Re: [OpenWrt-Devel] [PATCH RFC firewall3] musl-compat: avoid kernel header conflicts
On Sun, 6 Nov 2016 19:07:01 +0100 Szabolcs Nagywrote: > * Ralph Sennhauser [2016-11-06 10:59:43 > +0100]: > > The conflict between Musls net/if.h and linux/if.h is an old well > > known one and taken care of by a series of linux-headers patches in > > OpenWrt. Since Linux 4.8-rc5 Firewall3 also indirectly pulls in > > linux/in.h and linux/in6.h leading to new conflicts. > > can you check if > http://www.openwall.com/lists/musl/2016/10/18/1 > works for you? Hi That is an interesting find. It won't be able to magically fix all the packages but could help a lot in fixing them in a cleaner manner. Will take me a while to have a in depth look at this one and it's impact. Thou as it's suggested by Rich Felker I guess investing some of my time wont be wasted. Thanks Ralph ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] [PATCH RFC firewall3] musl-compat: avoid kernel header conflicts
Hi Jo On Sun, 6 Nov 2016 20:48:58 +0100 Jo-Philipp Wichwrote: > Hi again, > > > Will see if I find another solution... > > I managed to find a solution that works for me on a Linux 4.6.0 system > with glibc, a Linux 4.6.0 system with unpatched musl and a Linux 4.4 > system with patched kernel headers. > Well, this doesn't make it less dubious of a hack but as I'm the one who ultimately suggested such no complaints from me. Thanks for making it glibc compatible. > I pushed this change along with a few others that should aid in > portability to the repository now. > > Feedback appreciated. > > ~ Jo About xt_id, that's how I'd have done it from the start, so thumbs up on that one. Even less vendor lock-in. In fact after the last weeks changes you can take firewall3 to pretty much any Linux distro and it still be useful, well, while iptables still lasts that is. Ralph ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] [PATCH RFC firewall3] musl-compat: avoid kernel header conflicts
Hi again, > Will see if I find another solution... I managed to find a solution that works for me on a Linux 4.6.0 system with glibc, a Linux 4.6.0 system with unpatched musl and a Linux 4.4 system with patched kernel headers. I pushed this change along with a few others that should aid in portability to the repository now. Feedback appreciated. ~ Jo ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] [LEDE-DEV] [PATCH firewall3] iptables: optional loading of static extensions
Hi Ralph, I took the CMakeLists.txt change as-is but modified the rest to use no-op declarations of init_extensions{,4,6}() in order to avoid sprinkling too much ifdefs around. Thanks, Jo ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] [PATCH RFC firewall3] musl-compat: avoid kernel header conflicts
* Ralph Sennhauser[2016-11-06 10:59:43 +0100]: > The conflict between Musls net/if.h and linux/if.h is an old well known > one and taken care of by a series of linux-headers patches in OpenWrt. > Since Linux 4.8-rc5 Firewall3 also indirectly pulls in linux/in.h and > linux/in6.h leading to new conflicts. can you check if http://www.openwall.com/lists/musl/2016/10/18/1 works for you? ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] [PATCH RFC firewall3] musl-compat: avoid kernel header conflicts
Hi Ralph, unfortunately this breaks building on a glibc system for me: -- 8< -- $ make [ 7%] Building C object CMakeFiles/firewall3.dir/iptables.c.o In file included from /usr/include/linux/netfilter_ipv4.h:8:0, from /usr/include/linux/netfilter_ipv4/ip_tables.h:21, from /usr/include/libiptc/libiptc.h:12, from /home/jow/devel/firewall3.git/iptables.h:29, from /home/jow/devel/firewall3.git/iptables.c:19: /usr/include/linux/netfilter.h:75:18: error: field ‘in6’ has incomplete type struct in6_addr in6; ^~~ In file included from /usr/include/libiptc/libip6tc.h:12:0, from /home/jow/devel/firewall3.git/iptables.h:30, from /home/jow/devel/firewall3.git/iptables.c:19: /usr/include/linux/netfilter_ipv6/ip6_tables.h:63:18: error: field ‘src’ has incomplete type struct in6_addr src, dst; ^~~ /usr/include/linux/netfilter_ipv6/ip6_tables.h:63:23: error: field ‘dst’ has incomplete type struct in6_addr src, dst; ^~~ /usr/include/linux/netfilter_ipv6/ip6_tables.h:65:18: error: field ‘smsk’ has incomplete type struct in6_addr smsk, dmsk; ^~~~ /usr/include/linux/netfilter_ipv6/ip6_tables.h:65:24: error: field ‘dmsk’ has incomplete type struct in6_addr smsk, dmsk; ^~~~ In file included from /home/jow/devel/firewall3.git/iptables.h:38:0, from /home/jow/devel/firewall3.git/iptables.c:19: /home/jow/devel/firewall3.git/options.h:182:19: error: field ‘v6’ has incomplete type struct in6_addr v6; ^~ /home/jow/devel/firewall3.git/options.h:187:19: error: field ‘v6’ has incomplete type struct in6_addr v6; ^~ /home/jow/devel/firewall3.git/iptables.c: In function ‘rule_print6’: /home/jow/devel/firewall3.git/iptables.c:1131:48: error: invalid