| Summary: | net-firewall/iptables-1.3.5-r4 doesn't find all extensions in kernel 2.6.17 | ||
|---|---|---|---|
| Product: | Gentoo Linux | Reporter: | Matt Whitlock <gentoo> |
| Component: | New packages | Assignee: | Gentoo's Team for Core System packages <base-system> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | ||
| Priority: | High | ||
| Version: | 2006.0 | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
wouldnt the correct thing be to check both files ? fixed in cvs |
Kernel 2.6.17 changed the source locations of several netfilter extension modules, and as a result, the iptables build process fails to detect their presence and build the shared libraries to use them. Here's a script I wrote to fix iptables's extension tests for the new kernel: #!/bin/sh for each in .*-test ; do # if the test fails right now if ! [[ $(./${each}) ]] ; then # create a new test with a fixed path sed 's/\/ipv4\/netfilter\/ipt_/\/netfilter\/xt_/' ${each} > ${each}~ # if the new test passes if [[ $(/bin/sh ./${each}~) ]] ; then # replace the old test with the new test mv ${each}~ ${each} else # delete the new test rm ${each}~ fi fi done When run in the /var/tmp/portage/iptables-1.3.5-r4/work/iptables-1.3.5/extensions directory, that script will fix up the tests to detect the kernel extensions in their new locations. Note, I didn't mess with the IPv6 tests. Of course, it should only be run if the kernel version is 2.6.17 or greater! It would be swell if someone could get this integrated into the iptables-1.3.5 ebuild, until a fix is made upstream.