Description of problem: *********************** Trying to compile NuFW firewall, which require /usr/lib/libipq.a coming from the package: iptables-devel-1.3.5-1.2.1 and with the last: kernel-headers-2.6.18-1.2869.fc6 that are the last updates on Jan 7, 2007 I got this ERROR: ------------------------------------------------------- In file included from /usr/include/linux/netfilter_ipv4/ip_queue.h:10, from /usr/include/libipq.h:37, from nufw.h:76, from authsrv.c:20: /usr/include/net/if.h:45: error: expected identifier before numeric constant /usr/include/net/if.h:113: error: redefinition of 'struct ifmap' /usr/include/net/if.h:128: error: redefinition of 'struct ifreq' /usr/include/net/if.h:178: error: redefinition of 'struct ifconf' make[2]: *** [authsrv.o] Error 1 make[2]: Leaving directory `/usr/src/redhat/BUILD/nufw-2.1.1/src/nufw' --------------------------------------------------------- So /usr/include/libipq.h --> includes : /usr/include/linux/netfilter_ipv4/ip_queue.h (provided by kernel-headers-2.6.18-1.2869.fc6) And in this ip_queue.h we have an include: --> #include <net/if.h> which is the cause of the above errors By replacing #include <net/if.h> with #include <linux/if.h> all the errors disappear, and i get a successful compilation for nufw. But now I can't be confident with this result; is /usr/include/linux/netfilter_ipv4 an obsolete branch , of current kernel version ? Version-Release number of selected component (if applicable): *************************************************************** kernel-headers-2.6.18-1.2869.fc6 iptables-devel-1.3.5-1.2.1 How reproducible: ****************** always Steps to Reproduce: ******************** see description above Actual results: *************** "compilation failed" for components relying on iptables-devel Expected results: **************** smooth compilation with any components requiring iptables-devel Additional info: **************** I tried to replace also #include <net/if.h> by #include <linux/if.h> in kernel tree sources, an recompiled it completely ater a make clean. NOTICE: few components are impacted by this include: ip_queue.h from top kernel tree source: # find . | xargs fgrep ip_queue.h 2> /dev/null ./net/ipv4/netfilter/ip_queue.c:#include <linux/netfilter_ipv4/ip_queue.h> ./net/ipv4/netfilter/.ip_queue.o.cmd: include/linux/netfilter_ipv4/ip_queue.h \ ./net/ipv6/netfilter/ip6_queue.c:#include <linux/netfilter_ipv4/ip_queue.h> ./net/ipv6/netfilter/.ip6_queue.o.cmd: include/linux/netfilter_ipv4/ip_queue.h \ ./security/selinux/nlmsgtab.c:#include <linux/netfilter_ipv4/ip_queue.h> ./security/selinux/.nlmsgtab.o.cmd: include/linux/netfilter_ipv4/ip_queue.h \ ./include/linux/netfilter_ipv4/Kbuild:unifdef-y += ip_queue.h so only 3 files: ./net/ipv4/netfilter/ip_queue.c ./net/ipv6/netfilter/ip6_queue.c ./security/selinux/nlmsgtab.c Cuurently I have rebooted with a kernel with the same config as the original 2.6.18-1.2869.fc6, but recompiled completely after the modification in ip_queue.h: #include <net/if.h> by #include <linux/if.h> And my netfilter/iptables seams yet working Can you comment on this if it is a bad solution ?
Hm, <linux/netfilter_ipv4/ip_queue.h> explicitly includes <net/if.h> when it's used in userspace, for reasons unclear to me (since it doesn't seem to _need_ anything from there). Perhaps it should just be removed?
That's not the problem. /usr/include/net/if.h is fine, that's what user apps should be using. Something is bringing in /usr/include/linux/if.h and that is the source of the problems, because linux/if.h defines IFF_* as macros, but /usr/include/net/if.h wants to define these using an enumeration thus the compile failures.
The issue is linux/netlink.h in the kernel sources, which is included by libipq.h This has been fixed upstream already. linux/netlink.h was erroneously including linux/if.h indirectly via another file, and for userspace that is a no-no.
(In reply to comment #3) > The issue is linux/netlink.h in the kernel sources, which is included > by libipq.h > > This has been fixed upstream already. linux/netlink.h was erroneously > including linux/if.h indirectly via another file, and for userspace that > is a no-no. > Well, currently I only patched the files under /usr/include/linux and not the ones under /usr/src/linux-2.6.18/include/linux (so kernel itself was recompiled with its original includes) so I only patched /usr/include/netfilter_ipv4/ip_queue.h Well I searched desperately how linux/netlink.h could bring <linux/if.h> via <linux/socket.h> <linux/type.h> and their subsequent includes and I find nothing ! So I followed the David Woodhouse suggestion: in /usr/include/linux/netfilter_ipv4/ip_queue.h I just commented out net/if.h //#include <net/if.h> and because #include <linux/if.h> is included somewehere else the compilation of nufw ended successfully! ****************************************** In summary today I'm working with last kernel: # rpm -qa | grep kernel.*2895 kernel-2.6.19-1.2895.fc6 kernel-headers-2.6.19-1.2895.fc6 kernel-devel-2.6.19-1.2895.fc6 and I just patched (comment out <net/if.h>) /usr/include/linux/netfilter_ipv4/ip_queue.h brought by kernel-headers
Finally I completely abandon usage of libipq coming from the package: iptables-devel-1.3.5-1.2.1 I removed this package, put back #include <net/if.h> in /usr/include/linux/netfilter_ipv4/ip_queue.h because I don't use it any more with the new solution: ==> configure nufw with an additional extra option: --with-nfqueue --with-nfconntrack once the new netfilter userspace API from www.netfilter.org is installed libnfnetlink,libnetfilter_queue and libnetfilter_conntrack with this solution the compilation is bug free