application of ‘sizeof’ to incomplete type ‘struct in6_addr’ if (memcmp(>ipv6.src, _any, sizeof(struct in6_addr))) ^~ /home/jow/devel/firewall3.git/iptables.c:1141:48: error: invalid application of ‘sizeof’ to incomplete type ‘struct in6_addr’ if (memcmp(>ipv6.dst, _any, sizeof(struct in6_addr))) ^~ CMakeFiles/firewall3.dir/build.make:350: recipe for target 'CMakeFiles/firewall3.dir/iptables.c.o' failed make[2]: *** [CMakeFiles/firewall3.dir/iptables.c.o] Error 1 CMakeFiles/Makefile2:67: recipe for target 'CMakeFiles/firewall3.dir/all' failed make[1]: *** [CMakeFiles/firewall3.dir/all] Error 2 Makefile:127: recipe for target 'all' failed make: *** [all] Error 2 -- >8 -- It seems that glibc stops declaring "struct in6_addr" itself as soon as one of "_UAPI_LINUX_IN6_H", "_UAPI_IPV6_H", "_LINUX_IN6_H" or "_IPV6_H" is defined and the kernel obviously does not define that struct either if its own guard is defined. Will see if I find another solution... ~ Jo ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [PATCH RFC firewall3] musl-compat: avoid kernel header conflicts
The conflict between Musls net/if.h and linux/if.h is an old well known one and taken care of by a series of linux-headers patches in OpenWrt. Since Linux 4.8-rc5 Firewall3 also indirectly pulls in linux/in.h and linux/in6.h leading to new conflicts. As Firewall3 is fine with just the libc headers prevent inclusion of the corresponding kernel headers. Signed-off-by: Ralph Sennhauser--- Jo, this certainly isn't the most elegant solution but at least it's immediately obvious what it is about. Firewall3 is one of only a few remaining packages still having issues with Musl and vanilla kernel and apart from netifd the only significant one in base. So fixing this issue one way or another is desirable. This is also the last issue that needs to be addressed for me to run vanilla Firewall3 again. Ralph iptables.h | 3 +++ options.h | 2 ++ 2 files changed, 5 insertions(+) diff --git a/iptables.h b/iptables.h index bcd302d..8e0089e 100644 --- a/iptables.h +++ b/iptables.h @@ -19,6 +19,9 @@ #ifndef __FW3_IPTABLES_H #define __FW3_IPTABLES_H +#define _LINUX_IF_H +#define _LINUX_IN_H +#define _LINUX_IN6_H #include #include #include diff --git a/options.h b/options.h index 6c9c0b2..307c5af 100644 --- a/options.h +++ b/options.h @@ -32,6 +32,8 @@ #include #include #include +#define _LINUX_IN_H +#define _LINUX_IN6_H #include #include -- 2.7.3 ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [PATCH firewall3] iptables: optional loading of static extensions
Make loading of static extensions optional to support vanilla iptables in it's default configuration by setting DISABLE_STATIC_EXTENSIONS instead of hackery. In case iptables is built with --disable-static libext.a, libext4.a and libext6.a which OpenWrt installs in the form of libiptext.so, libiptext4.so, libiptext6.so to save a couple more bytes are of no use or non-existent one could say. So this commit avoids requiring a tampered with iptables. Signed-off-by: Ralph Sennhauser--- CMakeLists.txt | 12 +--- iptables.c | 4 iptables.h | 2 ++ 3 files changed, 15 insertions(+), 3 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 00d1444..e2a88e7 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -7,11 +7,17 @@ SET(iptc_libs ip4tc) SET(CMAKE_SHARED_LIBRARY_LINK_C_FLAGS "") -LIST(APPEND ext_libs iptext) -LIST(APPEND ext_libs iptext4) +IF (NOT DISABLE_STATIC_EXTENSIONS) + LIST(APPEND ext_libs iptext) + LIST(APPEND ext_libs iptext4) + IF (NOT DISABLE_IPV6) +LIST(APPEND ext_libs iptext6) + ENDIF() +ELSE() + ADD_DEFINITIONS(-DDISABLE_STATIC_EXTENSIONS) +ENDIF() IF (NOT DISABLE_IPV6) - LIST(APPEND ext_libs iptext6) LIST(APPEND iptc_libs ip6tc) ELSE() ADD_DEFINITIONS(-DDISABLE_IPV6) diff --git a/iptables.c b/iptables.c index fc22d1a..66baa0a 100644 --- a/iptables.c +++ b/iptables.c @@ -69,6 +69,7 @@ get_kernel_version(void) kernel_version = 0x1 * x + 0x100 * y + z; } +#ifndef DISABLE_STATIC_EXTENSIONS static void fw3_init_extensions(void) { init_extensions(); @@ -78,6 +79,7 @@ static void fw3_init_extensions(void) init_extensions6(); #endif } +#endif struct fw3_ipt_handle * fw3_ipt_open(enum fw3_family family, enum fw3_table table) @@ -117,7 +119,9 @@ fw3_ipt_open(enum fw3_family family, enum fw3_table table) } fw3_xt_reset(); +#ifndef DISABLE_STATIC_EXTENSIONS fw3_init_extensions(); +#endif if (xext.register_match) for (i = 0; i < xext.mcount; i++) diff --git a/iptables.h b/iptables.h index bcd302d..23f8c03 100644 --- a/iptables.h +++ b/iptables.h @@ -42,10 +42,12 @@ # error "Unsupported xtables version" #endif +#ifndef DISABLE_STATIC_EXTENSIONS /* libipt*ext.so interfaces */ extern void init_extensions(void); extern void init_extensions4(void); extern void init_extensions6(void); +#endif /* Required by certain extensions like SNAT and DNAT */ extern int kernel_version; -- 2.7.3 ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel