Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 323333

Summary: net-firewall/iptables-1.4.6 build failure with sys-kernel/linux-headers-2.6.33
Product: Gentoo Linux Reporter: Jack Lloyd <lloyd>
Component: Current packagesAssignee: Gentoo's Team for Core System packages <base-system>
Status: RESOLVED INVALID    
Severity: normal CC: pva
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---
Attachments: iptables-1.4.6 build log

Description Jack Lloyd 2010-06-09 14:33:09 UTC 
Trying to build iptables 1.4.6 using the 2.6.33 linux-headers fails:

In file included from libipt_ECN.c:17:0:
../include/linux/netfilter_ipv4/ipt_ECN.h:11:43: fatal error: linux/netfilter_ipv4/ipt_DSCP.h: No such file or directory
compilation terminated.
make[2]: *** [libipt_ECN.o] Error 1

Indeed, ipt_DSCP.h is not installed by the 2.6.33 headers package (and in general it looks like there are far fewer headers in the netfilter_ipv4 directory in the 2.6.33 vs 2.6.30 header install).

Downgrading to the (stable) 2.6.30-r1 headers package fixes the issue.

Reproducible: Always




Portage 2.1.8.3 (default/linux/amd64/10.0/desktop, gcc-4.5.0, glibc-2.10.1-r1, 2.6.33-gentoo-1 x86_64)
=================================================================
System uname: Linux-2.6.33-gentoo-1-x86_64-Intel-R-_Core-TM-2_Quad_CPU_Q6600_@_2.40GHz-with-gentoo-2.0.1
Timestamp of tree: Tue, 08 Jun 2010 07:00:01 +0000
ccache version 2.4 [enabled]
app-shells/bash:     4.0_p37
dev-java/java-config: 2.1.10
dev-lang/python:     2.4.6, 2.6.5-r2, 3.1.2-r3
dev-python/pycrypto: 2.1.0
dev-util/ccache:     2.4-r7
dev-util/cmake:      2.6.4-r3
sys-apps/baselayout: 2.0.1
sys-apps/openrc:     0.6.1-r1
sys-apps/sandbox:    1.6-r2
sys-devel/autoconf:  2.13, 2.65
sys-devel/automake:  1.9.6-r3, 1.10.3, 1.11.1
sys-devel/binutils:  2.20.1
sys-devel/gcc:       3.4.6-r2, 4.1.2, 4.3.4, 4.4.3-r2, 4.5.0
sys-devel/gcc-config: 1.4.1
sys-devel/libtool:   2.2.6b
virtual/os-headers:  2.6.30-r1
ACCEPT_KEYWORDS="amd64"
ACCEPT_LICENSE="* -@EULA dlj-1.1"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-march=core2 -O2 -pipe -momit-leaf-frame-pointer"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/share/X11/xkb /usr/share/config /var/bind"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c"
CXXFLAGS="-march=core2 -O2 -pipe -momit-leaf-frame-pointer"
DISTDIR="/usr/portage/distfiles"
FEATURES="assume-digests ccache distlocks fixpackages news nostrip parallel-fetch protect-owned sandbox sfperms strict unmerge-logs unmerge-orphans userfetch"
GENTOO_MIRRORS="http://gentoo.mirrors.pair.com/ http://chi-10g-1-mirror.fastsoft.net/pub/linux/gentoo/gentoo-distfiles/"
LANG="C"
LDFLAGS="-Wl,-O1"
LINGUAS="en"
MAKEOPTS="-j2"
PKGDIR="/usr/portage/packages"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage/layman/java-overlay /usr/local/portage"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="X a52 aac acl acpi alsa amarok amd64 bash-completion berkdb branding bzip2 cairo cdr cli consolekit cracklib crypt cups cxx dbus doc dri dts dvd dvdr dvdread emacs encode exif fam firefox flac fortran gdbm gmp gtk hal iconv ipod jpeg lcms libnotify mad mbox mmx mng modules mp3 mp4 mpeg mudflap multilib ncurses nls nptl nptlonly offensive ogg opengl openmp pam pango pcre pdf perl png ppds python qt3support qt4 readline reflection sdl session spell spl sqlite sse sse2 sse3 ssl ssse3 startup-notification svg sysfs tcpd threads tiff truetype unicode usb vorbis webkit x264 xcb xml xorg xulrunner xv xvid zlib" ALSA_CARDS="hda-intel" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic auth_digest authn_anon authn_default authn_file authz_groupfile authz_host authz_owner authz_user autoindex cache deflate dir env expires ext_filter file_cache filter headers imagemap include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif so status suexec unique_id userdir usertrack vhost_alias fastcgi" APACHE2_MPMS="worker" ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en" QEMU_SOFTMMU_TARGETS="i386 x86_64" QEMU_USER_TARGETS="i386 x86_64" RUBY_TARGETS="ruby18" USERLAND="GNU" VIDEO_CARDS="intel" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" 
Unset:  CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, LC_ALL, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
Comment 1 Michael Weber (RETIRED) gentoo-dev 2010-06-09 15:23:09 UTC 
Hello JAck, can you please attach the complete build.log? Thanks
Comment 2 Jack Lloyd 2010-06-09 15:37:24 UTC 
Created attachment 234731 [details]
iptables-1.4.6 build log

