Ubuntu
iptables-netflow package

iptables-netflow dkms build error on focal with linux hwe 5.15

Bug #1960164 reported by Andrea Righi
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
iptables-netflow (Ubuntu)
Fix Released
Undecided
Unassigned
Focal
Fix Released
Undecided
Unassigned

Bug Description

[Impact]

iptables-netflow-dkms fails to build on the latest 5.15 jammy kernel:

/var/lib/dkms/ipt-netflow/2.5.1/build/ipt_NETFLOW.c: In function ‘netflow_conntrack_event’:
/var/lib/dkms/ipt-netflow/2.5.1/build/ipt_NETFLOW.c:4604:31: error: ‘struct nf_ct_event_notifier’ has no member named ‘fcn’
 4604 | ret = notifier->fcn(events, item);
      | ^~
/var/lib/dkms/ipt-netflow/2.5.1/build/ipt_NETFLOW.c: At top level:
/var/lib/dkms/ipt-netflow/2.5.1/build/ipt_NETFLOW.c:4669:10: error: ‘struct nf_ct_event_notifier’ has no member named ‘fcn’
 4669 | .fcn = netflow_conntrack_event
      | ^~~
/var/lib/dkms/ipt-netflow/2.5.1/build/ipt_NETFLOW.c:4669:16: error: initialization of ‘int (*)(unsigned int, const struct nf_ct_event *)’ from incompatible pointer type ‘int (*)(const unsigned int, struct nf_ct_event *)’ [-Werror=incompatible-pointer-types]
 4669 | .fcn = netflow_conntrack_event
      | ^~~~~~~~~~~~~~~~~~~~~~~
/var/lib/dkms/ipt-netflow/2.5.1/build/ipt_NETFLOW.c:4669:16: note: (near initialization for ‘ctnl_notifier.ct_event’)
/var/lib/dkms/ipt-netflow/2.5.1/build/ipt_NETFLOW.c: In function ‘unset_notifier_cb’:
/var/lib/dkms/ipt-netflow/2.5.1/build/ipt_NETFLOW.c:5437:25: error: too many arguments to function ‘nf_conntrack_unregister_notifier’
 5437 | nf_conntrack_unregister_notifier(NET_ARG &ctnl_notifier);
      | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from ./include/net/netfilter/nf_conntrack_core.h:18,
                 from /var/lib/dkms/ipt-netflow/2.5.1/build/ipt_NETFLOW.c:67:
./include/net/netfilter/nf_conntrack_ecache.h:88:6: note: declared here
   88 | void nf_conntrack_unregister_notifier(struct net *net);
      | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from /var/lib/dkms/ipt-netflow/2.5.1/build/ipt_NETFLOW.c:78:
/var/lib/dkms/ipt-netflow/2.5.1/build/murmur3.h: In function ‘murmur3’:
/var/lib/dkms/ipt-netflow/2.5.1/build/murmur3.h:35:28: warning: this statement may fall through [-Wimplicit-fallthrough=]
   35 | case 3: k1 ^= tail[2] << 16; /* FALLTHROUGH */
      | ~~~^~~~~~~~~~~~~~~~
/var/lib/dkms/ipt-netflow/2.5.1/build/murmur3.h:36:17: note: here
   36 | case 2: k1 ^= tail[1] << 8; /* FALLTHROUGH */
      | ^~~~
/var/lib/dkms/ipt-netflow/2.5.1/build/murmur3.h:36:28: warning: this statement may fall through [-Wimplicit-fallthrough=]
   36 | case 2: k1 ^= tail[1] << 8; /* FALLTHROUGH */
      | ~~~^~~~~~~~~~~~~~~
/var/lib/dkms/ipt-netflow/2.5.1/build/murmur3.h:37:17: note: here
   37 | case 1: k1 ^= tail[0];
      | ^~~~
/var/lib/dkms/ipt-netflow/2.5.1/build/ipt_NETFLOW.c: In function ‘parse_sampler’:
/var/lib/dkms/ipt-netflow/2.5.1/build/ipt_NETFLOW.c:2216:21: warning: this statement may fall through [-Wimplicit-fallthrough=]
 2216 | ret = -EINVAL;
/var/lib/dkms/ipt-netflow/2.5.1/build/ipt_NETFLOW.c:2218:9: note: here
 2218 | case '\0': /* empty */
      | ^~~~

[Test case]

sudo apt install iptables-netflow-dkms

[Fix]

Adjust a few function prototype changes to properly build on 5.15.

