanilla 6.12.1 kernel sources.

I intend to fix those, amend the relevant commits and add signed-off-by on a PR to the upstream project, then I'm hoping I can convince a merge and new version (existing one is from 2021 if I recall correctly off the top of my head now).