* [PATCH] Revert "Simplify static build extension loading"
@ 2022-06-01 13:47 Nick Hainke
2022-06-01 13:53 ` Phil Sutter
0 siblings, 1 reply; 5+ messages in thread
From: Nick Hainke @ 2022-06-01 13:47 UTC (permalink / raw)
To: netfilter-devel; +Cc: Nick Hainke
This reverts commit 6c689b639cf8e2aeced8685eca2915892d76ad86.
The stubs broke the libiptext used in firewall3 by OpenWrt.
Signed-off-by: Nick Hainke <vincent@systemli.org>
---
include/xtables.h | 7 -------
iptables/ip6tables-standalone.c | 3 +++
iptables/iptables-restore.c | 4 ++++
iptables/iptables-save.c | 4 ++++
iptables/iptables-standalone.c | 2 ++
iptables/xtables-arp.c | 4 +++-
iptables/xtables-eb.c | 4 +++-
iptables/xtables-monitor.c | 2 ++
iptables/xtables-restore.c | 2 ++
iptables/xtables-save.c | 2 ++
iptables/xtables-standalone.c | 2 ++
iptables/xtables-translate.c | 2 ++
12 files changed, 29 insertions(+), 9 deletions(-)
diff --git a/include/xtables.h b/include/xtables.h
index c2694b7b..b0965b95 100644
--- a/include/xtables.h
+++ b/include/xtables.h
@@ -597,13 +597,6 @@ static inline void xtables_print_mark_mask(unsigned int mark,
extern void init_extensionsb(void);
#else
# define _init __attribute__((constructor)) _INIT
-# define EMPTY_FUNC_DEF(x) static inline void x(void) {}
- EMPTY_FUNC_DEF(init_extensions)
- EMPTY_FUNC_DEF(init_extensions4)
- EMPTY_FUNC_DEF(init_extensions6)
- EMPTY_FUNC_DEF(init_extensionsa)
- EMPTY_FUNC_DEF(init_extensionsb)
-# undef EMPTY_FUNC_DEF
#endif
extern const struct xtables_pprot xtables_chain_protos[];
diff --git a/iptables/ip6tables-standalone.c b/iptables/ip6tables-standalone.c
index 7c8bb0c2..105b83ba 100644
--- a/iptables/ip6tables-standalone.c
+++ b/iptables/ip6tables-standalone.c
@@ -52,8 +52,11 @@ ip6tables_main(int argc, char *argv[])
ip6tables_globals.program_version);
exit(1);
}
+
+#if defined(ALL_INCLUSIVE) || defined(NO_SHARED_LIBS)
init_extensions();
init_extensions6();
+#endif
ret = do_command6(argc, argv, &table, &handle, false);
if (ret) {
diff --git a/iptables/iptables-restore.c b/iptables/iptables-restore.c
index 4410a587..4cf0d3da 100644
--- a/iptables/iptables-restore.c
+++ b/iptables/iptables-restore.c
@@ -384,8 +384,10 @@ iptables_restore_main(int argc, char *argv[])
iptables_globals.program_version);
exit(1);
}
+#if defined(ALL_INCLUSIVE) || defined(NO_SHARED_LIBS)
init_extensions();
init_extensions4();
+#endif
ret = ip46tables_restore_main(&ipt_restore_cb, argc, argv);
@@ -416,8 +418,10 @@ ip6tables_restore_main(int argc, char *argv[])
ip6tables_globals.program_version);
exit(1);
}
+#if defined(ALL_INCLUSIVE) || defined(NO_SHARED_LIBS)
init_extensions();
init_extensions6();
+#endif
ret = ip46tables_restore_main(&ip6t_restore_cb, argc, argv);
diff --git a/iptables/iptables-save.c b/iptables/iptables-save.c
index a8dded63..a114e98b 100644
--- a/iptables/iptables-save.c
+++ b/iptables/iptables-save.c
@@ -227,8 +227,10 @@ iptables_save_main(int argc, char *argv[])
iptables_globals.program_version);
exit(1);
}
+#if defined(ALL_INCLUSIVE) || defined(NO_SHARED_LIBS)
init_extensions();
init_extensions4();
+#endif
ret = do_iptables_save(&ipt_save_cb, argc, argv);
@@ -271,8 +273,10 @@ ip6tables_save_main(int argc, char *argv[])
ip6tables_globals.program_version);
exit(1);
}
+#if defined(ALL_INCLUSIVE) || defined(NO_SHARED_LIBS)
init_extensions();
init_extensions6();
+#endif
ret = do_iptables_save(&ip6t_save_cb, argc, argv);
diff --git a/iptables/iptables-standalone.c b/iptables/iptables-standalone.c
index 0f263f6f..8c67ea4d 100644
--- a/iptables/iptables-standalone.c
+++ b/iptables/iptables-standalone.c
@@ -53,8 +53,10 @@ iptables_main(int argc, char *argv[])
iptables_globals.program_version);
exit(1);
}
+#if defined(ALL_INCLUSIVE) || defined(NO_SHARED_LIBS)
init_extensions();
init_extensions4();
+#endif
ret = do_command4(argc, argv, &table, &handle, false);
if (ret) {
diff --git a/iptables/xtables-arp.c b/iptables/xtables-arp.c
index 71518a9c..01b8b702 100644
--- a/iptables/xtables-arp.c
+++ b/iptables/xtables-arp.c
@@ -99,8 +99,10 @@ int nft_init_arp(struct nft_handle *h, const char *pname)
arptables_globals.program_version);
exit(1);
}
+
