Re: Duplicate files created by 'iptables 1.6.0' and 'ebtables 2.0.10-4'

Re: Duplicate files created by 'iptables 1.6.0' and 'ebtables 2.0.10-4'

[Matthias Fischer]

[-- Attachment #1: Type: text/plain, Size: 3404 bytes --]

Hi,

On 01.04.2016 00:53, Michael Tremer wrote:
> Hi,
> 
> On Wed, 2016-03-30 at 00:06 +0200, Matthias Fischer wrote:
>> Hi,
>> 
>> On 29.03.2016 23:00, Michael Tremer wrote:
>> > 
>> > Hi,
>> > 
>> > this actually should not happen.
>> Ok, then being suspicious was perhaps right.
> 
> Yes.

Ok. Good.

>> > 
>> > Why is iptables building ebtables stuff?
>> I think because its a new version. I wrote about this yesterday in "Some
>> delicate updates...", after I started preparing some updates, based on
>> 'next'. One of these is 'iptables 1.6.0'. While preparing a backup to
>> test these updates on my production machine, I noticed that some files
>> existed twice, in different directories, belonging to 'iptables' and
>> 'ebtables'. By now, I didn't go any further.
>> 
>> > 
>> > Have these two been merged?
>> Only one - 'ebtables':
>> 'add ebtables & arptables for configuring the filter of a
>> ethernet-bridge' was added 2008-03-25 by arne_f, 'ebtables: Update to
>> 2.0.10-4' was added 2012-11-11 by Michael Tremer, ;-)
>> 
>> 'iptables 1.6.0' isn't even pushed or uploaded or anything else yet. I'm
>> just testing.
> 
> I was actually asking if ebtables is merged into the iptables package.

Ups. Sorry, "academical misunderstood"...

> Maybe we should stay on the last release?!

For now, I'd say 'Yes'! I'll take a closer look at it!

>> > Can you disable it?
>> Thats why I'm asking here. I found no option yet to disable building the
>> 'libebt*-files in 'iptables 1.6.0'. For now I just commented the
>> duplicate files in the new 'iptables'-rootfile. If thats all I have to
>> do, then everything is fine. If not, we'll have to look for another
>> solution. I don't know - and can't judge yet - if commenting these files
>> could have any unwanted effects to any 'iptables'-functions. As long as
>> we stick to the '1.4.21'-version, nothing will happen.
> 
> I think if you try to load the wrong files that should certainly break things as
> there will be an ABI mismatch.
> 
>> 
>> By the way: at this moment, an additional test build, containing the
>> five updates from my previous post, was finished. Without any errors,
>> but again with the duplicates from 'iptables 1.6.0' and from 'ebtables'.
>> Do you want me to send the diffs? I could push them to GIT so you could
>> take a look.
> 
> No need for me.
> 
>> 
>> Best, Matthias
>> 
>> > 
>> > 
>> > -Michael
>> 
>> > 
>> > On Tue, 2016-03-29 at 20:37 +0200, Matthias Fischer wrote:
>> > > 
>> > > Hi,
>> > > 
>> > > As I wrote before I'm testing with 'iptables 1.6.0'.
>> > > 
>> > > While looking which files I would need to backup so I could run some
>> > > tests on my production machine I found that 'iptables 1.6.0' and current
>> > > 'ebtables 2.0.10-4' are building duplicate files.
>> > > 
>> > > 'ebtables' puts them in '/usr/lib', 'iptables 1.6.0' in '/lib/xtables':
>> > > 
>> > > libebt_802_3.so
>> > > libebt_ip.so
>> > > libebt_log.so
>> > > libebt_mark_m.so
>> > > 
>> > > What would be the best way to handle this? Comment in (which?) rootfile?
>> > > 
>> > > As an info:
>> > > 'iptables 1.6.0' was build with the new option '--disable-nftables',
>> > > otherwise build failed: "fatal error: libnftnl/rule.h: No such file or
>> > > directory".
>> > > 
>> > > Best,
>> > > Matthias
>> > > 
>> > > 
> 

Re: Duplicate files created by 'iptables 1.6.0' and 'ebtables 2.0.10-4'

[Matthias Fischer]

[-- Attachment #1: Type: text/plain, Size: 3100 bytes --]

Hi,

On 01.04.2016 08:21, Matthias Fischer wrote:
>> > I was actually asking if ebtables is merged into the iptables package.
> Ups. Sorry, "academical misunderstood"...
> 
>> > Maybe we should stay on the last release?!
> For now, I'd say 'Yes'! I'll take a closer look at it!

Looking through the 'iptables'-changelog and comparing the various
source codes seems to show that a "compat-part" of ebtables' was merged.
Since then it is developed as a (new) part of 'iptables':

'iptables' changelog:
...
ebtables-compat: [various entries]
...
Merge branch 'ebtables-compat'
...

This would be in context with the fact that only a few equivalent
source-files from the 'ebtables'-extensions-directory
(extensions/ebt_*.c) can be found in the corresponding
'iptables'-extensions-directory (extensions/libebt_*.c).

