[LEDE-DEV] [PATCH firewall3] iptables: optional loading of static extensions
Ralph Sennhauser
ralph.sennhauser at gmail.com
Sun Nov 6 00:33:37 PDT 2016
Make loading of static extensions optional to support vanilla iptables
in it's default configuration by setting DISABLE_STATIC_EXTENSIONS
instead of hackery.
In case iptables is built with --disable-static libext.a, libext4.a and
libext6.a which OpenWrt installs in the form of libiptext.so,
libiptext4.so, libiptext6.so to save a couple more bytes are of no use
or non-existent one could say. So this commit avoids requiring a
tampered with iptables.
Signed-off-by: Ralph Sennhauser <ralph.sennhauser at gmail.com>
---
CMakeLists.txt | 12 +++++++++---
iptables.c | 4 ++++
iptables.h | 2 ++
3 files changed, 15 insertions(+), 3 deletions(-)
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 00d1444..e2a88e7 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -7,11 +7,17 @@ SET(iptc_libs ip4tc)
SET(CMAKE_SHARED_LIBRARY_LINK_C_FLAGS "")
-LIST(APPEND ext_libs iptext)
-LIST(APPEND ext_libs iptext4)
+IF (NOT DISABLE_STATIC_EXTENSIONS)
+ LIST(APPEND ext_libs iptext)
+ LIST(APPEND ext_libs iptext4)
+ IF (NOT DISABLE_IPV6)
+ LIST(APPEND ext_libs iptext6)
+ ENDIF()
+ELSE()
+ ADD_DEFINITIONS(-DDISABLE_STATIC_EXTENSIONS)
+ENDIF()
IF (NOT DISABLE_IPV6)
- LIST(APPEND ext_libs iptext6)
LIST(APPEND iptc_libs ip6tc)
ELSE()
ADD_DEFINITIONS(-DDISABLE_IPV6)
diff --git a/iptables.c b/iptables.c
index fc22d1a..66baa0a 100644
--- a/iptables.c
+++ b/iptables.c
@@ -69,6 +69,7 @@ get_kernel_version(void)
kernel_version = 0x10000 * x + 0x100 * y + z;
}
+#ifndef DISABLE_STATIC_EXTENSIONS
static void fw3_init_extensions(void)
{
init_extensions();
@@ -78,6 +79,7 @@ static void fw3_init_extensions(void)
init_extensions6();
#endif
}
+#endif
struct fw3_ipt_handle *
fw3_ipt_open(enum fw3_family family, enum fw3_table table)
@@ -117,7 +119,9 @@ fw3_ipt_open(enum fw3_family family, enum fw3_table table)
}
fw3_xt_reset();
+#ifndef DISABLE_STATIC_EXTENSIONS
fw3_init_extensions();
+#endif
if (xext.register_match)
for (i = 0; i < xext.mcount; i++)
diff --git a/iptables.h b/iptables.h
index bcd302d..23f8c03 100644
--- a/iptables.h
+++ b/iptables.h
@@ -42,10 +42,12 @@
# error "Unsupported xtables version"
#endif
+#ifndef DISABLE_STATIC_EXTENSIONS
/* libipt*ext.so interfaces */
extern void init_extensions(void);
extern void init_extensions4(void);
extern void init_extensions6(void);
+#endif
/* Required by certain extensions like SNAT and DNAT */
extern int kernel_version;
--
2.7.3
More information about the Lede-dev
mailing list