iptables and patch-o-matic compilation errors with fedora core 4

Jorge Davila davila at nicaraguaopensource.com
Tue Mar 14 14:48:20 CET 2006 

uhm ... I was fighting with the same problem some weeks ago.

My solution was a vanilla kernel and use gcc 3.3 with iptables 1.3.5.
This for fc4.

Hope this help.

Jorge.

El mar, 14-03-2006 a las 10:56 +0100, thierry itty escribió:
> Hello
> I've an "out-of-the-box" fedora core 4 (standard i686 on either amd or 
> pentium)
> I want to apply gre and pptp patches to netfilter
> 
> I install the kernel sources and rebuild the binaries :
> 
> rpm -Uvh kernel-2.6.11-1.1369_FC4.src.rpm
> rpmbuild -bp --target=i686 /usr/src/redhat/SPECS/kernel-2.6.spec
> cd /usr/src/redhat/BUILD/kernel-2.6.11-1/linux-2.6.11-1
> cp configs/kernel-2.6.11-1.i686.config ./.config
> make menuconfig (just to check)
> make
> 
> the kernel build ok (with some warnings here and there but nothing 
> unusual...)
> I make it visible :
> ln -s /usr/src/redhat/BUILD/kernel-2.6.11-1/linux-2.6.11-1 /usr/src/linux
> 
> I install the iptables sources
> rpm -Uvh iptables-1.3.0-2.src.rpm
> rpmbuild -bp --target=i686 /usr/src/redhat/SPECS/iptables.spec
> 
> when i compile
> cd /usr/src/redhat/BUILD/iptables-1.3.0
> make
> 
> I get the following error several times
> /usr/src/linuc/include/linux/config.h:6:2 error : #error including 
> kernel header in userspace; use the glibc headers instead!
> 
> After googling a while, I see that some people have solved this by just 
> removing the test that triggers the error in 
> /usr/src/linux/include/linx/config.h (file which is brought by the 
> kernel source package installation + prep by the symlink made just 
> before, which should thus be "the right one"), this test reads
> #if !defined (__KERNEL__) && !defined(__KERNGLUE__)
> #error including kernel header in userspace; use the glibc headers instead!
> #endif
> 
> I really don't see where's my error, and I wonder wether this is the 
> right way for recompiling FC4 packages...
> 
> Actually, I do need to do this because we have to handle several pptp 
> vpns going throught this machine, and i have to apply pptp and h323 
> helpers patches from patch-o-matic
> 
> If I do as I saw (modify the config.h source to remove the test), 
> iptables compiles but we are unable to handle pptp vpns (we were used to 
> do that with 2.4 kernels and it works fine), modprobe and rmmod go in 
> endless loops, and so on...
> 
> With a little more googling, I saw that userspace applications (iptables 
> in this case) should not use kernel headers, but glibc ones instead, 
> hence the error, and since the 2.6 kernel releases, this looks more like 
> a mus than a should. So, another solution I found was to remove the 
> "-I$(KERNEL_DIR)/include" from iptables' Makefile...
> 
> Doing so, iptables begins to compile, but stops quickly after a 
> "linux/netfilter_ipv4/ipt_CLUSTERIP.h" missing file error
> I see that the include files iptables uses this way are provided by 
> glibc-kernheaders-2.4.-9.1.94, standard version for FC4, but those files 
> look three years old and obviously recent netfilter stuff isn't present 
> within (to say nothing about the remainder), and making compile to abort
> 
> Some more googling, until I find a post which says that to compile 
> iptables without using the kernel headers I have to install 
> "linux-libc-headers" that are a brand of userspace kernel headers. Ok, 
> let's give it a try : I restore iptables' original makefile (with 
> -I$(KERNEL_DIR)/include) and export a KERNEL_DIR environment variable 
> set to the directory where I untared linux-libc-headers, and I (after a 
> make clean) I start a new make.
> Fine, iptables compiles successfully
> 
> But now comes the big question : when I'll apply pptp and h323 patches 
> from p-o-m, I can direct KERNEL_DIR to either the true kernel source 
> directory or to this new "headers only" directory, but obviously not 
> both. So I'll get either the kernel sources patched, which is necessary 
> to build a patched kernel, or I'll get the headers patched, which is 
> necessary to build iptables, but how will I be able to build both ???
> 
> So to conclude and make it short, is there anybody out there who has 
> successfully applied pptp and h323 patches on an out-of-the-box fedora 
> core 4, and how did he do that ?
> Should I upgrade to a 2.6.15 kernel ? vanilla or fc4 flavour ?
> 
> many thanks in advance
> 
> 
-- 
Jorge Isaac Davila Lopez
Nicaragua Open Source
+505 808 2478
davila at nicaraguaopensource.com

More information about the netfilter mailing list