Closed xtaran closed 3 years ago
That ref_module
issue might be a compile-time option related issue or missing #include
statements or such. I though suspect that the fix in 5aae3791922bd3df878605b15e83ea48a4bd096c and ipt_NETFLOW
is the right way to fix this, at least in short terms, just with some more version checks for long-term support kernels where this has crept in, too. Not sure if that suffices, though. Will dig deeper later today.
Thanks. Yes, seems it needs some auto-detection checks.
That
ref_module
issue might be a compile-time option related issue or missing#include
statements or such. I though suspect that the fix in 5aae379 andipt_NETFLOW
is the right way to fix this
Nope, I was wrong here. As Salvatore Bonaccorso (@carnil) of the Debian Kernel Team pointed out (Thanks!) the actual fix is adfc631816ea690cbf53c03a9f40b6c4c5be0a21 for kernel 5.9. So it's actually the resurfacing of #153, just with an older kernel version.
And I forgot that the Debian package of 2.5.1 already has that fix, but it so far is not enabled for kernels below 5.9, so that's the reason why the 2.5.1 Debian package didn't work with that kernel, despite I cherry-picked that patch.
For the Debian package, I will try to backport that fix to ipt_NETFLOW
2.3 and update the conditional. It though might be a good idea to expand that conditional generally for those kernel versions where https://github.com/torvalds/linux/commit/7ef5264de773279b9f23b6cc8afb5addb30e970b got backported. I'm though so far only aware of the 4.19 line of stable kernels.
So, I don't change anything?
So, I don't change anything?
The following sentence might have been hidden inmidst a paragraph of mine. I think this should change for ipt_NETFLOW
generally, not just in the Debian package:
It though might be a good idea to expand that conditional generally for those kernel versions where torvalds/linux@7ef5264 got backported.
Here I refered to this #if
:
#if LINUX_VERSION_CODE >= KERNEL_VERSION(5,9,0)
I imagine something like this (syntax might not be correct, i.e. untested):
#if LINUX_VERSION_CODE >= KERNEL_VERSION(5,9,0) || ( LINUX_VERSION_CODE >= KERNEL_VERSION(4,19,191) && LINUX_VERSION_CODE < KERNEL_VERSION(4,10,0)
I will do that for the Debian package in Debian stable, too, but I'll focus on those kernel versions provided by Debian. So my patch will catch some kernel versions where this got backported to, but maybe not all of them. I'm also not sure how to figure out to which kernel lines this got or gets backported.
Hi
So, I don't change anything?
The following sentence might have been hidden inmidst a paragraph of mine. I think this should change for
ipt_NETFLOW
generally, not just in the Debian package:It though might be a good idea to expand that conditional generally for those kernel versions where torvalds/linux@7ef5264 got backported.
Here I refered to this
#if
:#if LINUX_VERSION_CODE >= KERNEL_VERSION(5,9,0)
I imagine something like this (syntax might not be correct, i.e. untested):
#if LINUX_VERSION_CODE >= KERNEL_VERSION(5,9,0) || ( LINUX_VERSION_CODE >= KERNEL_VERSION(4,19,191) && LINUX_VERSION_CODE < KERNEL_VERSION(4,10,0)
I will do that for the Debian package in Debian stable, too, but I'll focus on those kernel versions provided by Debian. So my patch will catch some kernel versions where this got backported to, but maybe not all of them. I'm also not sure how to figure out to which kernel lines this got or gets backported.
There where (so far) the following stable series which contained the change (plus mailine in 5.9-rc1):
v4.14.233: 52d03d9947ad805651b5fa5289f75a387756f36b modules: mark ref_module static v4.19.191: 8745aa4e018e4159f8c49d9689251f51fd0a15e0 modules: mark ref_module static v5.4.118: 6e38daf2e5db63611fa52ba57b9089d3be1a345d modules: mark ref_module static v5.9-rc1: 7ef5264de773279b9f23b6cc8afb5addb30e970b modules: mark ref_module static
Thanks, I'm going to fix this ASAP!
I just pushed commit that should fix this issue. Would be grateful for testing it. Thanks.
Thanks @carnil and @aabc!
Was just starting to extend adfc631 with a more complex #if
, but @aabc's solution in 352cdb2 seems to be a much simpler fix. Will test that one and otherwise propose a different one. (Will probably need to merge adfc631 and 352cdb2 into a single patch for patching 2.3 in Debian 10 Buster (current stable), but will also try to test git HEAD.)
Thanks!
(Note: This might sound similar to #176, but the reason for compile failures seem completely different.)
Debian has updated their kernel in Debian 10 Buster (currently "stable") from 4.19.181 to 4.19.194 and since then, both
ipt_NETFLOW
2.3 (as shipped with Debian 10 Buster) as well asipt_NETFLOW
2.5.1 (as shipped with the upcoming Debian 11) both no more compile against the most recent 4.19.x kernel in Debian 10.It errors out as follows with
ipt_NETFLOW
2.5.1 on x86_64 aka amd64:And with
ipt_NETFLOW
2.3 on i686 (akai386
on Debian for historic reasons; initially detected here):Reason for this seems to be these entries in the upstream Linux changelog for kernel 4.19.191:
Cause is probably the first line of it which comes from commit torvalds/linux@8745aa4e018e4159f8c49d9689251f51fd0a15e0:
Reading the reason for this change sounds as if this could be a bug in either
ipt_NETFLOW
or the Linux kernel. Not sure.Update: This issue is also tracked in the Debian Bug Tracking System as #990123.