As I see it from here, the 'ebtables'-package *could* be obsolete, or
maybe *not*, depending on what purposes we need it for, or what
functions we want. Hard to tell for me, sorry.

@Jonatan:
Perhaps you could test 'iptables 1.6.0' with your actual branch - and
without 'ebtables', to see if 'ebtables' are really needed, especially
by 'libvrt'? Just an idea...

Best,
Matthias

>>>> >> > Can you disable it?
>>> >> Thats why I'm asking here. I found no option yet to disable building the
>>> >> 'libebt*-files in 'iptables 1.6.0'. For now I just commented the
>>> >> duplicate files in the new 'iptables'-rootfile. If thats all I have to
>>> >> do, then everything is fine. If not, we'll have to look for another
>>> >> solution. I don't know - and can't judge yet - if commenting these files
>>> >> could have any unwanted effects to any 'iptables'-functions. As long as
>>> >> we stick to the '1.4.21'-version, nothing will happen.
>> > 
>> > I think if you try to load the wrong files that should certainly break things as
>> > there will be an ABI mismatch.
>> > 
>>> >> 
>>> >> By the way: at this moment, an additional test build, containing the
>>> >> five updates from my previous post, was finished. Without any errors,
>>> >> but again with the duplicates from 'iptables 1.6.0' and from 'ebtables'.
>>> >> Do you want me to send the diffs? I could push them to GIT so you could
>>> >> take a look.
>> > 
>> > No need for me.
>> > 
>>> >> 
>>> >> Best, Matthias
>>> >> 
>>>> >> > 
>>>> >> > 
>>>> >> > -Michael
>>> >> 
>>>> >> > 
>>>> >> > On Tue, 2016-03-29 at 20:37 +0200, Matthias Fischer wrote:
>>>>> >> > > 
>>>>> >> > > Hi,
>>>>> >> > > 
>>>>> >> > > As I wrote before I'm testing with 'iptables 1.6.0'.
>>>>> >> > > 
>>>>> >> > > While looking which files I would need to backup so I could run some
>>>>> >> > > tests on my production machine I found that 'iptables 1.6.0' and current
>>>>> >> > > 'ebtables 2.0.10-4' are building duplicate files.
>>>>> >> > > 
>>>>> >> > > 'ebtables' puts them in '/usr/lib', 'iptables 1.6.0' in '/lib/xtables':
>>>>> >> > > 
>>>>> >> > > libebt_802_3.so
>>>>> >> > > libebt_ip.so
>>>>> >> > > libebt_log.so
>>>>> >> > > libebt_mark_m.so
>>>>> >> > >

Re: Duplicate files created by 'iptables 1.6.0' and 'ebtables 2.0.10-4'

[Matthias Fischer]

[-- Attachment #1: Type: text/plain, Size: 301 bytes --]

Hi,

On 01.04.2016 08:21, Matthias Fischer wrote:
>> > Maybe we should stay on the last release?!
> For now, I'd say 'Yes'! I'll take a closer look at it!

For the records:
Right now I'm running a testbuild, based on 'next', with 'iptables
1.6.0' but *without* 'ebtables'. We'll see.

Best,
Matthias

Re: Duplicate files created by 'iptables 1.6.0' and 'ebtables 2.0.10-4'

[Michael Tremer]

[-- Attachment #1: Type: text/plain, Size: 481 bytes --]

Are you sure we have the requirements switched on in our kernel?

-Michael

On Fri, 2016-04-01 at 17:06 +0200, Matthias Fischer wrote:
> Hi,
> 
> On 01.04.2016 08:21, Matthias Fischer wrote:
> > 
> > > 
> > > > 
> > > > Maybe we should stay on the last release?!
> > For now, I'd say 'Yes'! I'll take a closer look at it!
> For the records:
> Right now I'm running a testbuild, based on 'next', with 'iptables
> 1.6.0' but *without* 'ebtables'. We'll see.
> 
> Best,
> Matthias
> 

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]

Re: Duplicate files created by 'iptables 1.6.0' and 'ebtables 2.0.10-4'

[Matthias Fischer]

[-- Attachment #1: Type: text/plain, Size: 1095 bytes --]

Hi,

On 08.04.2016 21:03, Michael Tremer wrote:
> Are you sure we have the requirements switched on in our kernel?

No, I'm definitely NOT sure! I'm not so deep into the current kernel
options to make a secure statement about this.

Furthermore, since I'm at work again (holidays are over, *sigh*), I
hadn't the time to test this more extensive. I had to put it on my long
term ToDo-list. The last build - without 'ebtables' - was built without
errors, but I didn't test it ONLINE yet! Right now I have the feeling
this will require a lot of adjustments to get it really running.
For now, the best will be to stay on the current release.

