Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Incompatibility with iptables v1.4.7 #25

Closed
jamesrose opened this issue Apr 16, 2013 · 10 comments
Closed

Incompatibility with iptables v1.4.7 #25

jamesrose opened this issue Apr 16, 2013 · 10 comments
Assignees
@ldx

Comments

@jamesrose
Copy link

Hi,

We're running iptables v1.4.7 which is the version packaged with CentOS (and possibly Debian) but running into errors. We've tried upgrading to v1.4.12 from source and it works, so the problem definitely with the libxtables version. Here's the trace:

Traceback (most recent call last):
  File "commands_test.py", line 4, in <module>
    import iptc
  File "/usr/lib/python2.6/site-packages/python_iptables-0.2.0_dev-py2.6-linux-x86_64.egg/iptc/__init__.py", line 10, in <module>
    from ip4tc import Table, Chain, Rule, Match, Target, Policy, IPTCError
  File "/usr/lib/python2.6/site-packages/python_iptables-0.2.0_dev-py2.6-linux-x86_64.egg/iptc/ip4tc.py", line 11, in <module>
    from xtables import (XT_INV_PROTO, NFPROTO_IPV4, XTablesError, xtables,
  File "/usr/lib/python2.6/site-packages/python_iptables-0.2.0_dev-py2.6-linux-x86_64.egg/iptc/xtables.py", line 744, in <module>
    class xtables(object):
  File "/usr/lib/python2.6/site-packages/python_iptables-0.2.0_dev-py2.6-linux-x86_64.egg/iptc/xtables.py", line 757, in xtables
    _xtables_afinfo = ct.c_void_p.in_dll(_lib_xtables, "afinfo")
ValueError: /lib64/libxtables.so.4: undefined symbol: afinfo

Thanks!
@ghost ghost assigned ldx Apr 16, 2013
@Caligatio
Copy link
Contributor

I believe you mean iptables v1.4.7

It appears that afinfo is defined as static in 1.4.7 and earlier so the state switching that LDX implemented recently is unhappy.

@ldx
Copy link
Owner

ldx commented Apr 22, 2013

Indeed. The long term solution is to load and keep track of extensions ourselves without libxtables - should not be too difficult, actually we already use a hack to load a module manually if it has been loaded for another protocol family before.

The only gotcha I see here is that extensions use parser routines from libxtables - but if we load all available extensions first to register with us (provide the hooks register_match() and register_target() in python-iptables via ctypes), and libxtables after that to provide the parser routines then we should be fine.

@Caligatio
Copy link
Contributor

So as a workaround, would it be possible for it to try to access afinfo and then, if it fails, just load in the correct value when the context switches? If I recall correctly, there's a setter function but no getter.

I really rather not have to use an older version of your library to get my stuff to work :(

@ldx
Copy link
Owner

ldx commented May 10, 2013

I'll look into this as soon as I have some free time.

@ldx
Copy link
Owner

ldx commented May 11, 2013

@Caligatio thanks for the idea - we just use the setter function now, and the extension name prefixes are hardcoded for the two supported protocols (IPv4, IPv6).

Can you guys check that the current HEAD has fixed this? Works here with iptables 1.4.12.

@ldx
Copy link
Owner

ldx commented Jun 22, 2013

Closing as there has been no feedback for >month. Please feel free to reopen this if the problem still exists.

@ldx ldx closed this as completed Jun 22, 2013
@countrygeek
Copy link

I experienced this same problem just today:
File "/usr/local/lib/python2.7/dist-packages/python_iptables-0.2.0_dev-py2.7-linux-armv7l.egg/iptc/init.py", line 10, in
from ip4tc import Table, Chain, Rule, Match, Target, Policy, IPTCError
File "/usr/local/lib/python2.7/dist-packages/python_iptables-0.2.0_dev-py2.7-linux-armv7l.egg/iptc/ip4tc.py", line 11, in
from xtables import (XT_INV_PROTO, NFPROTO_IPV4, XTablesError, xtables,
File "/usr/local/lib/python2.7/dist-packages/python_iptables-0.2.0_dev-py2.7-linux-armv7l.egg/iptc/xtables.py", line 744, in
class xtables(object):
File "/usr/local/lib/python2.7/dist-packages/python_iptables-0.2.0_dev-py2.7-linux-armv7l.egg/iptc/xtables.py", line 757, in xtables
_xtables_afinfo = ct.c_void_p.in_dll(_lib_xtables, "afinfo")
ValueError: /lib/libxtables.so.5: undefined symbol: afinfo

Running version:
python-iptables in /usr/local/lib/python2.7/dist-packages/python_iptables-0.2.0_dev-py2.7-linux-armv7l.egg

And: iptables v1.4.10

Any suggestions? I really didn't want to recompile iptables for this library to work. :/

@ldx
Copy link
Owner

ldx commented Nov 5, 2013

Do you use the latest version of python-iptables from git?

@devicenull
Copy link

I also just experienced this issue this issue:

Used 0.2.0 version of the module
CentOS 6 x64
iptables-1.4.7

I'll give it a shot with the git version as well.

@devicenull
Copy link

Version from git works okay, though #45 causes issues on CentOS.

a-martynovich pushed a commit to GreatFruitOmsk/python-iptables that referenced this issue May 6, 2019
@vpetersson
Merge pull request ldx#25 from slilo/circleci_pytest
05bdb45 
Add CI test runner.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ldx ldx

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@jamesrose @devicenull @ldx @Caligatio @countrygeek