Message ID | 1445257360-31923-1-git-send-email-patrickdepinguin@gmail.com |
---|---|
State | Accepted |
Commit | 228bdab4344f751ef44bd18033b950376e42ad16 |
Headers | show |
>>>>> "Thomas" == Thomas De Schampheleire <patrickdepinguin@gmail.com> writes: > From: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com> > In iptables versions 1.4.20 and 1.4.21, any call to iptables > would generate a message > cannot open connlabel.conf, not registering 'connlabel' match: No > such file or directory Committed, thanks. Do you see this with mainline buildroot? We do pass --disable-static for !BR2_STATIC_LIBS builds, so I'm not sure how it could trigger for your? But the fix does make sense for completely static builds.
On Mon, Oct 19, 2015 at 5:01 PM, Peter Korsgaard <peter@korsgaard.com> wrote: >>>>>> "Thomas" == Thomas De Schampheleire <patrickdepinguin@gmail.com> writes: > > > From: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com> > > In iptables versions 1.4.20 and 1.4.21, any call to iptables > > would generate a message > > > cannot open connlabel.conf, not registering 'connlabel' match: No > > such file or directory > > Committed, thanks. > > Do you see this with mainline buildroot? We do pass --disable-static for > !BR2_STATIC_LIBS builds, so I'm not sure how it could trigger for your? > > But the fix does make sense for completely static builds. We noticed this problem after upgrading to a newer buildroot version a few releases back (but never sent that patch to buildroot until now). We are not using a static build, nor did we make changes to iptables.mk here. I don't really know why the author of the patch mentioned static in the commit message. Maybe he is not referring to 'static' in the sense that Buildroot does. Anyway, we were thus seeing this message with standard iptables calls on a standard system. /Thomas
>>>>> "Thomas" == Thomas De Schampheleire <patrickdepinguin@gmail.com> writes: Hi, >> Do you see this with mainline buildroot? We do pass --disable-static for >> !BR2_STATIC_LIBS builds, so I'm not sure how it could trigger for your? >> >> But the fix does make sense for completely static builds. > We noticed this problem after upgrading to a newer buildroot version a > few releases back (but never sent that patch to buildroot until now). > We are not using a static build, nor did we make changes to > iptables.mk here. > I don't really know why the author of the patch mentioned static in > the commit message. Maybe he is not referring to 'static' in the sense > that Buildroot does. As far as I read the mail it is about configuring iptables with --enable-static > Anyway, we were thus seeing this message with standard iptables calls > on a standard system. But with a Buildroot version not including: commit 9f13ddf3bab51ae762b82ce9f767ac1abcdb7b2e Author: Gustavo Zacarias <gustavo@zacarias.com.ar> Date: Tue Oct 21 13:58:14 2014 -0300 iptables: disable static for dynamic builds It leads to ugly runtime warnings, see: http://patchwork.ozlabs.org/patch/386215/ It's also required for xtables-addons. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> Right?
On Oct 19, 2015 9:13 PM, "Peter Korsgaard" <peter@korsgaard.com> wrote: > > >>>>> "Thomas" == Thomas De Schampheleire <patrickdepinguin@gmail.com> writes: > > Hi, > > >> Do you see this with mainline buildroot? We do pass --disable-static for > >> !BR2_STATIC_LIBS builds, so I'm not sure how it could trigger for your? > >> > >> But the fix does make sense for completely static builds. > > > We noticed this problem after upgrading to a newer buildroot version a > > few releases back (but never sent that patch to buildroot until now). > > We are not using a static build, nor did we make changes to > > iptables.mk here. > > I don't really know why the author of the patch mentioned static in > > the commit message. Maybe he is not referring to 'static' in the sense > > that Buildroot does. > > As far as I read the mail it is about configuring iptables with > --enable-static > > > Anyway, we were thus seeing this message with standard iptables calls > > on a standard system. > > But with a Buildroot version not including: > > commit 9f13ddf3bab51ae762b82ce9f767ac1abcdb7b2e > Author: Gustavo Zacarias <gustavo@zacarias.com.ar> > Date: Tue Oct 21 13:58:14 2014 -0300 > > iptables: disable static for dynamic builds > > It leads to ugly runtime warnings, see: > http://patchwork.ozlabs.org/patch/386215/ > It's also required for xtables-addons. > > Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> > Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr> > Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> > > Right? Makes sense, we were updating from 2013.05 to 2014.05 back then. I wasn't aware of the above patch. It means that for our use case, we wouldn't need it any more (we're on 2015.05 now). Thanks for refreshing that for me :) /Thomas
diff --git a/package/iptables/0006-fix-connlabel-conf-warning.patch b/package/iptables/0006-fix-connlabel-conf-warning.patch new file mode 100644 index 0000000..872dcb1 --- /dev/null +++ b/package/iptables/0006-fix-connlabel-conf-warning.patch @@ -0,0 +1,72 @@ +From 825fbda5482a7d5ec5a6619c81fe07ff865c7d6e Mon Sep 17 00:00:00 2001 +From: Florian Westphal <fw@strlen.de> +Date: Fri, 5 Sep 2014 20:45:56 +0200 +Subject: extensions: libxt_connlabel: do not open config file from _init hook + +else, static builds will print this for every iptables invocation, +even 'iptables -L'. Delay open until we need to translate a mapping. + +Reported-by: Thomas De Schampheleire <patrickdepinguin@gmail.com> +Signed-off-by: Florian Westphal <fw@strlen.de> +[Thomas De Schampheleire: import unchanged into Buildroot] +Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com> + +diff --git a/extensions/libxt_connlabel.c b/extensions/libxt_connlabel.c +index c84a167..1f83095 100644 +--- a/extensions/libxt_connlabel.c ++++ b/extensions/libxt_connlabel.c +@@ -29,11 +29,26 @@ static const struct xt_option_entry connlabel_mt_opts[] = { + XTOPT_TABLEEND, + }; + ++/* cannot do this via _init, else static builds might spew error message ++ * for every iptables invocation. ++ */ ++static void connlabel_open(void) ++{ ++ if (map) ++ return; ++ ++ map = nfct_labelmap_new(NULL); ++ if (!map && errno) ++ xtables_error(RESOURCE_PROBLEM, "cannot open connlabel.conf: %s\n", ++ strerror(errno)); ++} ++ + static void connlabel_mt_parse(struct xt_option_call *cb) + { + struct xt_connlabel_mtinfo *info = cb->data; + int tmp; + ++ connlabel_open(); + xtables_option_parse(cb); + + switch (cb->entry->id) { +@@ -54,7 +69,11 @@ static void connlabel_mt_parse(struct xt_option_call *cb) + + static const char *connlabel_get_name(int b) + { +- const char *name = nfct_labelmap_get_name(map, b); ++ const char *name; ++ ++ connlabel_open(); ++ ++ name = nfct_labelmap_get_name(map, b); + if (name && strcmp(name, "")) + return name; + return NULL; +@@ -114,11 +133,5 @@ static struct xtables_match connlabel_mt_reg = { + + void _init(void) + { +- map = nfct_labelmap_new(NULL); +- if (!map) { +- fprintf(stderr, "cannot open connlabel.conf, not registering '%s' match: %s\n", +- connlabel_mt_reg.name, strerror(errno)); +- return; +- } + xtables_register_match(&connlabel_mt_reg); + } +-- +cgit v0.10.1 +