Package: iptables-netflow-dkms
Version: 2.5.1-2
Severity: grave
Tags: patch bullseye
Since linux-image-5.10.0-31-amd64/5.10.221-1, ipt_NETFLOW.ko no more
builds on Debian 11 Bullseye:
Citing from /var/lib/dkms/ipt-netflow/2.5.1/build/make.log:
DKMS make.log for ipt-netflow-2.5.1 for kernel 5.10.0-31-amd64 (x86_64)
Tue Jul 16 16:17:06 UTC 2024
./gen_compat_def > compat_def.h
Test symbol xt_family linux/netfilter_ipv4/ip_tables.h
Test struct timeval linux/ktime.h
Test struct proc_ops linux/proc_fs.h
Test symbol synchronize_sched linux/rcupdate.h
Compiling for kernel 5.10.221
make -C /lib/modules/5.10.0-31-amd64/build
M=/var/lib/dkms/ipt-netflow/2.5.1/build modules CONFIG_DEBUG_INFO
make[1]: warning: jobserver unavailable: using -j1. Add '+' to parent make
rule.
make[1]: Entering directory '/usr/src/linux-headers-5.10.0-31-amd64'
CC [M] /var/lib/dkms/ipt-netflow/2.5.1/build/ipt_NETFLOW.o
/var/lib/dkms/ipt-netflow/2.5.1/build/ipt_NETFLOW.c: In function 'nf_seq_show':
/var/lib/dkms/ipt-netflow/2.5.1/build/ipt_NETFLOW.c:755:39: warning: format
'%lu' expects argument of type ' 3 has type 's64' {aka 'long long int'}
[-Wformat=]
755 | seq_printf(seq, " Flows selected %lu, discarded %lu.",
| ~~^
| |
| long unsigned int
| %llu
/var/lib/dkms/ipt-netflow/2.5.1/build/ipt_NETFLOW.c:755:54: warning: format
'%lu' expects argument of type ' 4 has type 's64' {aka 'long long int'}
[-Wformat=]
755 | seq_printf(seq, " Flows selected %lu, discarded %lu.",
| ~~^
| |
| long unsigned int
| %llu
/var/lib/dkms/ipt-netflow/2.5.1/build/ipt_NETFLOW.c:759:39: warning: format
'%lu' expects argument of type ' 3 has type 's64' {aka 'long long int'}
[-Wformat=]
759 | seq_printf(seq, " Flows selected %lu.",
atomic64_read(&flows_selected));
| ~~^
| |
| long unsigned int
| %llu
MODPOST /var/lib/dkms/ipt-netflow/2.5.1/build/Module.symvers
ERROR: modpost: "find_module"
[/var/lib/dkms/ipt-netflow/2.5.1/build/ipt_NETFLOW.ko] undefined!
make[3]: ***
[/usr/src/linux-headers-5.10.0-31-common/scripts/Makefile.modpost:123:
/var/lib/dkms/ipt-netfloror 1
make[3]: *** Deleting file
'/var/lib/dkms/ipt-netflow/2.5.1/build/Module.symvers'
make[2]: *** [/usr/src/linux-headers-5.10.0-31-common/Makefile:1783: modules]
Error 2
make[1]: *** [/usr/src/linux-headers-5.10.0-31-common/Makefile:192: __sub-make]
Error 2
make[1]: Leaving directory '/usr/src/linux-headers-5.10.0-31-amd64'
make: *** [Makefile:25: ipt_NETFLOW.ko] Error 2
This happens, because upstream kernel 5.10.220 backported this change
from kernel 5.12:
- module: unexport find_module and module_mutex
Backporting upstream commit
https://github.com/aabc/ipt-netflow/commit/5aae3791922bd3df878605b15e83ea48a4bd096c
with updated version constraint fixes the issue:
Index: iptables-netflow-2.5.1/compat.h
===================================================================
--- iptables-netflow-2.5.1.orig/compat.h
+++ iptables-netflow-2.5.1/compat.h
@@ -749,4 +749,29 @@ unsigned long long strtoul(const char *c
return result;
}
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(5,12,0) || LINUX_VERSION_CODE >=
KERNEL_VERSION(5,10,220)
+/*
+ * find_module() is unexported in v5.12:
+ * 089049f6c9956 ("module: unexport find_module and module_mutex")
+ * and module_mutex is replaced with RCU in
+ * a006050575745 ("module: use RCU to synchronize find_module")
+ */
+#include <linux/rcupdate.h>
+struct module *find_module(const char *name)
+{
+ struct module *mod;
+
+ rcu_read_lock_sched();
+ /* Yes this is crazy, but should work. */
+ list_for_each_entry_rcu(mod, &THIS_MODULE->list, list) {
+ if (!strcmp(mod->name, name)) {
+ rcu_read_unlock_sched();
+ return mod;
+ }
+ }
+ rcu_read_unlock_sched();
+ return NULL;
+}
+#endif
+
#endif /* COMPAT_NETFLOW_H */
I intend to do a bullseye-proposed-stable upload for that.
