Patchwork iptables: link libxtables against libnetfilter_conntrack

login
register
mail settings
Submitter Florian Westphal
Date Aug. 13, 2013, 1:59 p.m.
Message ID <20130813135932.GJ29345@breakpoint.cc>
Download mbox | patch
Permalink /patch/266804/
State Not Applicable
Headers show

Comments

Florian Westphal - Aug. 13, 2013, 1:59 p.m.
Gustavo Zacarias <gustavo@zacarias.com.ar> wrote:
> When libnetfilter_conntrack is available libxtables needs to link
> against it otherwise we get build failures.

Only with --enable-static, right?
Can you make it conditional on ENABLE_STATIC, like this?

--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Gustavo Zacarias - Aug. 13, 2013, 2:19 p.m.
On 08/13/2013 10:59 AM, Florian Westphal wrote:

> Only with --enable-static, right?
> Can you make it conditional on ENABLE_STATIC, like this?

Not really, it's failing for a dynamic build as well, remember binutils
2.22+ defaults to --no-copy-dt-needed (it's patched away in many
distributions to avoid the general package build breakage).
It's failing for me on a buildroot cross build which doesn't patch binutils.
Regards.

-----

/bin/sh ../libtool --tag=CC   --mode=link
/home/gustavoz/b/net/output/host/usr/bin/i686-pc-linux-gnu-gcc -Wall
-Waggregate-return -Wmissing-declarations    -Wmissing-prototypes
-Wredundant-decls -Wshadow -Wstrict-prototypes         -Winline -pipe
-DALL_INCLUSIVE -DENABLE_IPV4 -DENABLE_IPV6 -pipe -Os    -o
xtables-multi xtables_multi-xtables-multi.o xtables_multi-iptables-xml.o
xtables_multi-iptables-save.o xtables_multi-iptables-restore.o
xtables_multi-iptables-standalone.o xtables_multi-iptables.o
xtables_multi-ip6tables-save.o xtables_multi-ip6tables-restore.o
xtables_multi-ip6tables-standalone.o xtables_multi-ip6tables.o
xtables_multi-xshared.o ../extensions/libext.a ../libiptc/libip4tc.la
../extensions/libext4.a ../libiptc/libip6tc.la ../extensions/libext6.a
../libxtables/libxtables.la -lm
libtool: link:
/home/gustavoz/b/net/output/host/usr/bin/i686-pc-linux-gnu-gcc -Wall
-Waggregate-return -Wmissing-declarations -Wmissing-prototypes
-Wredundant-decls -Wshadow -Wstrict-prototypes -Winline -pipe
-DALL_INCLUSIVE -DENABLE_IPV4 -DENABLE_IPV6 -pipe -Os -o xtables-multi
xtables_multi-xtables-multi.o xtables_multi-iptables-xml.o
xtables_multi-iptables-save.o xtables_multi-iptables-restore.o
xtables_multi-iptables-standalone.o xtables_multi-iptables.o
xtables_multi-ip6tables-save.o xtables_multi-ip6tables-restore.o
xtables_multi-ip6tables-standalone.o xtables_multi-ip6tables.o
xtables_multi-xshared.o  ../extensions/libext.a
../libiptc/.libs/libip4tc.so ../extensions/libext4.a
../libiptc/.libs/libip6tc.so ../extensions/libext6.a
../libxtables/.libs/libxtables.so -lm -Wl,-rpath
-Wl,/home/gustavoz/b/net/output/build/iptables-1.4.20/libiptc/.libs
-Wl,-rpath
-Wl,/home/gustavoz/b/net/output/build/iptables-1.4.20/libxtables/.libs
../extensions/libext.a(libxt_connlabel.o): In function `connlabel_get_name':
libxt_connlabel.c:(.text+0xe): undefined reference to
`nfct_labelmap_get_name'
../extensions/libext.a(libxt_connlabel.o): In function `connlabel_mt_parse':
libxt_connlabel.c:(.text+0x6a): undefined reference to
`nfct_labelmap_get_bit'
../extensions/libext.a(libxt_connlabel.o): In function
`libxt_connlabel_init':
libxt_connlabel.c:(.text+0x1ab): undefined reference to `nfct_labelmap_new'
collect2: error: ld returned 1 exit status
make[3]: *** [xtables-multi] Error 1

-----
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Florian Westphal - Aug. 13, 2013, 3:32 p.m.
Gustavo Zacarias <gustavo@zacarias.com.ar> wrote:
> On 08/13/2013 10:59 AM, Florian Westphal wrote:
> 
> > Only with --enable-static, right?
> > Can you make it conditional on ENABLE_STATIC, like this?
> 
> Not really, it's failing for a dynamic build as well, remember binutils
> 2.22+ defaults to --no-copy-dt-needed (it's patched away in many
> distributions to avoid the general package build breakage).
> It's failing for me on a buildroot cross build which doesn't patch binutils.

I can't reproduce it using ld 2.23.1, even with "-Wl,--no-copy-dt-needed-entries".

Why does libxtables depend on lnf-conntrack?  And why don't you need to add
libm explicitly?

> -DALL_INCLUSIVE -DENABLE_IPV4 -DENABLE_IPV6 -pipe -Os -o xtables-multi
[..]
> ../extensions/libext.a(libxt_connlabel.o): In function `connlabel_get_name':
> libxt_connlabel.c:(.text+0xe): undefined reference to
> `nfct_labelmap_get_name'
> ../extensions/libext.a(libxt_connlabel.o): In function `connlabel_mt_parse':
> libxt_connlabel.c:(.text+0x6a): undefined reference to
> `nfct_labelmap_get_bit'
> ../extensions/libext.a(libxt_connlabel.o): In function
> `libxt_connlabel_init':
> libxt_connlabel.c:(.text+0x1ab): undefined reference to `nfct_labelmap_new'
> collect2: error: ld returned 1 exit status
> make[3]: *** [xtables-multi] Error 1

Yes, but that is with --enable-static.

The Makefile handles it correctly for statistics and rateest extensions
(it adds -lm) but not for the connlabel extension.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Gustavo Zacarias - Aug. 13, 2013, 4:36 p.m.
On 08/13/2013 12:32 PM, Florian Westphal wrote:

> I can't reproduce it using ld 2.23.1, even with "-Wl,--no-copy-dt-needed-entries".
> 
> Why does libxtables depend on lnf-conntrack?  And why don't you need to add
> libm explicitly?

Actually it doesn't, i've patched in the wrong place even though it
"fixed it" - i'll send a V2 patching xtables-multi instead.

> Yes, but that is with --enable-static.
> 
> The Makefile handles it correctly for statistics and rateest extensions
> (it adds -lm) but not for the connlabel extension.

You can have both --enable-static and --enable-shared at the same time.
It's added in iptables/Makefile* hence my first point, i was barking at
the wrong place :)
Regards.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Patch

diff --git a/libxtables/Makefile.am b/libxtables/Makefile.am
index c5795fe..3de2e15 100644
--- a/libxtables/Makefile.am
+++ b/libxtables/Makefile.am
@@ -11,6 +11,9 @@  if ENABLE_STATIC
 # With --enable-static, shipped extensions are linked into the main executable,
 # so we need all the LIBADDs here too
 libxtables_la_LIBADD += -lm
+if HAVE_LIBNETFILTER_CONNTRACK
+libxtables_la_LIBADD += @libnetfilter_conntrack_LIBS@
+endif
 endif
 if ENABLE_SHARED
 libxtables_la_CFLAGS  = ${AM_CFLAGS}