Summary: | security/expiretable does not compile on stable/13 | ||||||
---|---|---|---|---|---|---|---|
Product: | Ports & Packages | Reporter: | mike | ||||
Component: | Individual Port(s) | Assignee: | Renato Botelho <garga> | ||||
Status: | Closed FIXED | ||||||
Severity: | Affects Some People | CC: | 000.fbsd, cris, fluffy, garga, kp | ||||
Priority: | --- | Flags: | bugzilla:
maintainer-feedback?
(cris) |
||||
Version: | Latest | ||||||
Hardware: | Any | ||||||
OS: | Any | ||||||
Attachments: |
|
Description
mike
2021-02-16 00:35:01 UTC
That's a result of the removal of the pf_state definition from the public headers, as part of the pf counter rework. It was removed because pf_state is a kernel-internal structure, and it has changed. Note that the ioctl() performed by this port (DIOCGETSTATES) doesn't actually return pf_state structures. It returns pfsync_state structures, and those are different. In other words: this port was already thoroughly broken, but now it also fails to compile. It does not make sense to return the structure to userspace visibility, because that won't actually make it work either. (In reply to Kristof Provost from comment #1) OK, understood. If there a different port or better way to approach this ? Expiring entries by time is a useful feature to have in various rate limiting firewalls (In reply to Kristof Provost from comment #1) OK, understood. If there a different port or better way to approach this ? Expiring entries by time is a useful feature to have in various rate limiting firewalls (In reply to mike from comment #2) I'm sure that the port can be fixed. If it's changed to use the pfsync_state structure it'll likely work fine. I don't use any such tools, so I have no alternatives to recommend. (In reply to mike from comment #3) Maybe You don't need any tool, you can use pfctl. With expiretable I used the following # expiretable -v -t $ttl $table With pfctl I can use # pfctl -v -t $table -T expire $ttl I'm working on a fix with kp@ Created attachment 224262 [details]
Fix build
As noted by kp@, get_states() function is not used so the easiest path here is to just remove it and then expiretable builds again.
While here, I've updated all patches using `make makepatch`
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=712ed31c3e42950d96d5995007d7a7b361cd3d83 commit 712ed31c3e42950d96d5995007d7a7b361cd3d83 Author: Renato Botelho <garga@FreeBSD.org> AuthorDate: 2021-05-04 12:10:43 +0000 Commit: Renato Botelho <garga@FreeBSD.org> CommitDate: 2021-05-04 12:18:48 +0000 security/expiretable: Fix build on 13+ get_states() is the reason it stopped building on FreeBSD 13 and newer. Retire this function since it's not used anywhere and get the build fixed. PR: 253547 Reported by: mike@sentex.net Reviewed by: kp Approved by: maintainer timeout (2 weeks) Obtained from: pfSense MFH: 2021Q2 Sponsored by: Rubicon Communications, LLC ("Netgate") security/expiretable/Makefile | 2 +- security/expiretable/files/patch-Makefile | 6 +-- .../{patch-expiretable => patch-expiretable.c} | 6 +-- .../expiretable/files/patch-ioctl__helpers.c (new) | 49 ++++++++++++++++++++++ .../expiretable/files/patch-ioctl__helpers.h (new) | 9 ++++ 5 files changed, 65 insertions(+), 7 deletions(-) A commit in branch 2021Q2 references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=1cb655c9ea5096eed0093ac1d1a09020c6efc6c7 commit 1cb655c9ea5096eed0093ac1d1a09020c6efc6c7 Author: Renato Botelho <garga@FreeBSD.org> AuthorDate: 2021-05-04 12:10:43 +0000 Commit: Renato Botelho <garga@FreeBSD.org> CommitDate: 2021-05-04 12:22:43 +0000 security/expiretable: Fix build on 13+ get_states() is the reason it stopped building on FreeBSD 13 and newer. Retire this function since it's not used anywhere and get the build fixed. PR: 253547 Reported by: mike@sentex.net Reviewed by: kp Approved by: maintainer timeout (2 weeks) Obtained from: pfSense MFH: 2021Q2 Sponsored by: Rubicon Communications, LLC ("Netgate") (cherry picked from commit 712ed31c3e42950d96d5995007d7a7b361cd3d83) security/expiretable/Makefile | 2 +- security/expiretable/files/patch-Makefile | 6 +-- .../{patch-expiretable => patch-expiretable.c} | 6 +-- .../expiretable/files/patch-ioctl__helpers.c (new) | 49 ++++++++++++++++++++++ .../expiretable/files/patch-ioctl__helpers.h (new) | 9 ++++ 5 files changed, 65 insertions(+), 7 deletions(-) |