+#if defined(ALL_INCLUSIVE) || defined(NO_SHARED_LIBS)
init_extensions();
- init_extensionsa();
+#endif
if (nft_init(h, NFPROTO_ARP) < 0)
xtables_error(OTHER_PROBLEM,
diff --git a/iptables/xtables-eb.c b/iptables/xtables-eb.c
index 3d15063e..429b3cf7 100644
--- a/iptables/xtables-eb.c
+++ b/iptables/xtables-eb.c
@@ -667,8 +667,10 @@ int nft_init_eb(struct nft_handle *h, const char *pname)
ebtables_globals.program_version);
exit(1);
}
+
+#if defined(ALL_INCLUSIVE) || defined(NO_SHARED_LIBS)
init_extensions();
- init_extensionsb();
+#endif
if (nft_init(h, NFPROTO_BRIDGE) < 0)
xtables_error(OTHER_PROBLEM,
diff --git a/iptables/xtables-monitor.c b/iptables/xtables-monitor.c
index 905bb7fe..852dc084 100644
--- a/iptables/xtables-monitor.c
+++ b/iptables/xtables-monitor.c
@@ -624,11 +624,13 @@ int xtables_monitor_main(int argc, char *argv[])
xtables_globals.program_version);
exit(1);
}
+#if defined(ALL_INCLUSIVE) || defined(NO_SHARED_LIBS)
init_extensions();
init_extensions4();
init_extensions6();
init_extensionsa();
init_extensionsb();
+#endif
if (nft_init(&h, AF_INET)) {
fprintf(stderr, "%s/%s Failed to initialize nft: %s\n",
diff --git a/iptables/xtables-restore.c b/iptables/xtables-restore.c
index 1363f96a..c99e77bb 100644
--- a/iptables/xtables-restore.c
+++ b/iptables/xtables-restore.c
@@ -358,6 +358,7 @@ xtables_restore_main(int family, const char *progname, int argc, char *argv[])
p.in = stdin;
}
+#if defined(ALL_INCLUSIVE) || defined(NO_SHARED_LIBS)
init_extensions();
switch (family) {
case NFPROTO_IPV4:
@@ -376,6 +377,7 @@ xtables_restore_main(int family, const char *progname, int argc, char *argv[])
fprintf(stderr, "Unknown family %d\n", family);
return 1;
}
+#endif
if (nft_init(&h, family) < 0) {
fprintf(stderr, "%s/%s Failed to initialize nft: %s\n",
diff --git a/iptables/xtables-save.c b/iptables/xtables-save.c
index 5a82cac5..afe4f833 100644
--- a/iptables/xtables-save.c
+++ b/iptables/xtables-save.c
@@ -199,6 +199,7 @@ xtables_save_main(int family, int argc, char *argv[],
exit(1);
}
+#if defined(ALL_INCLUSIVE) || defined(NO_SHARED_LIBS)
init_extensions();
switch (family) {
case NFPROTO_IPV4:
@@ -228,6 +229,7 @@ xtables_save_main(int family, int argc, char *argv[],
fprintf(stderr, "Unknown family %d\n", family);
return 1;
}
+#endif
if (nft_init(&h, family) < 0) {
fprintf(stderr, "%s/%s Failed to initialize nft: %s\n",
diff --git a/iptables/xtables-standalone.c b/iptables/xtables-standalone.c
index 117b0c69..cdb60603 100644
--- a/iptables/xtables-standalone.c
+++ b/iptables/xtables-standalone.c
@@ -67,6 +67,7 @@ xtables_main(int family, const char *progname, int argc, char *argv[])
exit(1);
}
xt_params->program_name = progname;
+#if defined(ALL_INCLUSIVE) || defined(NO_SHARED_LIBS)
init_extensions();
switch (family) {
case NFPROTO_IPV4:
@@ -82,6 +83,7 @@ xtables_main(int family, const char *progname, int argc, char *argv[])
init_extensionsb();
break;
}
+#endif
if (nft_init(&h, family) < 0) {
fprintf(stderr, "%s: Failed to initialize nft: %s\n",
diff --git a/iptables/xtables-translate.c b/iptables/xtables-translate.c
index d1e87f16..18edf22f 100644
--- a/iptables/xtables-translate.c
+++ b/iptables/xtables-translate.c
@@ -485,6 +485,7 @@ static int xtables_xlate_main_common(struct nft_handle *h,
xtables_globals.program_version);
return 1;
}
+#if defined(ALL_INCLUSIVE) || defined(NO_SHARED_LIBS)
init_extensions();
switch (family) {
case NFPROTO_IPV4:
@@ -503,6 +504,7 @@ static int xtables_xlate_main_common(struct nft_handle *h,
fprintf(stderr, "Unknown family %d\n", family);
return 1;
}
+#endif
if (nft_init(h, family) < 0) {
fprintf(stderr, "%s/%s Failed to initialize nft: %s\n",
--
2.36.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH] Revert "Simplify static build extension loading"
2022-06-01 13:47 [PATCH] Revert "Simplify static build extension loading" Nick Hainke
@ 2022-06-01 13:53 ` Phil Sutter
2022-06-01 14:22 ` Nick
0 siblings, 1 reply; 5+ messages in thread
From: Phil Sutter @ 2022-06-01 13:53 UTC (permalink / raw)
To: Nick Hainke; +Cc: netfilter-devel
On Wed, Jun 01, 2022 at 03:47:43PM +0200, Nick Hainke wrote:
> This reverts commit 6c689b639cf8e2aeced8685eca2915892d76ad86.