Build log attached.

BTW, #s on the headers:

2.6.30:
ls /usr/include/linux/netfilter_ipv4 | wc -l
46

2.6.33:
ls /usr/include/linux/netfilter_ipv4 | wc -l
14
Comment 3 SpanKY gentoo-dev 2010-06-09 20:46:12 UTC 
not a bug in linux-headers.  this is what upstream linux wants.
Comment 4 Jack Lloyd 2010-06-09 21:02:16 UTC 
It looks like this was fixed upstream in January:

https://git.netfilter.org/cgi-bin/gitweb.cgi?p=iptables.git;a=commit;h=350661a6eb089f3e54e67e022db9e16ea280499f

So 1.4.7 and 1.4.8 should be OK, though I haven't tested. Perhaps a version mask is all that is required here.
Comment 5 SpanKY gentoo-dev 2010-06-09 21:08:55 UTC 
and 1.4.7 is in the tree already (for months at this point)
Comment 6 Jack Lloyd 2010-06-09 21:28:56 UTC 
How is this invalid? 1.4.6 still doesn't build
Comment 7 SpanKY gentoo-dev 2010-06-09 21:35:53 UTC 
you're breaking the system by mixing and matching stable and unstable
Comment 8 Jack Lloyd 2010-06-09 21:40:05 UTC 
And setting a DEPEND for !sys-kernel/linux-headers>=2.6.33 is that hard?
Comment 9 SpanKY gentoo-dev 2010-06-09 22:17:51 UTC 
we track two sets of trees synced to each other.  issues like this dont come up when things are tracked correctly.  by the time the kernel headers stabilize, iptables would stabilize as well.

so yes, it is a waste of time because fixing one of these encourages people to find & file more.
Comment 10 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2010-06-09 22:22:06 UTC 
vapier:
Having stable iptables NOT compile on a system that's otherwise ~arch system would be a good reason to have that blocker added.
Comment 11 SpanKY gentoo-dev 2010-06-09 22:34:01 UTC 
no, it isnt
Comment 12 Peter Volkov (RETIRED) gentoo-dev 2010-06-10 07:34:04 UTC 
Mike, I don't think it's hard to add such code to make people happy, so I've added it. But in general I agree this bug is INVALID: it's impossible to track stable/unstable matching and with this fix I'm not going event to pretend that something was improved in the tree. New packages enter ~arch on daily basis and similar breakages exist all over the tree and it's completely impossible to track them. That said, if users provide solution - I tend to apply it. Also note this fix will die very soon since I'm going to fill stabilization request for 1.4.8 as soon as time comes...
Comment 13 SpanKY gentoo-dev 2010-06-10 07:38:17 UTC 
i'm not inclined to even let a trickle in so as to avoid encouraging more.  think this is a good idea ?  then i look forward to the people running stable packages with unstable gcc and filing bugs about those too.  it's a terrible idea and the reason we have trackers/stabilization bugs in the first place.

but i'm not going to take it so far as to revert your changes to iptables if you were so inclined to spend the time to make it.
Comment 14 Jack Lloyd 2010-06-10 12:13:40 UTC 
BTW, it might be useful to update the documentation to mention that mixing stable and unstable 'breaks the system'. http://www.gentoo.org/doc/en/handbook/handbook-x86.xml?part=3&chap=3 for instance simply describes how to do it with zero caveats.
Comment 15 Peter Volkov (RETIRED) gentoo-dev 2010-06-11 11:14:27 UTC 
Jack, open a new bug for our documentation team to consider. I'm not sure that they'll add this since there is cation about ~arch in handbook, but IMO separate sentence about mixing could be given too. In any case this bug is not a place for such requests since we are not working on documentation. thanks.