Bug 253547 - security/expiretable does not compile on stable/13
Summary: security/expiretable does not compile on stable/13
Status: New
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: freebsd-ports-bugs (Nobody)
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-02-16 00:35 UTC by mike
Modified: 2021-04-13 12:14 UTC (History)
4 users (show)

See Also:
bugzilla: maintainer-feedback? (cris)


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description mike 2021-02-16 00:35:01 UTC
root@freebsd:/usr/ports/security/expiretable # make
===>   expiretable-0.6_1 depends on file: /usr/local/sbin/pkg - found
===> Fetching all distfiles required by expiretable-0.6_1 for building
===>  Extracting for expiretable-0.6_1
=> SHA256 Checksum OK for expiretable-0.6.tar.gz.
===>  Patching for expiretable-0.6_1
===>  Applying FreeBSD patches for expiretable-0.6_1 from /usr/ports/security/expiretable/files
===>  Configuring for expiretable-0.6_1
===>  Building for expiretable-0.6_1
--- expiretable.o ---
--- ioctl_helpers.o ---
--- messages.o ---
--- expiretable.o ---
cc -O2 -pipe  -fstack-protector-strong -fno-strict-aliasing  -pedantic -Wall -ansi -c expiretable.c -o expiretable.o
--- ioctl_helpers.o ---
cc -O2 -pipe  -fstack-protector-strong -fno-strict-aliasing  -pedantic -Wall -ansi -c ioctl_helpers.c -o ioctl_helpers.o
--- messages.o ---
cc -O2 -pipe  -fstack-protector-strong -fno-strict-aliasing  -pedantic -Wall -ansi -c messages.c -o messages.o
--- ioctl_helpers.o ---
ioctl_helpers.c:203:10: warning: incompatible pointer types assigning to 'struct pf_state *' from 'struct pfsync_state *' [-Wincompatible-pointer-types]
        *states = ps.ps_states;
                ^ ~~~~~~~~~~~~
ioctl_helpers.c:204:21: error: invalid application of 'sizeof' to an incomplete type 'struct pf_state'
        return ps.ps_len / sizeof(struct pf_state);
                           ^     ~~~~~~~~~~~~~~~~~
/usr/include/net/pfvar.h:485:15: note: forward declaration of 'struct pf_state'
        TAILQ_HEAD(, pf_state)   states[2];
                     ^
1 warning and 1 error generated.
*** [ioctl_helpers.o] Error code 1

make[1]: stopped in /usr/ports/security/expiretable/work/expiretable-0.6
1 error

make[1]: stopped in /usr/ports/security/expiretable/work/expiretable-0.6
===> Compilation failed unexpectedly.
Try to set MAKE_JOBS_UNSAFE=yes and rebuild before reporting the failure to
the maintainer.
*** Error code 1

Stop.
make: stopped in /usr/ports/security/expiretable
root@freebsd:/usr/ports/security/expiretable #
Comment 1 Kristof Provost freebsd_committer 2021-02-16 08:38:02 UTC
That's a result of the removal of the pf_state definition from the public headers, as part of the pf counter rework.

It was removed because pf_state is a kernel-internal structure, and it has changed.

Note that the ioctl() performed by this port (DIOCGETSTATES) doesn't actually return pf_state structures. It returns pfsync_state structures, and those are different.

In other words: this port was already thoroughly broken, but now it also fails to compile. It does not make sense to return the structure to userspace visibility, because that won't actually make it work either.
Comment 2 mike 2021-02-16 10:21:03 UTC
(In reply to Kristof Provost from comment #1)
OK, understood.  If there a different port or better way to approach this ? Expiring entries by time is a useful feature to have in various rate limiting firewalls
Comment 3 mike 2021-02-16 10:21:03 UTC
(In reply to Kristof Provost from comment #1)
OK, understood.  If there a different port or better way to approach this ? Expiring entries by time is a useful feature to have in various rate limiting firewalls
Comment 4 Kristof Provost freebsd_committer 2021-02-16 10:37:57 UTC
(In reply to mike from comment #2)
I'm sure that the port can be fixed. If it's changed to use the pfsync_state structure it'll likely work fine.

I don't use any such tools, so I have no alternatives to recommend.
Comment 5 Miroslav Lachman 2021-03-12 16:17:32 UTC
(In reply to mike from comment #3)
Maybe You don't need any tool, you can use pfctl.

With expiretable I used the following
 # expiretable -v -t $ttl $table

With pfctl I can use
 # pfctl -v -t $table -T expire $ttl