From d4e72dc1c684c2f8361d87e6bde2902cd2ee8efb Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Sat, 3 Sep 2011 13:34:40 +0200 Subject: libxt_statistic: link with -lm $ ldd -r libxt_statistic.so undefined symbol: lround (./libxt_statistic.so) References: https://bugs.archlinux.org/task/25358 Signed-off-by: Jan Engelhardt --- extensions/GNUmakefile.in | 5 ++++- iptables/Makefile.am | 9 +++++++-- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/extensions/GNUmakefile.in b/extensions/GNUmakefile.in index 2b48d841..dbf210cc 100644 --- a/extensions/GNUmakefile.in +++ b/extensions/GNUmakefile.in @@ -90,11 +90,14 @@ init%.o: init%.c # Shared libraries # lib%.so: lib%.oo - ${AM_VERBOSE_CCLD} ${CCLD} ${AM_LDFLAGS} -shared ${LDFLAGS} -o $@ $<; + ${AM_VERBOSE_CCLD} ${CCLD} ${AM_LDFLAGS} -shared ${LDFLAGS} -o $@ $< ${$*_LIBADD}; lib%.oo: ${srcdir}/lib%.c ${AM_VERBOSE_CC} ${CC} ${AM_CPPFLAGS} ${AM_DEPFLAGS} ${AM_CFLAGS} -D_INIT=lib$*_init -DPIC -fPIC ${CFLAGS} -o $@ -c $<; +# Need the LIBADDs in iptables/Makefile.am too for libxtables_la_LIBADD +xt_statistic_LIBADD = -lm + # # Static bits diff --git a/iptables/Makefile.am b/iptables/Makefile.am index addb1598..f6db32d0 100644 --- a/iptables/Makefile.am +++ b/iptables/Makefile.am @@ -6,12 +6,17 @@ AM_CPPFLAGS = ${regular_CPPFLAGS} -I${top_builddir}/include -I${top_srcdir} lib_LTLIBRARIES = libxtables.la libxtables_la_SOURCES = xtables.c xtoptions.c libxtables_la_LDFLAGS = -version-info ${libxtables_vcurrent}:0:${libxtables_vage} +libxtables_la_LIBADD = +if ENABLE_STATIC +# With --enable-static, shipped extensions are linked into the main executable, +# so we need all the LIBADDs here too +libxtables_la_LIBADD += -lm +endif if ENABLE_SHARED libxtables_la_CFLAGS = ${AM_CFLAGS} -libxtables_la_LIBADD = -ldl +libxtables_la_LIBADD += -ldl else libxtables_la_CFLAGS = ${AM_CFLAGS} -DNO_SHARED_LIBS=1 -libxtables_la_LIBADD = endif xtables_multi_SOURCES = xtables-multi.c iptables-xml.c -- cgit v1.2.3 From 9249ad37b2342eb48009e18f3982362e1018ea5a Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Sat, 3 Sep 2011 13:35:53 +0200 Subject: libxt_RATEEST: link with -lm $ ldd -r libxt_RATEEST.so undefined symbol: log (./libxt_RATEEST.so) Signed-off-by: Jan Engelhardt --- extensions/GNUmakefile.in | 1 + 1 file changed, 1 insertion(+) diff --git a/extensions/GNUmakefile.in b/extensions/GNUmakefile.in index dbf210cc..107c9d59 100644 --- a/extensions/GNUmakefile.in +++ b/extensions/GNUmakefile.in @@ -96,6 +96,7 @@ lib%.oo: ${srcdir}/lib%.c ${AM_VERBOSE_CC} ${CC} ${AM_CPPFLAGS} ${AM_DEPFLAGS} ${AM_CFLAGS} -D_INIT=lib$*_init -DPIC -fPIC ${CFLAGS} -o $@ -c $<; # Need the LIBADDs in iptables/Makefile.am too for libxtables_la_LIBADD +xt_RATEEST_LIBADD = -lm xt_statistic_LIBADD = -lm -- cgit v1.2.3 From 751da923262746bf8fd3195e178504fb18c37dc5 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Sat, 3 Sep 2011 14:11:53 +0200 Subject: build: scan for unreferenced symbols To be notified of occurrences where we are missing any libraries, run some ldd checks post building. Signed-off-by: Jan Engelhardt --- extensions/GNUmakefile.in | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/extensions/GNUmakefile.in b/extensions/GNUmakefile.in index 107c9d59..a9edb1e6 100644 --- a/extensions/GNUmakefile.in +++ b/extensions/GNUmakefile.in @@ -68,7 +68,16 @@ targets_install := .PHONY: all install clean distclean FORCE -all: ${targets} +all: ${targets} check + +check: ${targets} + @echo " CHECK unknown symbols in .so files"; \ + . ../iptables/libxtables.la; \ + for i in "" lib*.so; do \ + [ -z "$$i" ] && continue; \ + LD_PRELOAD="$$dlname" LD_LIBRARY_PATH=../iptables/.libs \ + ldd -r $$i 2>&1 >/dev/null; \ + done; install: ${targets_install} @mkdir -p "${DESTDIR}${xtlibdir}"; -- cgit v1.2.3 From f56b8a8bf4b1041cb875fd8439778f35276bdb30 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Sat, 3 Sep 2011 14:27:55 +0200 Subject: iptables: move kernel version find routing into libxtables That way, the remaining unreferenced symbols that do appear in libipt_DNAT and libipt_SNAT as part of the new check can be resolved, and the ugly -rdynamic hack can finally be removed. Signed-off-by: Jan Engelhardt --- Makefile.am | 3 ++- include/iptables.h | 8 -------- include/xtables.h.in | 8 ++++++++ iptables/Makefile.am | 1 - iptables/iptables.c | 18 ------------------ iptables/xtables.c | 18 ++++++++++++++++++ 6 files changed, 28 insertions(+), 28 deletions(-) diff --git a/Makefile.am b/Makefile.am index 34b35012..9167e8e3 100644 --- a/Makefile.am +++ b/Makefile.am @@ -3,7 +3,7 @@ ACLOCAL_AMFLAGS = -I m4 AUTOMAKE_OPTIONS = foreign subdir-objects -SUBDIRS = extensions libiptc iptables +SUBDIRS = libiptc iptables if ENABLE_DEVEL SUBDIRS += include endif @@ -13,6 +13,7 @@ endif if HAVE_LIBNFNETLINK SUBDIRS += utils endif +SUBDIRS += extensions .PHONY: tarball tarball: diff --git a/include/iptables.h b/include/iptables.h index 65b32909..89217e29 100644 --- a/include/iptables.h +++ b/include/iptables.h @@ -18,14 +18,6 @@ extern int for_each_chain4(int (*fn)(const ipt_chainlabel, int, struct iptc_hand extern void print_rule4(const struct ipt_entry *e, struct iptc_handle *handle, const char *chain, int counters); -/* kernel revision handling */ -extern int kernel_version; -extern void get_kernel_version(void); -#define LINUX_VERSION(x,y,z) (0x10000*(x) + 0x100*(y) + z) -#define LINUX_VERSION_MAJOR(x) (((x)>>16) & 0xFF) -#define LINUX_VERSION_MINOR(x) (((x)>> 8) & 0xFF) -#define LINUX_VERSION_PATCH(x) ( (x) & 0xFF) - extern struct xtables_globals iptables_globals; #endif /*_IPTABLES_USER_H*/ diff --git a/include/xtables.h.in b/include/xtables.h.in index d50df79a..28e29337 100644 --- a/include/xtables.h.in +++ b/include/xtables.h.in @@ -477,6 +477,14 @@ extern void xtables_save_string(const char *value); extern const struct xtables_pprot xtables_chain_protos[]; extern u_int16_t xtables_parse_protocol(const char *s); +/* kernel revision handling */ +extern int kernel_version; +extern void get_kernel_version(void); +#define LINUX_VERSION(x,y,z) (0x10000*(x) + 0x100*(y) + z) +#define LINUX_VERSION_MAJOR(x) (((x)>>16) & 0xFF) +#define LINUX_VERSION_MINOR(x) (((x)>> 8) & 