Hi,
As I wrote before I'm testing with 'iptables 1.6.0'.
While looking which files I would need to backup so I could run some tests on my production machine I found that 'iptables 1.6.0' and current 'ebtables 2.0.10-4' are building duplicate files.
'ebtables' puts them in '/usr/lib', 'iptables 1.6.0' in '/lib/xtables':
libebt_802_3.so libebt_ip.so libebt_log.so libebt_mark_m.so
What would be the best way to handle this? Comment in (which?) rootfile?
As an info: 'iptables 1.6.0' was build with the new option '--disable-nftables', otherwise build failed: "fatal error: libnftnl/rule.h: No such file or directory".
Best, Matthias
Hi,
this actually should not happen. Why is iptables building ebtables stuff? Have these two been merged? Can you disable it?
-Michael
On Tue, 2016-03-29 at 20:37 +0200, Matthias Fischer wrote:
Hi,
As I wrote before I'm testing with 'iptables 1.6.0'.
While looking which files I would need to backup so I could run some tests on my production machine I found that 'iptables 1.6.0' and current 'ebtables 2.0.10-4' are building duplicate files.
'ebtables' puts them in '/usr/lib', 'iptables 1.6.0' in '/lib/xtables':
libebt_802_3.so libebt_ip.so libebt_log.so libebt_mark_m.so
What would be the best way to handle this? Comment in (which?) rootfile?
As an info: 'iptables 1.6.0' was build with the new option '--disable-nftables', otherwise build failed: "fatal error: libnftnl/rule.h: No such file or directory".
Best, Matthias
Hi,
On 29.03.2016 23:00, Michael Tremer wrote:
Hi,
this actually should not happen.
Ok, then being suspicious was perhaps right.
Why is iptables building ebtables stuff?
I think because its a new version. I wrote about this yesterday in "Some delicate updates...", after I started preparing some updates, based on 'next'. One of these is 'iptables 1.6.0'. While preparing a backup to test these updates on my production machine, I noticed that some files existed twice, in different directories, belonging to 'iptables' and 'ebtables'. By now, I didn't go any further.
Have these two been merged?
Only one - 'ebtables': 'add ebtables & arptables for configuring the filter of a ethernet-bridge' was added 2008-03-25 by arne_f, 'ebtables: Update to 2.0.10-4' was added 2012-11-11 by Michael Tremer, ;-)
'iptables 1.6.0' isn't even pushed or uploaded or anything else yet. I'm just testing.
Can you disable it?
Thats why I'm asking here. I found no option yet to disable building the 'libebt*-files in 'iptables 1.6.0'. For now I just commented the duplicate files in the new 'iptables'-rootfile. If thats all I have to do, then everything is fine. If not, we'll have to look for another solution. I don't know - and can't judge yet - if commenting these files could have any unwanted effects to any 'iptables'-functions. As long as we stick to the '1.4.21'-version, nothing will happen.
By the way: at this moment, an additional test build, containing the five updates from my previous post, was finished. Without any errors, but again with the duplicates from 'iptables 1.6.0' and from 'ebtables'. Do you want me to send the diffs? I could push them to GIT so you could take a look.
Best, Matthias
-Michael
On Tue, 2016-03-29 at 20:37 +0200, Matthias Fischer wrote:
Hi,
As I wrote before I'm testing with 'iptables 1.6.0'.
While looking which files I would need to backup so I could run some tests on my production machine I found that 'iptables 1.6.0' and current 'ebtables 2.0.10-4' are building duplicate files.
'ebtables' puts them in '/usr/lib', 'iptables 1.6.0' in '/lib/xtables':
libebt_802_3.so libebt_ip.so libebt_log.so libebt_mark_m.so
What would be the best way to handle this? Comment in (which?) rootfile?
As an info: 'iptables 1.6.0' was build with the new option '--disable-nftables', otherwise build failed: "fatal error: libnftnl/rule.h: No such file or directory".
Best, Matthias
Hi,
On Wed, 2016-03-30 at 00:06 +0200, Matthias Fischer wrote:
Hi,
On 29.03.2016 23:00, Michael Tremer wrote:
Hi,
this actually should not happen.
Ok, then being suspicious was perhaps right.
Yes.
Why is iptables building ebtables stuff?
I think because its a new version. I wrote about this yesterday in "Some delicate updates...", after I started preparing some updates, based on 'next'. One of these is 'iptables 1.6.0'. While preparing a backup to test these updates on my production machine, I noticed that some files existed twice, in different directories, belonging to 'iptables' and 'ebtables'. By now, I didn't go any further.
Have these two been merged?
