| Message ID | 20210620205607.25904-1-ps.report@gmx.net |
|---|---|
| State | Rejected |
| Headers | show |
| Series | [RFC,v1,1/2] package/iptables: add option to enabel libipq build | expand |
On Sun, 20 Jun 2021 22:56:06 +0200 Peter Seiderer <ps.report@gmx.net> wrote: > - add option to enable libipq build > - as libipq.h includes linux/netfilter_ipv4/ip_queue.h install (not > provided by modern kernels otherwise?) > > Signed-off-by: Peter Seiderer <ps.report@gmx.net> Is it really a good idea to add an option for this library? Debian dropped installing libipq 5 years ago, as this library is deprecated: https://salsa.debian.org/pkg-netfilter-team/pkg-iptables/-/commit/bf21537d27ee72cc69ca0883059b315ceaf9737d Also in 2012, iptables developers said they would keep this library for 1.5-2 years: https://git.netfilter.org/iptables/commit/?id=a624e0a1b2d075253b599ababd4ea1351ef42b2a But then, when I look at the nrlsmf source code, I don't see any reference to libipq or ip_queue.h. Am I missing something ? Thanks, Thomas
Hello Thomas, On Sun, 25 Jul 2021 21:57:56 +0200, Thomas Petazzoni <thomas.petazzoni@bootlin.com> wrote: > On Sun, 20 Jun 2021 22:56:06 +0200 > Peter Seiderer <ps.report@gmx.net> wrote: > > > - add option to enable libipq build > > - as libipq.h includes linux/netfilter_ipv4/ip_queue.h install (not > > provided by modern kernels otherwise?) > > > > Signed-off-by: Peter Seiderer <ps.report@gmx.net> > > Is it really a good idea to add an option for this library? > > Debian dropped installing libipq 5 years ago, as this library is > deprecated: > > https://salsa.debian.org/pkg-netfilter-team/pkg-iptables/-/commit/bf21537d27ee72cc69ca0883059b315ceaf9737d > > Also in 2012, iptables developers said they would keep this library for > 1.5-2 years: > > https://git.netfilter.org/iptables/commit/?id=a624e0a1b2d075253b599ababd4ea1351ef42b2a Did the patch as part of porting an custom (very ancient ubuntu based) project to up-to-date buildroot, but hope to get rid of all legacy dependencies on the long run..., no problem with dropping this patch... > > But then, when I look at the nrlsmf source code, I don't see any > reference to libipq or ip_queue.h. Am I missing something ? File smf-1.1b2/protolib/unix/linuxDetour.cpp: 15 #include <linux/netfilter_ipv4/ip_queue.h> Mhhh, maybe I mistake it because of the ip_queue.h file found in libipq... No problem dropping this patch, see above ;-) Regards, Peter > > Thanks, > > Thomas
diff --git a/package/iptables/Config.in b/package/iptables/Config.in index e6b12603e0..0aacf06c03 100644 --- a/package/iptables/Config.in +++ b/package/iptables/Config.in @@ -7,6 +7,11 @@ config BR2_PACKAGE_IPTABLES if BR2_PACKAGE_IPTABLES +config BR2_PACKAGE_IPTABLES_LIBIPQ + bool "libipq" + help + Build libipq. + config BR2_PACKAGE_IPTABLES_BPF_NFSYNPROXY bool "bpfc and nfsynproxy" select BR2_PACKAGE_LIBPCAP diff --git a/package/iptables/iptables.mk b/package/iptables/iptables.mk index ca8178425e..227b485d43 100644 --- a/package/iptables/iptables.mk +++ b/package/iptables/iptables.mk @@ -29,6 +29,16 @@ ifeq ($(BR2_PACKAGE_LIBNFNETLINK),y) IPTABLES_DEPENDENCIES += libnfnetlink endif +ifeq ($(BR2_PACKAGE_IPTABLES_LIBIPQ),y) +IPTABLES_CONF_OPTS += --enable-libipq +define IPTABLES_INSTALL_LIBIPQ_HEADERS_CMD + $(INSTALL) -m 0644 -D $(@D)/include/linux/netfilter_ipv4/ip_queue.h $(STAGING_DIR)/usr/include/linux/netfilter_ipv4/ip_queue.h +endef +IPTABLES_POST_INSTALL_STAGING_HOOKS += IPTABLES_INSTALL_LIBIPQ_HEADERS_CMD +else +IPTABLES_CONF_OPTS += --disable-libipq +endif + # For iptables-compat tools ifeq ($(BR2_PACKAGE_IPTABLES_NFTABLES),y) IPTABLES_CONF_OPTS += --enable-nftables
- add option to enable libipq build - as libipq.h includes linux/netfilter_ipv4/ip_queue.h install (not provided by modern kernels otherwise?) Signed-off-by: Peter Seiderer <ps.report@gmx.net> --- package/iptables/Config.in | 5 +++++ package/iptables/iptables.mk | 10 ++++++++++ 2 files changed, 15 insertions(+)