0xFF) +#define LINUX_VERSION_PATCH(x) ( (x) & 0xFF) + /* xtoptions.c */ extern void xtables_option_metavalidate(const char *, const struct xt_option_entry *); diff --git a/iptables/Makefile.am b/iptables/Makefile.am index f6db32d0..af620f76 100644 --- a/iptables/Makefile.am +++ b/iptables/Makefile.am @@ -21,7 +21,6 @@ endif xtables_multi_SOURCES = xtables-multi.c iptables-xml.c xtables_multi_CFLAGS = ${AM_CFLAGS} -xtables_multi_LDFLAGS = -rdynamic xtables_multi_LDADD = ../extensions/libext.a if ENABLE_STATIC xtables_multi_CFLAGS += -DALL_INCLUSIVE diff --git a/iptables/iptables.c b/iptables/iptables.c index 50dc1e7a..830ddbcb 100644 --- a/iptables/iptables.c +++ b/iptables/iptables.c @@ -39,7 +39,6 @@ #include #include #include -#include #include "xshared.h" #ifndef TRUE @@ -187,8 +186,6 @@ static const int inverse_for_options[NUMBER_OF_OPT] = #define prog_name iptables_globals.program_name #define prog_vers iptables_globals.program_version -int kernel_version; - /* Primitive headers... */ /* defined in netinet/in.h */ #if 0 @@ -1281,21 +1278,6 @@ static void clear_rule_matches(struct xtables_rule_match **matches) *matches = NULL; } -void -get_kernel_version(void) { - static struct utsname uts; - int x = 0, y = 0, z = 0; - - if (uname(&uts) == -1) { - fprintf(stderr, "Unable to retrieve kernel version.\n"); - xtables_free_opts(1); - exit(1); - } - - sscanf(uts.release, "%d.%d.%d", &x, &y, &z); - kernel_version = LINUX_VERSION(x, y, z); -} - static void command_jump(struct iptables_command_state *cs) { size_t size; diff --git a/iptables/xtables.c b/iptables/xtables.c index e72aa284..014e115b 100644 --- a/iptables/xtables.c +++ b/iptables/xtables.c @@ -31,6 +31,7 @@ #include #include #include +#include #include #include #if defined(HAVE_LINUX_MAGIC_H) @@ -1812,3 +1813,20 @@ xtables_parse_protocol(const char *s) "unknown protocol \"%s\" specified", s); return -1; } + +int kernel_version; + +void get_kernel_version(void) +{ + static struct utsname uts; + int x = 0, y = 0, z = 0; + + if (uname(&uts) == -1) { + fprintf(stderr, "Unable to retrieve kernel version.\n"); + xtables_free_opts(1); + exit(1); + } + + sscanf(uts.release, "%d.%d.%d", &x, &y, &z); + kernel_version = LINUX_VERSION(x, y, z); +} -- cgit v1.2.3 From 153c23d9b14285b24aae3e96da0b547dcc7ee051 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Fri, 2 Sep 2011 17:45:51 -0700 Subject: libxt_CONNSECMARK: fix spacing in output ~# iptables -t mangle -A foo -j CONNSECMARK --save ~# iptables -t mangle -S [...] -A foo -j CONNSECMARK--save Signed-off-by: Jan Engelhardt --- extensions/libxt_CONNSECMARK.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/extensions/libxt_CONNSECMARK.c b/extensions/libxt_CONNSECMARK.c index df2e6b82..0b3cd79d 100644 --- a/extensions/libxt_CONNSECMARK.c +++ b/extensions/libxt_CONNSECMARK.c @@ -87,7 +87,7 @@ CONNSECMARK_save(const void *ip, const struct xt_entry_target *target) const struct xt_connsecmark_target_info *info = (struct xt_connsecmark_target_info*)target->data; - printf("--"); + printf(" --"); print_connsecmark(info); } -- cgit v1.2.3