Only one - 'ebtables': 'add ebtables & arptables for configuring the filter of a ethernet-bridge' was added 2008-03-25 by arne_f, 'ebtables: Update to 2.0.10-4' was added 2012-11-11 by Michael Tremer, ;-)
'iptables 1.6.0' isn't even pushed or uploaded or anything else yet. I'm just testing.
I was actually asking if ebtables is merged into the iptables package.
Maybe we should stay on the last release?!
Can you disable it?
Thats why I'm asking here. I found no option yet to disable building the 'libebt*-files in 'iptables 1.6.0'. For now I just commented the duplicate files in the new 'iptables'-rootfile. If thats all I have to do, then everything is fine. If not, we'll have to look for another solution. I don't know - and can't judge yet - if commenting these files could have any unwanted effects to any 'iptables'-functions. As long as we stick to the '1.4.21'-version, nothing will happen.
I think if you try to load the wrong files that should certainly break things as there will be an ABI mismatch.
By the way: at this moment, an additional test build, containing the five updates from my previous post, was finished. Without any errors, but again with the duplicates from 'iptables 1.6.0' and from 'ebtables'. Do you want me to send the diffs? I could push them to GIT so you could take a look.
No need for me.
Best, Matthias
-Michael
On Tue, 2016-03-29 at 20:37 +0200, Matthias Fischer wrote:
Hi,
As I wrote before I'm testing with 'iptables 1.6.0'.
While looking which files I would need to backup so I could run some tests on my production machine I found that 'iptables 1.6.0' and current 'ebtables 2.0.10-4' are building duplicate files.
'ebtables' puts them in '/usr/lib', 'iptables 1.6.0' in '/lib/xtables':
libebt_802_3.so libebt_ip.so libebt_log.so libebt_mark_m.so
What would be the best way to handle this? Comment in (which?) rootfile?
As an info: 'iptables 1.6.0' was build with the new option '--disable-nftables', otherwise build failed: "fatal error: libnftnl/rule.h: No such file or directory".
Best, Matthias
Hi,
On 01.04.2016 00:53, Michael Tremer wrote:
Hi,
On Wed, 2016-03-30 at 00:06 +0200, Matthias Fischer wrote:
Hi,
On 29.03.2016 23:00, Michael Tremer wrote:
Hi,
this actually should not happen.
Ok, then being suspicious was perhaps right.
Yes.
Ok. Good.
Why is iptables building ebtables stuff?
I think because its a new version. I wrote about this yesterday in "Some delicate updates...", after I started preparing some updates, based on 'next'. One of these is 'iptables 1.6.0'. While preparing a backup to test these updates on my production machine, I noticed that some files existed twice, in different directories, belonging to 'iptables' and 'ebtables'. By now, I didn't go any further.
Have these two been merged?
Only one - 'ebtables': 'add ebtables & arptables for configuring the filter of a ethernet-bridge' was added 2008-03-25 by arne_f, 'ebtables: Update to 2.0.10-4' was added 2012-11-11 by Michael Tremer, ;-)
'iptables 1.6.0' isn't even pushed or uploaded or anything else yet. I'm just testing.
I was actually asking if ebtables is merged into the iptables package.
Ups. Sorry, "academical misunderstood"...
Maybe we should stay on the last release?!
For now, I'd say 'Yes'! I'll take a closer look at it!
Can you disable it?
Thats why I'm asking here. I found no option yet to disable building the 'libebt*-files in 'iptables 1.6.0'. For now I just commented the duplicate files in the new 'iptables'-rootfile. If thats all I have to do, then everything is fine. If not, we'll have to look for another solution. I don't know - and can't judge yet - if commenting these files could have any unwanted effects to any 'iptables'-functions. As long as we stick to the '1.4.21'-version, nothing will happen.
I think if you try to load the wrong files that should certainly break things as there will be an ABI mismatch.
By the way: at this moment, an additional test build, containing the five updates from my previous post, was finished. Without any errors, but again with the duplicates from 'iptables 1.6.0' and from 'ebtables'. Do you want me to send the diffs? I could push them to GIT so you could take a look.
No need for me.
Best, Matthias
-Michael
On Tue, 2016-03-29 at 20:37 +0200, Matthias Fischer wrote:
Hi,
As I wrote before I'm testing with 'iptables 1.6.0'.
While looking which files I would need to backup so I could run some tests on my production machine I found that 'iptables 1.6.0' and current 'ebtables 2.0.10-4' are building duplicate files.
'ebtables' puts them in '/usr/lib', 'iptables 1.6.0' in '/lib/xtables':
libebt_802_3.so libebt_ip.so libebt_log.so libebt_mark_m.so
What would be the best way to handle this? Comment in (which?) rootfile?
