Bug 253547 - security/expiretable does not compile on stable/13
Summary: security/expiretable does not compile on stable/13
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Renato Botelho
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-02-16 00:35 UTC by mike
Modified: 2021-05-04 12:23 UTC (History)
5 users (show)

See Also:
bugzilla: maintainer-feedback? (cris)


Attachments
Fix build (3.83 KB, patch)
2021-04-19 18:20 UTC, Renato Botelho
garga: maintainer-approval? (cris)
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description mike 2021-02-16 00:35:01 UTC
root@freebsd:/usr/ports/security/expiretable # make
===>   expiretable-0.6_1 depends on file: /usr/local/sbin/pkg - found
===> Fetching all distfiles required by expiretable-0.6_1 for building
===>  Extracting for expiretable-0.6_1
=> SHA256 Checksum OK for expiretable-0.6.tar.gz.
===>  Patching for expiretable-0.6_1
===>  Applying FreeBSD patches for expiretable-0.6_1 from /usr/ports/security/expiretable/files
===>  Configuring for expiretable-0.6_1
===>  Building for expiretable-0.6_1
--- expiretable.o ---
--- ioctl_helpers.o ---
--- messages.o ---
--- expiretable.o ---
cc -O2 -pipe  -fstack-protector-strong -fno-strict-aliasing  -pedantic -Wall -ansi -c expiretable.c -o expiretable.o
--- ioctl_helpers.o ---
cc -O2 -pipe  -fstack-protector-strong -fno-strict-aliasing  -pedantic -Wall -ansi -c ioctl_helpers.c -o ioctl_helpers.o
--- messages.o ---
cc -O2 -pipe  -fstack-protector-strong -fno-strict-aliasing  -pedantic -Wall -ansi -c messages.c -o messages.o
--- ioctl_helpers.o ---
ioctl_helpers.c:203:10: warning: incompatible pointer types assigning to 'struct pf_state *' from 'struct pfsync_state *' [-Wincompatible-pointer-types]
        *states = ps.ps_states;
                ^ ~~~~~~~~~~~~
ioctl_helpers.c:204:21: error: invalid application of 'sizeof' to an incomplete type 'struct pf_state'
        return ps.ps_len / sizeof(struct pf_state);
                           ^     ~~~~~~~~~~~~~~~~~
/usr/include/net/pfvar.h:485:15: note: forward declaration of 'struct pf_state'
        TAILQ_HEAD(, pf_state)   states[2];
                     ^
1 warning and 1 error generated.
*** [ioctl_helpers.o] Error code 1

make[1]: stopped in /usr/ports/security/expiretable/work/expiretable-0.6
1 error

make[1]: stopped in /usr/ports/security/expiretable/work/expiretable-0.6
===> Compilation failed unexpectedly.
Try to set MAKE_JOBS_UNSAFE=yes and rebuild before reporting the failure to
the maintainer.
*** Error code 1

Stop.
make: stopped in /usr/ports/security/expiretable
root@freebsd:/usr/ports/security/expiretable #
Comment 1 Kristof Provost freebsd_committer freebsd_triage 2021-02-16 08:38:02 UTC
That's a result of the removal of the pf_state definition from the public headers, as part of the pf counter rework.

It was removed because pf_state is a kernel-internal structure, and it has changed.

Note that the ioctl() performed by this port (DIOCGETSTATES) doesn't actually return pf_state structures. It returns pfsync_state structures, and those are different.

In other words: this port was already thoroughly broken, but now it also fails to compile. It does not make sense to return the structure to userspace visibility, because that won't actually make it work either.
Comment 2 mike 2021-02-16 10:21:03 UTC
(In reply to Kristof Provost from comment #1)
OK, understood.  If there a different port or better way to approach this ? Expiring entries by time is a useful feature to have in various rate limiting firewalls
Comment 3 mike 2021-02-16 10:21:03 UTC
(In reply to Kristof Provost from comment #1)
OK, understood.  If there a different port or better way to approach this ? Expiring entries by time is a useful feature to have in various rate limiting firewalls
Comment 4 Kristof Provost freebsd_committer freebsd_triage 2021-02-16 10:37:57 UTC
(In reply to mike from comment #2)
I'm sure that the port can be fixed. If it's changed to use the pfsync_state structure it'll likely work fine.

