root@freebsd:/usr/ports/security/expiretable # make ===> expiretable-0.6_1 depends on file: /usr/local/sbin/pkg - found ===> Fetching all distfiles required by expiretable-0.6_1 for building ===> Extracting for expiretable-0.6_1 => SHA256 Checksum OK for expiretable-0.6.tar.gz. ===> Patching for expiretable-0.6_1 ===> Applying FreeBSD patches for expiretable-0.6_1 from /usr/ports/security/expiretable/files ===> Configuring for expiretable-0.6_1 ===> Building for expiretable-0.6_1 --- expiretable.o --- --- ioctl_helpers.o --- --- messages.o --- --- expiretable.o --- cc -O2 -pipe -fstack-protector-strong -fno-strict-aliasing -pedantic -Wall -ansi -c expiretable.c -o expiretable.o --- ioctl_helpers.o --- cc -O2 -pipe -fstack-protector-strong -fno-strict-aliasing -pedantic -Wall -ansi -c ioctl_helpers.c -o ioctl_helpers.o --- messages.o --- cc -O2 -pipe -fstack-protector-strong -fno-strict-aliasing -pedantic -Wall -ansi -c messages.c -o messages.o --- ioctl_helpers.o --- ioctl_helpers.c:203:10: warning: incompatible pointer types assigning to 'struct pf_state *' from 'struct pfsync_state *' [-Wincompatible-pointer-types] *states = ps.ps_states; ^ ~~~~~~~~~~~~ ioctl_helpers.c:204:21: error: invalid application of 'sizeof' to an incomplete type 'struct pf_state' return ps.ps_len / sizeof(struct pf_state); ^ ~~~~~~~~~~~~~~~~~ /usr/include/net/pfvar.h:485:15: note: forward declaration of 'struct pf_state' TAILQ_HEAD(, pf_state) states[2]; ^ 1 warning and 1 error generated. *** [ioctl_helpers.o] Error code 1 make[1]: stopped in /usr/ports/security/expiretable/work/expiretable-0.6 1 error make[1]: stopped in /usr/ports/security/expiretable/work/expiretable-0.6 ===> Compilation failed unexpectedly. Try to set MAKE_JOBS_UNSAFE=yes and rebuild before reporting the failure to the maintainer. *** Error code 1 Stop. make: stopped in /usr/ports/security/expiretable root@freebsd:/usr/ports/security/expiretable #
That's a result of the removal of the pf_state definition from the public headers, as part of the pf counter rework. It was removed because pf_state is a kernel-internal structure, and it has changed. Note that the ioctl() performed by this port (DIOCGETSTATES) doesn't actually return pf_state structures. It returns pfsync_state structures, and those are different. In other words: this port was already thoroughly broken, but now it also fails to compile. It does not make sense to return the structure to userspace visibility, because that won't actually make it work either.
(In reply to Kristof Provost from comment #1) OK, understood. If there a different port or better way to approach this ? Expiring entries by time is a useful feature to have in various rate limiting firewalls
(In reply to mike from comment #2) I'm sure that the port can be fixed. If it's changed to use the pfsync_state structure it'll likely work fine. I don't use any such tools, so I have no alternatives to recommend.
(In reply to mike from comment #3) Maybe You don't need any tool, you can use pfctl. With expiretable I used the following # expiretable -v -t $ttl $table With pfctl I can use # pfctl -v -t $table -T expire $ttl
I'm working on a fix with kp@
Created attachment 224262 [details] Fix build As noted by kp@, get_states() function is not used so the easiest path here is to just remove it and then expiretable builds again. While here, I've updated all patches using `make makepatch`
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=712ed31c3e42950d96d5995007d7a7b361cd3d83 commit 712ed31c3e42950d96d5995007d7a7b361cd3d83 Author: Renato Botelho <garga@FreeBSD.org> AuthorDate: 2021-05-04 12:10:43 +0000 Commit: Renato Botelho <garga@FreeBSD.org> CommitDate: 2021-05-04 12:18:48 +0000 security/expiretable: Fix build on 13+ get_states() is the reason it stopped building on FreeBSD 13 and newer. Retire this function since it's not used anywhere and get the build fixed. PR: 253547 Reported by: mike@sentex.net Reviewed by: kp Approved by: maintainer timeout (2 weeks) Obtained from: pfSense MFH: 2021Q2 Sponsored by: Rubicon Communications, LLC ("Netgate") security/expiretable/Makefile | 2 +- security/expiretable/files/patch-Makefile | 6 +-- .../{patch-expiretable => patch-expiretable.c} | 6 +-- .../expiretable/files/patch-ioctl__helpers.c (new) | 49 ++++++++++++++++++++++ .../expiretable/files/patch-ioctl__helpers.h (new) | 9 ++++ 5 files changed, 65 insertions(+), 7 deletions(-)
A commit in branch 2021Q2 references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=1cb655c9ea5096eed0093ac1d1a09020c6efc6c7 commit 1cb655c9ea5096eed0093ac1d1a09020c6efc6c7 Author: Renato Botelho <garga@FreeBSD.org> AuthorDate: 2021-05-04 12:10:43 +0000 Commit: Renato Botelho <garga@FreeBSD.org> CommitDate: 2021-05-04 12:22:43 +0000 security/expiretable: Fix build on 13+ get_states() is the reason it stopped building on FreeBSD 13 and newer. Retire this function since it's not used anywhere and get the build fixed. PR: 253547 Reported by: mike@sentex.net Reviewed by: kp Approved by: maintainer timeout (2 weeks) Obtained from: pfSense MFH: 2021Q2 Sponsored by: Rubicon Communications, LLC ("Netgate") (cherry picked from commit 712ed31c3e42950d96d5995007d7a7b361cd3d83) security/expiretable/Makefile | 2 +- security/expiretable/files/patch-Makefile | 6 +-- .../{patch-expiretable => patch-expiretable.c} | 6 +-- .../expiretable/files/patch-ioctl__helpers.c (new) | 49 ++++++++++++++++++++++ .../expiretable/files/patch-ioctl__helpers.h (new) | 9 ++++ 5 files changed, 65 insertions(+), 7 deletions(-)