Hello
I've an "out-of-the-box" fedora core 4 (standard i686 on either amd or
pentium)
I want to apply gre and pptp patches to netfilter
I install the kernel sources and rebuild the binaries :
rpm -Uvh kernel-2.6.11-1.1369_FC4.src.rpm
rpmbuild -bp --target=i686 /usr/src/redhat/SPECS/kernel-2.6.spec
cd /usr/src/redhat/BUILD/kernel-2.6.11-1/linux-2.6.11-1
cp configs/kernel-2.6.11-1.i686.config ./.config
make menuconfig (just to check)
make
the kernel build ok (with some warnings here and there but nothing
unusual...)
I make it visible :
ln -s /usr/src/redhat/BUILD/kernel-2.6.11-1/linux-2.6.11-1 /usr/src/linux
I install the iptables sources
rpm -Uvh iptables-1.3.0-2.src.rpm
rpmbuild -bp --target=i686 /usr/src/redhat/SPECS/iptables.spec
when i compile
cd /usr/src/redhat/BUILD/iptables-1.3.0
make
I get the following error several times
/usr/src/linuc/include/linux/config.h:6:2 error : #error including
kernel header in userspace; use the glibc headers instead!
After googling a while, I see that some people have solved this by just
removing the test that triggers the error in
/usr/src/linux/include/linx/config.h (file which is brought by the
kernel source package installation + prep by the symlink made just
before, which should thus be "the right one"), this test reads
#if !defined (__KERNEL__) && !defined(__KERNGLUE__)
#error including kernel header in userspace; use the glibc headers instead!
#endif
I really don't see where's my error, and I wonder wether this is the
right way for recompiling FC4 packages...
Actually, I do need to do this because we have to handle several pptp
vpns going throught this machine, and i have to apply pptp and h323
helpers patches from patch-o-matic
If I do as I saw (modify the config.h source to remove the test),
iptables compiles but we are unable to handle pptp vpns (we were used to
do that with 2.4 kernels and it works fine), modprobe and rmmod go in
endless loops, and so on...
With a little more googling, I saw that userspace applications (iptables
in this case) should not use kernel headers, but glibc ones instead,
hence the error, and since the 2.6 kernel releases, this looks more like
a mus than a should. So, another solution I found was to remove the
"-I$(KERNEL_DIR)/include" from iptables' Makefile...
Doing so, iptables begins to compile, but stops quickly after a
"linux/netfilter_ipv4/ipt_CLUSTERIP.h" missing file error
I see that the include files iptables uses this way are provided by
glibc-kernheaders-2.4.-9.1.94, standard version for FC4, but those files
look three years old and obviously recent netfilter stuff isn't present
within (to say nothing about the remainder), and making compile to abort
Some more googling, until I find a post which says that to compile
iptables without using the kernel headers I have to install
"linux-libc-headers" that are a brand of userspace kernel headers. Ok,
let's give it a try : I restore iptables' original makefile (with
-I$(KERNEL_DIR)/include) and export a KERNEL_DIR environment variable
set to the directory where I untared linux-libc-headers, and I (after a
make clean) I start a new make.
Fine, iptables compiles successfully
But now comes the big question : when I'll apply pptp and h323 patches
from p-o-m, I can direct KERNEL_DIR to either the true kernel source
directory or to this new "headers only" directory, but obviously not
both. So I'll get either the kernel sources patched, which is necessary
to build a patched kernel, or I'll get the headers patched, which is
necessary to build iptables, but how will I be able to build both ???
So to conclude and make it short, is there anybody out there who has
successfully applied pptp and h323 patches on an out-of-the-box fedora
core 4, and how did he do that ?
Should I upgrade to a 2.6.15 kernel ? vanilla or fc4 flavour ?
many thanks in advance