As an info: 'iptables 1.6.0' was build with the new option '--disable-nftables', otherwise build failed: "fatal error: libnftnl/rule.h: No such file or directory".
Best, Matthias
Hi,
On 01.04.2016 08:21, Matthias Fischer wrote:
I was actually asking if ebtables is merged into the iptables package.
Ups. Sorry, "academical misunderstood"...
Maybe we should stay on the last release?!
For now, I'd say 'Yes'! I'll take a closer look at it!
Looking through the 'iptables'-changelog and comparing the various source codes seems to show that a "compat-part" of ebtables' was merged. Since then it is developed as a (new) part of 'iptables':
'iptables' changelog: ... ebtables-compat: [various entries] ... Merge branch 'ebtables-compat' ...
This would be in context with the fact that only a few equivalent source-files from the 'ebtables'-extensions-directory (extensions/ebt_*.c) can be found in the corresponding 'iptables'-extensions-directory (extensions/libebt_*.c).
As I see it from here, the 'ebtables'-package *could* be obsolete, or maybe *not*, depending on what purposes we need it for, or what functions we want. Hard to tell for me, sorry.
@Jonatan: Perhaps you could test 'iptables 1.6.0' with your actual branch - and without 'ebtables', to see if 'ebtables' are really needed, especially by 'libvrt'? Just an idea...
Best, Matthias
> Can you disable it?
Thats why I'm asking here. I found no option yet to disable building the 'libebt*-files in 'iptables 1.6.0'. For now I just commented the duplicate files in the new 'iptables'-rootfile. If thats all I have to do, then everything is fine. If not, we'll have to look for another solution. I don't know - and can't judge yet - if commenting these files could have any unwanted effects to any 'iptables'-functions. As long as we stick to the '1.4.21'-version, nothing will happen.
I think if you try to load the wrong files that should certainly break things as there will be an ABI mismatch.
By the way: at this moment, an additional test build, containing the five updates from my previous post, was finished. Without any errors, but again with the duplicates from 'iptables 1.6.0' and from 'ebtables'. Do you want me to send the diffs? I could push them to GIT so you could take a look.
No need for me.
Best, Matthias
> > > -Michael
> > On Tue, 2016-03-29 at 20:37 +0200, Matthias Fischer wrote: > > > > > > Hi, > > > > > > As I wrote before I'm testing with 'iptables 1.6.0'. > > > > > > While looking which files I would need to backup so I could run some > > > tests on my production machine I found that 'iptables 1.6.0' and current > > > 'ebtables 2.0.10-4' are building duplicate files. > > > > > > 'ebtables' puts them in '/usr/lib', 'iptables 1.6.0' in '/lib/xtables': > > > > > > libebt_802_3.so > > > libebt_ip.so > > > libebt_log.so > > > libebt_mark_m.so > > >
Hi,
On 01.04.2016 08:21, Matthias Fischer wrote:
Maybe we should stay on the last release?!
For now, I'd say 'Yes'! I'll take a closer look at it!
For the records: Right now I'm running a testbuild, based on 'next', with 'iptables 1.6.0' but *without* 'ebtables'. We'll see.
Best, Matthias
Are you sure we have the requirements switched on in our kernel?
-Michael
On Fri, 2016-04-01 at 17:06 +0200, Matthias Fischer wrote:
Hi,
On 01.04.2016 08:21, Matthias Fischer wrote:
Maybe we should stay on the last release?!
For now, I'd say 'Yes'! I'll take a closer look at it!
For the records: Right now I'm running a testbuild, based on 'next', with 'iptables 1.6.0' but *without* 'ebtables'. We'll see.
Best, Matthias
Hi,
On 08.04.2016 21:03, Michael Tremer wrote:
Are you sure we have the requirements switched on in our kernel?
No, I'm definitely NOT sure! I'm not so deep into the current kernel options to make a secure statement about this.
Furthermore, since I'm at work again (holidays are over, *sigh*), I hadn't the time to test this more extensive. I had to put it on my long term ToDo-list. The last build - without 'ebtables' - was built without errors, but I didn't test it ONLINE yet! Right now I have the feeling this will require a lot of adjustments to get it really running. For now, the best will be to stay on the current release.
Best, Matthias
-Michael
On Fri, 2016-04-01 at 17:06 +0200, Matthias Fischer wrote:
Hi,
On 01.04.2016 08:21, Matthias Fischer wrote:
Maybe we should stay on the last release?!
For now, I'd say 'Yes'! I'll take a closer look at it!
For the records: Right now I'm running a testbuild, based on 'next', with 'iptables 1.6.0' but *without* 'ebtables'. We'll see.
Best, Matthias