[Debian] Re: lenny updates (netfilter)

Ola Lundqvist ola at inguza.com
Tue Mar 17 01:05:41 EDT 2009 

Hi Kir

After adding this patch it did not build, which is quite obvious because when I read the
features/all/openvz/0047-netfilter-Fix-NULL-dereference-in-nf_nat_setup_info.patch
patch file it tells that it creates the table there.

  CC [M]  net/ipv4/ipvs/ip_vs_ftp.o
  LD      net/ipv4/netfilter/built-in.o
  CC [M]  net/ipv4/netfilter/nf_nat_rule.o
  CC [M]  net/ipv4/netfilter/nf_nat_standalone.o
net/ipv4/netfilter/nf_nat_standalone.c: In function ‘nf_nat_local_in’:
net/ipv4/netfilter/nf_nat_standalone.c:166: error: ‘struct netns_ipv4’ has no member named ‘iptable_nat’
net/ipv4/netfilter/nf_nat_standalone.c: In function ‘nf_nat_in’:
net/ipv4/netfilter/nf_nat_standalone.c:182: error: ‘struct netns_ipv4’ has no member named ‘iptable_nat’
net/ipv4/netfilter/nf_nat_standalone.c: In function ‘nf_nat_out’:
net/ipv4/netfilter/nf_nat_standalone.c:207: error: ‘struct netns_ipv4’ has no member named ‘iptable_nat’
net/ipv4/netfilter/nf_nat_standalone.c: In function ‘nf_nat_local_fn’:
net/ipv4/netfilter/nf_nat_standalone.c:243: error: ‘struct netns_ipv4’ has no member named ‘iptable_nat’
make[5]: *** [net/ipv4/netfilter/nf_nat_standalone.o] Fel 1
make[4]: *** [net/ipv4/netfilter] Fel 2
make[3]: *** [net/ipv4] Fel 2
make[2]: *** [net] Fel 2
make[2]: Leaving directory `/home/ola/build/debian/kernel/linux-2.6-2.6.26/debian/build/build_i386_openvz_686'
make[1]: *** [debian/stamps/build_i386_openvz_686_plain] Fel 2
make[1]: Leaving directory `/home/ola/build/debian/kernel/linux-2.6-2.6.26'
make: *** [binary-arch_i386_openvz_686_real] Fel 2

As I understand the 0047* patch is a potential ABI breaker which means that I can not
include 0048* for now.

Initiating a new build now.

Best regards,

// Ola

On Mon, Mar 16, 2009 at 09:23:34PM +0100, Ola Lundqvist wrote:
> On Mon, Mar 16, 2009 at 02:13:24PM +0300, Kir Kolyshkin wrote:
> [...]
> > >The double alloc should not be too much of a problem (or?), but the double 
> > >free, I assume, can result
> > >in real problems, right?
> > >  
> > 
> > Right. Tables are leaked.
> 
> Ok.
>  
> [...]
> > >>http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=b405aed753ac48a46e66cccfd0a37006fd11feb8
> > >>netfilter: Add check to the nat hooks
> > >>OpenVZ Bug #1051 (http://bugzilla.openvz.org/1051). Might be an ABI 
> > >>breaker.
> > >>Attached as 0048*
> > >>    
> > >
> > >Is it this part that you are worried about for the ABI breakage?
> > >
> > > 	/* After packet filtering, change source */
> > > 	{
> > >-		.hook		= nf_nat_fn,
> > >+		.hook		= nf_nat_local_in,
> > > 		.owner		= THIS_MODULE,
> > > 		.pf		= PF_INET,
> > > 		.hooknum	= NF_INET_LOCAL_IN,
> > >  
> > 
> > I'm not sure why I wrote that. It doesn't look like an ABI breaker.
> > 
> 
> Ok. Adding this for next patch proposal.
> 
> Best regards,
> 
> // Ola
> 
> -- 
>  --- Inguza Technology AB --- MSc in Information Technology ----
> /  ola at inguza.com                    Annebergsslingan 37        \
> |  opal at debian.org                   654 65 KARLSTAD            |
> |  http://inguza.com/                Mobile: +46 (0)70-332 1551 |
> \  gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9  /
>  ---------------------------------------------------------------
> 

-- 
 --- Inguza Technology AB --- MSc in Information Technology ----
/  ola at inguza.com                    Annebergsslingan 37        \
|  opal at debian.org                   654 65 KARLSTAD            |
|  http://inguza.com/                Mobile: +46 (0)70-332 1551 |
\  gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9  /
 ---------------------------------------------------------------

More information about the Debian mailing list