Ubuntu
ipset package

ipset broken ipmap dynamic linking

Bug #200561 reported by Roman Hoog Antink
12
This bug affects 1 person
Affects Status Importance Assigned to Milestone
ipset (Ubuntu)
Fix Released
Undecided
Unassigned
Declined for Gutsy by Luca Falavigna
Nominated for Hardy by Roman Hoog Antink
Nominated for Intrepid by Oibaf
Nominated for Jaunty by Roman Hoog Antink

Bug Description

Binary package hint: ipset

Note: this bug is slightly related to bug 79182 but is no duplicate.

I installed ipset 2.3.0-1 on hardy alpha6 and ran "ipset -H ipmap". Gutsy has the same problem.

It yields this error: ipset v2.3.0: Couldn't load settype `ipmap':/usr/lib/ipset/libipset_ipmap.so: undefined symbol: __stack_chk_fail_local

The same error will occur with kernel support, as soon as you try to create an ipset of type ipmap (other types are not affected). e.g. ipset -A myTestSet ipmap

This error is caused by compiling the shared libs, especially libipset_ipmap.so (residing in /usr/lib/ipset/) with the gcc stack-protector enabled. A workaround is this tiny patch to the Makefile of ipset userspace tool:

### start
--- Makefile-orig 2008-03-07 17:13:16.000000000 +0100
+++ Makefile 2008-03-10 11:40:34.000000000 +0100
@@ -22,7 +22,7 @@

 COPT_FLAGS:=-O2
 CFLAGS:=$(COPT_FLAGS) -Wall -Wunused -I$(KERNEL_DIR)/include -I. -g -DIPSET_DEBUG #-pg # -DIPTC_DEBUG
-SH_CFLAGS:=$(CFLAGS) -fPIC
+SH_CFLAGS:=$(CFLAGS) -fno-stack-protector -fPIC
 SETTYPES:=ipmap portmap macipmap iphash nethash iptree iptreemap ipporthash

 PROGRAMS=ipset
### end

A far cooler solution would be fixing the real cause of the problem: dlopen (called in ipset.c) seems to have some issues with gcc's stack-protector.

Revision history for this message
Daniel T Chen (crimsun) wrote :

Is this symptom still reproducible in 9.04?

Changed in ipset:
status: New → Incomplete
Revision history for this message
Roman Hoog Antink (rha-ubuntu) wrote :

Yes, I got that problem with ipset -H ipmap on a fresh installed (server) jaunty (Alpha1) too:

# ipset -H ipmap
I'm of protocol version 2.
Kernel module is not loaded in, cannot verify kernel version.
ipset v2.3.3: Couldn't load settype `ipmap':/usr/lib/ipset/libipset_ipmap.so: undefined symbol: __stack_chk_fail_local

Try `ipset -H' or 'ipset --help' for more information.

Oibaf (oibaf)
Changed in ipset:
status: Incomplete → Confirmed
Revision history for this message
Oibaf (oibaf) wrote :

It should be fixed in 12.04 with newer ipset, see bug 979682.

Changed in ipset (Ubuntu):
status: Confirmed → Fix Committed
Revision history for this message
Oibaf (oibaf) wrote :

Fixed in 12.04, reopen if needed.

Changed in ipset (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.