ip_conntrack_pptp.ko needs unknown symbol __ip_conntrack_expect_find

Greg Scott GregScott at InfraSupportEtc.com
Tue Aug 30 14:23:59 CEST 2005 

So does anyone have any ideas how to deal with this problem?  It seems
to be effecting lots of people and I've done everything I know how to
document and troubleshoot it.  

Here is a short summary of the problem:
> ip_conntrack_pptp.ko needs unknown symbol __ip_conntrack_expect_find

Details below

Thanks

- Greg Scott



-----Original Message-----
From: Greg Scott 
Sent: Sunday, August 28, 2005 6:07 PM
To: 'netfilter at lists.netfilter.org'
Subject: Problems building ip_conntrack_pptp with kernel 2.6.12.5; and
what does nfnetlink do?

Hi all - 

I am trying to build a 2.6.12.5 kernel with the patch-o-matic-20050825
pptp patches.  Make modules dies with this problem:

WARNING:
/lib/modules/2.6.12.5fw20/kernel/net/ipv4/netfilter/ip_conntrack_pptp.ko
needs unknown symbol __ip_conntrack_expect_find

I edited the EXTRAVERSION line in Makefile and I started with the
.config file that came with RedHat fc4 and 2.6.11-1.  I updated my copy
of .config with make oldconfig.  

This is how I put in the PPTP and other patch-o-matic patches:

cd /usr/src/patch-o-matic-ng-20050825

./runme --batch connlimit
##./runme --ip_contrack_count (Not in the .tar file) 
./runme --batch iprange 
./runme --batch mport (multiport match - deprecated soon) 
./runme --batch psd

./runme --batch comment
./runme --batch h323-conntrack-nat
##./runme --batch ipp2p (Not in the .tar file) ./runme --batch
pptp-conntrack-nat

I did some more detective work.  A google search led me to a suggestion
that the ip_conntrack__pptp patch now depends on another patch called
nfnetlink.  So I went to my copy of the expanded POM tree and looked.
Here is what I found:

[root at gsgv-fw nfnetlink]# pwd
/usr/src/patch-o-matic-ng-20050825/patchlets/nfnetlink
[root at gsgv-fw nfnetlink]# cd ..
[root at gsgv-fw patchlets]# grep -R ip_conntrack_expect_find * 
ctnetlink/linux-2.6.patch:+__ip_conntrack_expect_find(const struct
ip_conntrack_tuple *tuple) 
ctnetlink/linux-2.6.patch:+ip_conntrack_expect_find_get(const struct
ip_conntrack_tuple *tuple)
ctnetlink/linux-2.6.patch:+     i = __ip_conntrack_expect_find(tuple);
ctnetlink/linux-2.6.patch:+EXPORT_SYMBOL(__ip_conntrack_expect_find);
ctnetlink/linux-2.6.patch:+EXPORT_SYMBOL(ip_conntrack_expect_find_get);
ctnetlink/linux-2.6.patch:+__ip_conntrack_expect_find(const struct
ip_conntrack_tuple *tuple); 
ctnetlink/linux-2.6.patch:+ip_conntrack_expect_find_get(const struct
ip_conntrack_tuple *tuple);
ctnetlink/linux-2.6.11/net/ipv4/netfilter/ip_conntrack_netlink.c:
exp = ip_conntrack_expect_find_get(tuple);
ctnetlink/linux-2.6.11/net/ipv4/netfilter/ip_conntrack_netlink.c:
exp = ip_conntrack_expect_find_get(tuple);
ctnetlink/linux-2.6.11/net/ipv4/netfilter/ip_conntrack_netlink.c:
exp = __ip_conntrack_expect_find(tuple);
netfilter-docbook/linux-2.4.patch: ip_conntrack_expect_find_get(const
struct ip_conntrack_tuple *tuple)
netfilter-docbook/linux-2.6.patch: ip_conntrack_expect_find_get(const
struct ip_conntrack_tuple *tuple)
nfnetlink-ctnetlink-0.13/linux-2.6.patch:+      exp =
ip_conntrack_expect_find_get(tuple);
nfnetlink-ctnetlink-0.13/linux-2.6.patch:+      exp =
ip_conntrack_expect_find_get(tuple);
nfnetlink-ctnetlink-0.13/linux.patch: ip_conntrack_expect_find_get(const
struct ip_conntrack_tuple *tuple)
nfnetlink-ctnetlink-0.13/linux.patch:
EXPORT_SYMBOL_GPL(ip_conntrack_expect_find_get);
nfnetlink-ctnetlink-0.13/linux/net/ipv4/netfilter/nfnetlink_conntrack.c:
exp = ip_conntrack_expect_find_get(tuple);
nfnetlink-ctnetlink-0.13/linux/net/ipv4/netfilter/nfnetlink_conntrack.c:
exp = ip_conntrack_expect_find_get(tuple);
pptp-conntrack-nat/linux-2.6.11/net/ipv4/netfilter/ip_conntrack_pptp.c:
exp = __ip_conntrack_expect_find(t);
[root at gsgv-fw patchlets]# 

Based on the above, it looks like ctnetlink defines and exports the
missing symbol.  A look at the info for ctnetlink tells me it depends on
nfnetlink.  I see two, maybe three choices for nfnetlink:  These are,
nfnetlink, nfnetlink-ctnetlink-0.13, and nfnetlink_queue.

The info for nfnetliink-ctnetlink-0.13 says this one is deprecated.
Although recursive grep above shows that nfnetlink-ctnetlink mentions
the missing symbol, its deffinitions may be obsolete.  

The info for nfnetlink_queue says it depends on nfnetlink. 

The info for nfnetlink only says it depends on a kernel >= 2.6.0.  And
the info for all these modules is maddening because it  does not tell me
what they do!

I decided to add nfnetlink and ctnetlink to the list of POM patches I
use and try another kernel build.  

The nfnetlink patch went in with no problems.  But ctnetlink gave me
this:

Testing ctnetlink... not applied
The ctnetlink patch:
   Author: Jay Schulist, Harald Welte, Patrick McHardy, et.al.
   Status: Stable

newfile: 4 files in our way, unable to apply ERROR (6 rejects out of 48
hunks)
-----------------------------------------------------------------
Do you want to apply this patch [N/y/t/f/a/r/b/w/q/?] n


I said no - the last thing I want is to put in a messed up patch!

So now I am stuck again.  

Is there some order in which I should apply these patches?  Am I
applying the correct patches?  How do we add the pptp patches these
days???

Thanks

- Greg Scott
  GregScott at InfraSupportEtc.com
  USA cell phone 1-651-260-1051

More information about the netfilter mailing list