[Regression potential]

We may see regressions in iptables-netflow with old kernels (< 5.15).

Revision history for this message
Andrea Righi (arighi) wrote :

debdiff in attach fixes the build errors with kernel hwe 5.15 on focal.

Ubuntu Foundations Team Bug Bot (crichton)
tags: added: patch
Dimitri John Ledkov (xnox)
Changed in iptables-netflow (Ubuntu):
status: New → Fix Released
Changed in iptables-netflow (Ubuntu Focal):
status: New → In Progress
Revision history for this message
Andy Whitcroft (apw) wrote : Please test proposed package

Hello Andrea, or anyone else affected,

Accepted iptables-netflow into focal-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/iptables-netflow/2.4-2ubuntu0.5 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-focal to verification-done-focal. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-focal. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in iptables-netflow (Ubuntu Focal):
status: In Progress → Fix Committed
tags: added: verification-needed verification-needed-focal
Revision history for this message
Dimitri John Ledkov (xnox) wrote :

1) launched focal lxd container
2) enabled proposed
3) installed the v5.15 based kernel
apt install linux-generic-hwe-20.04-edge
4) disabled proposed

5) observed that
apt install iptables-netflow-dkms

fails to install

Setting up iptables-netflow-dkms (2.4-2ubuntu0.4) ...
Loading new ipt-netflow-2.4 DKMS files...
It is likely that 5.13.0-40-generic belongs to a chroot's host
Building for 5.15.0-25-generic
Building initial module for 5.15.0-25-generic
ERROR (dkms apport): kernel package linux-headers-5.15.0-25-generic is not supported
Error! Bad return status for module build on kernel: 5.15.0-25-generic (x86_64)
Consult /var/lib/dkms/ipt-netflow/2.4/build/make.log for more information.

6) enabled proposed once again

7) observed that iptables-netflow-dkms from proposed installs & builds fine

Get:1 http://archive.ubuntu.com/ubuntu focal-proposed/universe amd64 iptables-netflow-dkms amd64 2.4-2ubuntu0.5 [70.5 kB]
Fetched 70.5 kB in 0s (202 kB/s)
(Reading database ... 76722 files and directories currently installed.)
Preparing to unpack .../iptables-netflow-dkms_2.4-2ubuntu0.5_amd64.deb ...

------------------------------
Deleting module version: 2.4
completely from the DKMS tree.
------------------------------
Done.
Unpacking iptables-netflow-dkms (2.4-2ubuntu0.5) over (2.4-2ubuntu0.4) ...
Setting up iptables-netflow-dkms (2.4-2ubuntu0.5) ...
Loading new ipt-netflow-2.4 DKMS files...
It is likely that 5.13.0-40-generic belongs to a chroot's host
Building for 5.15.0-25-generic
Building initial module for 5.15.0-25-generic
Done.

ipt_NETFLOW.ko:
Running module version sanity check.
 - Original module
   - No original module exists within this kernel
 - Installation
   - Installing to /lib/modules/5.15.0-25-generic/updates/dkms/

depmod...

DKMS: install completed.

tags: added: verification-done verification-done-focal
removed: verification-needed verification-needed-focal
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package iptables-netflow - 2.4-2ubuntu0.5

---------------
iptables-netflow (2.4-2ubuntu0.5) focal; urgency=medium

  * Support Linux kernel 5.15. (LP: #1960164)

 -- Andrea Righi <email address hidden> Sun, 06 Feb 2022 16:46:28 +0000

Changed in iptables-netflow (Ubuntu Focal):
status: Fix Committed → Fix Released
Revision history for this message
Brian Murray (brian-murray) wrote : Update Released

The verification of the Stable Release Update for iptables-netflow has completed successfully and the package is now being released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.