[LEDE-DEV] [PATCH firewall3] iptables: optional loading of static extensions

Ralph Sennhauser ralph.sennhauser at gmail.com
Sun Nov 6 00:33:37 PDT 2016


Make loading of static extensions optional to support vanilla iptables
in it's default configuration by setting DISABLE_STATIC_EXTENSIONS
instead of hackery.

In case iptables is built with --disable-static libext.a, libext4.a and
libext6.a which OpenWrt installs in the form of libiptext.so,
libiptext4.so, libiptext6.so to save a couple more bytes are of no use
or non-existent one could say. So this commit avoids requiring a
tampered with iptables.

Signed-off-by: Ralph Sennhauser <ralph.sennhauser at gmail.com>
---
 CMakeLists.txt | 12 +++++++++---
 iptables.c     |  4 ++++
 iptables.h     |  2 ++
 3 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 00d1444..e2a88e7 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -7,11 +7,17 @@ SET(iptc_libs   ip4tc)
 
 SET(CMAKE_SHARED_LIBRARY_LINK_C_FLAGS "")
 
-LIST(APPEND ext_libs iptext)
-LIST(APPEND ext_libs iptext4)
+IF (NOT DISABLE_STATIC_EXTENSIONS)
+  LIST(APPEND ext_libs iptext)
+  LIST(APPEND ext_libs iptext4)
+  IF (NOT DISABLE_IPV6)
+    LIST(APPEND ext_libs iptext6)
+  ENDIF()
+ELSE()
+  ADD_DEFINITIONS(-DDISABLE_STATIC_EXTENSIONS)
+ENDIF()
 
 IF (NOT DISABLE_IPV6)
-  LIST(APPEND ext_libs iptext6)
   LIST(APPEND iptc_libs ip6tc)
 ELSE()
   ADD_DEFINITIONS(-DDISABLE_IPV6)
diff --git a/iptables.c b/iptables.c
index fc22d1a..66baa0a 100644
--- a/iptables.c
+++ b/iptables.c
@@ -69,6 +69,7 @@ get_kernel_version(void)
 	kernel_version = 0x10000 * x + 0x100 * y + z;
 }
 
+#ifndef DISABLE_STATIC_EXTENSIONS
 static void fw3_init_extensions(void)
 {
 	init_extensions();
@@ -78,6 +79,7 @@ static void fw3_init_extensions(void)
 	init_extensions6();
 #endif
 }
+#endif
 
 struct fw3_ipt_handle *
 fw3_ipt_open(enum fw3_family family, enum fw3_table table)
@@ -117,7 +119,9 @@ fw3_ipt_open(enum fw3_family family, enum fw3_table table)
 	}
 
 	fw3_xt_reset();
+#ifndef DISABLE_STATIC_EXTENSIONS
 	fw3_init_extensions();
+#endif
 
 	if (xext.register_match)
 		for (i = 0; i < xext.mcount; i++)
diff --git a/iptables.h b/iptables.h
index bcd302d..23f8c03 100644
--- a/iptables.h
+++ b/iptables.h
@@ -42,10 +42,12 @@
 # error "Unsupported xtables version"
 #endif
 
+#ifndef DISABLE_STATIC_EXTENSIONS
 /* libipt*ext.so interfaces */
 extern void init_extensions(void);
 extern void init_extensions4(void);
 extern void init_extensions6(void);
+#endif
 
 /* Required by certain extensions like SNAT and DNAT */
 extern int kernel_version;
-- 
2.7.3




More information about the Lede-dev mailing list