Ubuntu
iptables package

iptables ftbfs due to ip_queue obsolete on 3.5 kernels

Bug #1020598 reported by Jamie Strandboge
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
iptables (Ubuntu)
Fix Released
High
Jamie Strandboge
Ubuntu quantal-alpha-3
Quantal
Fix Released
High
Jamie Strandboge
Ubuntu quantal-alpha-3
perlipq (Ubuntu)
Fix Released
Undecided
Unassigned
Quantal
Fix Released
Undecided
Unassigned
shaperd (Ubuntu)
Fix Released
Undecided
Unassigned
Quantal
Fix Released
Undecided
Unassigned

Bug Description

Title says it all. libipq does not compile because ip_queue was removed from the 3.5 kernel:
http://www.spinics.net/lists/netfilter-devel/msg21641.html

iptables needs to be adjusted to not ship libipq and applications using libipq should migrate to nfnetlink_queue (from libnfnetlink0).

There are some packages which Build-Depends on iptables-dev and reference libipq:
* nufw - uses --with-nfqueue
* shaperd - unchanged since (at least) lucid. Per README, requires libipq. Needs to be removed
* perlipq - source unchanged since natty. Per README, requires libipq. Needs to be removed

See original description

Related branches

lp:ubuntu/quantal/iptables
Jamie Strandboge (jdstrand)
Changed in iptables (Ubuntu Quantal):
milestone: none → quantal-alpha-3
tags: added: rls-q-tracking
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Removing packages:
 perlipq 1.25-3build2 in quantal
  libiptables-ipv4-ipqueue-perl 1.25-3build2 in quantal amd64
  libiptables-ipv4-ipqueue-perl 1.25-3build2 in quantal armel
  libiptables-ipv4-ipqueue-perl 1.25-3build2 in quantal armhf
  libiptables-ipv4-ipqueue-perl 1.25-3build2 in quantal i386
  libiptables-ipv4-ipqueue-perl 1.25-3build2 in quantal powerpc
Comment: Requires obsoleted libipq (LP: #1020598)
Remove [y|N]? y
1 package successfully removed.

description: updated
Changed in perlipq (Ubuntu Quantal):
status: New → Fix Released
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Removing packages:
 shaperd 0.2.1-5.2 in quantal
  shaperd 0.2.1-5.2 in quantal amd64
  shaperd 0.2.1-5.2 in quantal armel
  shaperd 0.2.1-5.2 in quantal armhf
  shaperd 0.2.1-5.2 in quantal i386
  shaperd 0.2.1-5.2 in quantal powerpc
Comment: Requires obsoleted libipq (LP: #1020598)
Remove [y|N]? y
1 package successfully removed.

Changed in shaperd (Ubuntu Quantal):
status: New → Fix Released
description: updated
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

While I have the upload prepared, it seems that compiling it on 12.10 causes weird iptables-restore errors. Attached is the reproducer.

With 1.4.12-1ubuntu4:
$ sudo sh /tmp/ipt-bug.sh
Flushing chains
Adding '-A INPUT -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix [FOOBAR]'
iptables-save > /tmp/save
cat /tmp/save | iptables-restore
Searching for rule:
ok

With pending 1.4.12-2ubuntu1:
$ sudo sh /tmp/ipt-bug.sh Flushing chains
Adding '-A INPUT -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix [FOOBAR]'
iptables-save > /tmp/save
cat /tmp/save | iptables-restore
Searching for rule:
FAIL

Brian Murray (brian-murray)
Changed in iptables (Ubuntu Quantal):
status: In Progress → New
status: New → In Progress
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package iptables - 1.4.12-2ubuntu1

---------------
iptables (1.4.12-2ubuntu1) quantal; urgency=low

  * Merge from Debian unstable. Remaining changes:
    - 9000-howtos.patch: add howtos/ and install them
    - 9001-Fixed-FTBS-by-copying-linux-types.h-from-linux-3.2.patch: Fix FTBS
      against linux 3.2 headers
    - 9002-libxt_recent-Add-support-for-reap-option.patch: add --reap support.
      Merge in changes from 1.4.12-1ubuntu4 into this patch
    - debian/control: Build-Depends on linuxdoc-tools
    - debian/iptables.install: install NAT and packetfilter howtos into
      /usr/share/doc
    - debian/iptables-dev.install: install netfilter howto into /usr/share/doc
    - debian/iptables-dev.doc-base.netfilter-extensions,
      debian/iptables-dev.doc-base.netfilter-hacking,
      debian/iptables.doc-base.nat, debian/iptables.doc-base.packet-filter: add
      howtos
  * Drop libipq support since it has been obsoleted in 3.5 and later kernels.
    Per upstream, users of libipq should transition to nfnetlink_queue (from
    libnfnetlink0) instead. (LP: #1020598)
    - debian/control: remove reference to libipq
    - debian/rules: compile with --disable-libipq
    - debian/iptables.lintian-overrides: remove reference to libipq0
    - debian/iptables-dev.install: remove usr/share/man/man3 only used with
      libipq manpages
    - dropped 9001-build-libipq_pic.la.patch, no longer required
  * 9003-lp1020490.patch: fix --ctproto 0 output (LP: #1020490)
  * 9004-argv-is-null.patch: ip(6)tables-restore: make sure argv is NULL
    terminated
  * debian/patches/9005-lp1027252-fixrestore.patch: fix iptables-restore with
    gcc-4.7 and -O1 or higher (LP: #1027252)

iptables (1.4.14-2) unstable; urgency=low

  * Added missing 1.4.13-1.1 NMU fix
 -- Jamie Strandboge <email address hidden> Fri, 20 Jul 2012 15:45:01 -0500

Changed in iptables (Ubuntu Quantal):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Bug attachments

Remote bug watches

Bug watches keep track of this bug in other bug trackers.