Best,
Matthias

> -Michael
> 
> On Fri, 2016-04-01 at 17:06 +0200, Matthias Fischer wrote:
>> Hi,
>> 
>> On 01.04.2016 08:21, Matthias Fischer wrote:
>> > 
>> > > 
>> > > > 
>> > > > Maybe we should stay on the last release?!
>> > For now, I'd say 'Yes'! I'll take a closer look at it!
>> For the records:
>> Right now I'm running a testbuild, based on 'next', with 'iptables
>> 1.6.0' but *without* 'ebtables'. We'll see.
>> 
>> Best,
>> Matthias
>> 
> 

Re: Duplicate files created by 'iptables 1.6.0' and 'ebtables 2.0.10-4'

[Matthias Fischer]

[-- Attachment #1: Type: text/plain, Size: 2524 bytes --]

Hi,

On 29.03.2016 23:00, Michael Tremer wrote:
> Hi,
> 
> this actually should not happen.

Ok, then being suspicious was perhaps right.

> Why is iptables building ebtables stuff?

I think because its a new version. I wrote about this yesterday in "Some
delicate updates...", after I started preparing some updates, based on
'next'. One of these is 'iptables 1.6.0'. While preparing a backup to
test these updates on my production machine, I noticed that some files
existed twice, in different directories, belonging to 'iptables' and
'ebtables'. By now, I didn't go any further.

> Have these two been merged?

Only one - 'ebtables':
'add ebtables & arptables for configuring the filter of a
ethernet-bridge' was added 2008-03-25 by arne_f, 'ebtables: Update to
2.0.10-4' was added 2012-11-11 by Michael Tremer, ;-)

'iptables 1.6.0' isn't even pushed or uploaded or anything else yet. I'm
just testing.

> Can you disable it?

Thats why I'm asking here. I found no option yet to disable building the
'libebt*-files in 'iptables 1.6.0'. For now I just commented the
duplicate files in the new 'iptables'-rootfile. If thats all I have to
do, then everything is fine. If not, we'll have to look for another
solution. I don't know - and can't judge yet - if commenting these files
could have any unwanted effects to any 'iptables'-functions. As long as
we stick to the '1.4.21'-version, nothing will happen.

By the way: at this moment, an additional test build, containing the
five updates from my previous post, was finished. Without any errors,
but again with the duplicates from 'iptables 1.6.0' and from 'ebtables'.
Do you want me to send the diffs? I could push them to GIT so you could
take a look.

Best, Matthias

> 
> -Michael


> On Tue, 2016-03-29 at 20:37 +0200, Matthias Fischer wrote:
>> Hi,
>> 
>> As I wrote before I'm testing with 'iptables 1.6.0'.
>> 
>> While looking which files I would need to backup so I could run some
>> tests on my production machine I found that 'iptables 1.6.0' and current
>> 'ebtables 2.0.10-4' are building duplicate files.
>> 
>> 'ebtables' puts them in '/usr/lib', 'iptables 1.6.0' in '/lib/xtables':
>> 
>> libebt_802_3.so
>> libebt_ip.so
>> libebt_log.so
>> libebt_mark_m.so
>> 
>> What would be the best way to handle this? Comment in (which?) rootfile?
>> 
>> As an info:
>> 'iptables 1.6.0' was build with the new option '--disable-nftables',
>> otherwise build failed: "fatal error: libnftnl/rule.h: No such file or
>> directory".
>> 
>> Best,
>> Matthias
>> 
>> 
> 

Re: Duplicate files created by 'iptables 1.6.0' and 'ebtables 2.0.10-4'

[Michael Tremer]

[-- Attachment #1: Type: text/plain, Size: 891 bytes --]

Hi,

this actually should not happen. Why is iptables building ebtables stuff? Have
these two been merged? Can you disable it?

-Michael

On Tue, 2016-03-29 at 20:37 +0200, Matthias Fischer wrote:
> Hi,
> 
> As I wrote before I'm testing with 'iptables 1.6.0'.
> 
> While looking which files I would need to backup so I could run some
> tests on my production machine I found that 'iptables 1.6.0' and current
> 'ebtables 2.0.10-4' are building duplicate files.
> 
> 'ebtables' puts them in '/usr/lib', 'iptables 1.6.0' in '/lib/xtables':
> 
> libebt_802_3.so
> libebt_ip.so
> libebt_log.so
> libebt_mark_m.so
> 
> What would be the best way to handle this? Comment in (which?) rootfile?
> 
> As an info:
> 'iptables 1.6.0' was build with the new option '--disable-nftables',
> otherwise build failed: "fatal error: libnftnl/rule.h: No such file or
> directory".
> 
> Best,
> Matthias
> 
> 

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]

Duplicate files created by 'iptables 1.6.0' and 'ebtables 2.0.10-4'

[Matthias Fischer]

[-- Attachment #1: Type: text/plain, Size: 642 bytes --]

Hi,

As I wrote before I'm testing with 'iptables 1.6.0'.

While looking which files I would need to backup so I could run some
tests on my production machine I found that 'iptables 1.6.0' and current
'ebtables 2.0.10-4' are building duplicate files.

'ebtables' puts them in '/usr/lib', 'iptables 1.6.0' in '/lib/xtables':

libebt_802_3.so
libebt_ip.so
libebt_log.so
libebt_mark_m.so

What would be the best way to handle this? Comment in (which?) rootfile?

As an info:
'iptables 1.6.0' was build with the new option '--disable-nftables',
otherwise build failed: "fatal error: libnftnl/rule.h: No such file or
directory".

Best,
Matthias