warning from configuring openssh-6.0p1

Darren Tucker dtucker at zip.com.au
Tue Jul 3 11:31:10 EST 2012

On Mon, Jul 02, 2012 at 01:39:47PM +0100, David Woodhouse wrote:
> On Wed, 2012-05-09 at 14:21 -0700, Support Team wrote:
> > In file included from conftest.c:108:
> > /usr/include/linux/filter.h:21: error: parse error before "__u16"
> > /usr/include/linux/filter.h:23: error: parse error before "jf"
> > /usr/include/linux/filter.h:24: error: parse error before "k" 
> Sounds like your <linux/filter.h> isn't including <linux/types.h>.
> Including that manually, first, may suffice to fix it if you really need
> BPF functionality. If you're just commenting on the *warning*, then what
> do you expect? This system has been EOL for about 8 years already.

Well, configure *does* emit a warning asking folks to report the warning
in this case.  It's the default behaviour on the part of autoconf
(personally, I don't think the present-but-not-compilable behaviour is
all that helpful, but that's what autoconf does).

Anyway, the BPF functionality is only used for the SECCOMP_MODE_FILTER
sandbox, and since that's only in the very newest kernels the warning
is harmless on older systems.

As a general comment on support for older systems: my policy (such as it
is) is that as long as someone is willing to do the work, and it does
not compromise either security or maintainability then I'm happy to
support older and/or esoteric platforms.

> I don't know when that missing #include was added. It was already there
> by the time of the first commit in the kernel repo, over 7 years ago.

Could the OP please try the patch below?  You'll need to run "autoreconf"
to rebuild configure, or you can use the prebuilt one against 6.0p1 I
put up here:


Index: configure.ac
RCS file: /var/cvs/openssh/configure.ac,v
retrieving revision 1.492
diff -u -p -r1.492 configure.ac
--- configure.ac	19 May 2012 05:24:37 -0000	1.492
+++ configure.ac	3 Jul 2012 01:10:21 -0000
@@ -686,7 +686,8 @@ main() { if (NSVersionOfRunTimeLibrary("
 		    [Prepend the address family to IP tunnel traffic])
-	AC_CHECK_HEADERS([linux/seccomp.h linux/filter.h linux/audit.h])
+	AC_CHECK_HEADERS([linux/seccomp.h linux/filter.h linux/audit.h], [],
+	    [], [#include <linux/types.h>])
 	case "$host" in

Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

More information about the openssh-unix-dev mailing list