>
> The stubs broke the libiptext used in firewall3 by OpenWrt.
What's the problem?
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] Revert "Simplify static build extension loading"
2022-06-01 13:53 ` Phil Sutter
@ 2022-06-01 14:22 ` Nick
2022-06-01 17:05 ` Jan Engelhardt
2022-06-01 17:14 ` Phil Sutter
0 siblings, 2 replies; 5+ messages in thread
From: Nick @ 2022-06-01 14:22 UTC (permalink / raw)
To: Phil Sutter, netfilter-devel
More Information:
https://github.com/openwrt/openwrt/pull/9886#issuecomment-1143191713
I have to debug further.
On 6/1/22 15:53, Phil Sutter wrote:
> On Wed, Jun 01, 2022 at 03:47:43PM +0200, Nick Hainke wrote:
>> This reverts commit 6c689b639cf8e2aeced8685eca2915892d76ad86.
>>
>> The stubs broke the libiptext used in firewall3 by OpenWrt.
> What's the problem?
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] Revert "Simplify static build extension loading"
2022-06-01 14:22 ` Nick
@ 2022-06-01 17:05 ` Jan Engelhardt
2022-06-01 17:14 ` Phil Sutter
1 sibling, 0 replies; 5+ messages in thread
From: Jan Engelhardt @ 2022-06-01 17:05 UTC (permalink / raw)
To: Nick; +Cc: Phil Sutter, netfilter-devel
On Wednesday 2022-06-01 16:22, Nick wrote:
> More Information:
> https://github.com/openwrt/openwrt/pull/9886#issuecomment-1143191713
iptables offers three configurations off the bat:
- default: extensions are shipped as 124 plugin files
- ALL_INCLUSIVE: 0 plugin files (instead, code is built into xtables proper);
optional extra .so files (e.g. from xt-addons) can still be loaded from the fs.
- NO_SHARED_LIBS: as above but dlopen is completely disabled
openwrt patches iptables to the point that all shipped extensions are grouped
into *five* .so files. It's a custom modification, and not upstream,
so if it breaks, one gets to keep the pieces.
I do not really see the point of that patch. There was something about tiny
libcs missing (being compiled without) IPv6 functions maybe 15 years ago. But
neither libxt_*.c nor libip6t_*.c were really vetted for missing C library
functions. Quite frankly, we could just name all plugins in iptables
libxt_*.c and almost nothing would change.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] Revert "Simplify static build extension loading"
2022-06-01 14:22 ` Nick
2022-06-01 17:05 ` Jan Engelhardt
@ 2022-06-01 17:14 ` Phil Sutter
1 sibling, 0 replies; 5+ messages in thread
From: Phil Sutter @ 2022-06-01 17:14 UTC (permalink / raw)
To: Nick; +Cc: netfilter-devel, Pablo Neira Ayuso, Jan Engelhardt
On Wed, Jun 01, 2022 at 04:22:49PM +0200, Nick wrote:
> More Information:
> https://github.com/openwrt/openwrt/pull/9886#issuecomment-1143191713
>
> I have to debug further.
Well, it looks like firewall3 does a static build and calls
init_extensions*(). It includes xtables.h without defining ALL_INCLUSIVE
or NO_SHARED_LIBS, so ends up with the empty function definitions.
Given that these functions are for internal use only, it is only harmful
to declare them in the "official" libxtables header.
Unless someone objects, I'll prepare a patch moving the declarations
into xshared.h.
Cheers, Phil
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2022-06-01 17:14 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-06-01 13:47 [PATCH] Revert "Simplify static build extension loading" Nick Hainke
2022-06-01 13:53 ` Phil Sutter
2022-06-01 14:22 ` Nick
2022-06-01 17:05 ` Jan Engelhardt
2022-06-01 17:14 ` Phil Sutter
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.