I don't use any such tools, so I have no alternatives to recommend.
Comment 5 Miroslav Lachman 2021-03-12 16:17:32 UTC
(In reply to mike from comment #3)
Maybe You don't need any tool, you can use pfctl.

With expiretable I used the following
 # expiretable -v -t $ttl $table

With pfctl I can use
 # pfctl -v -t $table -T expire $ttl
Comment 6 Renato Botelho freebsd_committer freebsd_triage 2021-04-19 13:38:35 UTC
I'm working on a fix with kp@
Comment 7 Renato Botelho freebsd_committer freebsd_triage 2021-04-19 18:20:45 UTC
Created attachment 224262 [details]
Fix build

As noted by kp@, get_states() function is not used so the easiest path here is to just remove it and then expiretable builds again.

While here, I've updated all patches using `make makepatch`
Comment 8 commit-hook freebsd_committer freebsd_triage 2021-05-04 12:19:33 UTC
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=712ed31c3e42950d96d5995007d7a7b361cd3d83

commit 712ed31c3e42950d96d5995007d7a7b361cd3d83
Author:     Renato Botelho <garga@FreeBSD.org>
AuthorDate: 2021-05-04 12:10:43 +0000
Commit:     Renato Botelho <garga@FreeBSD.org>
CommitDate: 2021-05-04 12:18:48 +0000

    security/expiretable: Fix build on 13+

    get_states() is the reason it stopped building on FreeBSD 13 and newer.
    Retire this function since it's not used anywhere and get the build
    fixed.

    PR:             253547
    Reported by:    mike@sentex.net
    Reviewed by:    kp
    Approved by:    maintainer timeout (2 weeks)
    Obtained from:  pfSense
    MFH:            2021Q2
    Sponsored by:   Rubicon Communications, LLC ("Netgate")

 security/expiretable/Makefile                      |  2 +-
 security/expiretable/files/patch-Makefile          |  6 +--
 .../{patch-expiretable => patch-expiretable.c}     |  6 +--
 .../expiretable/files/patch-ioctl__helpers.c (new) | 49 ++++++++++++++++++++++
 .../expiretable/files/patch-ioctl__helpers.h (new) |  9 ++++
 5 files changed, 65 insertions(+), 7 deletions(-)
Comment 9 commit-hook freebsd_committer freebsd_triage 2021-05-04 12:23:36 UTC
A commit in branch 2021Q2 references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=1cb655c9ea5096eed0093ac1d1a09020c6efc6c7

commit 1cb655c9ea5096eed0093ac1d1a09020c6efc6c7
Author:     Renato Botelho <garga@FreeBSD.org>
AuthorDate: 2021-05-04 12:10:43 +0000
Commit:     Renato Botelho <garga@FreeBSD.org>
CommitDate: 2021-05-04 12:22:43 +0000

    security/expiretable: Fix build on 13+

    get_states() is the reason it stopped building on FreeBSD 13 and newer.
    Retire this function since it's not used anywhere and get the build
    fixed.

    PR:             253547
    Reported by:    mike@sentex.net
    Reviewed by:    kp
    Approved by:    maintainer timeout (2 weeks)
    Obtained from:  pfSense
    MFH:            2021Q2
    Sponsored by:   Rubicon Communications, LLC ("Netgate")

    (cherry picked from commit 712ed31c3e42950d96d5995007d7a7b361cd3d83)

 security/expiretable/Makefile                      |  2 +-
 security/expiretable/files/patch-Makefile          |  6 +--
 .../{patch-expiretable => patch-expiretable.c}     |  6 +--
 .../expiretable/files/patch-ioctl__helpers.c (new) | 49 ++++++++++++++++++++++
 .../expiretable/files/patch-ioctl__helpers.h (new) |  9 ++++
 5 files changed, 65 insertions(+), 7 deletions(-)