Modify

Opened 7 years ago

Last modified 11 months ago

#5586 reopened defect

iptables doesn't build due to missing ip6tables

Reported by: Maddes <maddes_trac@…> Owned by: florian
Priority: high Milestone: Barrier Breaker 14.07
Component: base system Version: Trunk
Keywords: Cc:

Description

When compiling with all packages and no extra settings, then iptables fails due to missing ip6tables.
Does this have anything to do with the newly introduced ipv6 setting in r16983 and following?

Trunk rev: r17037
Feed "packages" rev: same as trunk, all packages installed

Error message:

install -m0755 /home/openwrt/kamikaze-trunk/build_dir/linux-orion_generic/iptables-1.4.4/ipkg-install/usr/sbin/ip6tables /home/openwrt/kamikaze-trunk/build_dir/linux-orion_generic/iptables-1.4.4/ipkg/ip6tables/usr/sbin/
install: cannot stat `/home/openwrt/kamikaze-trunk/build_dir/linux-orion_generic/iptables-1.4.4/ipkg-install/usr/sbin/ip6tables': No such file or directory
make[3]: *** [/home/openwrt/kamikaze-trunk/bin/packages/target-arm_uClibc-0.9.30.1/ip6tables_1.4.4-1_arm.ipk] Error 1
make[3]: Leaving directory `/home/openwrt/kamikaze-trunk/package/iptables'
   ERROR: package/iptables failed to build.

Reproduction:

make clean
scripts/feeds install -a -p packages

make menuconfig
     --> Target System: Marvel Orion (ARM, Kernel 2.6.30)
     --> Target Images: SquashFS image (default)
     --> Global build settings: Select all packages by default

make V=99

Build Environment: Debian 5.0

Attachments (0)

Change History (10)

comment:1 Changed 7 years ago by florian

  • Owner changed from developers to florian
  • Status changed from new to assigned

comment:2 Changed 7 years ago by florian

  • Resolution set to fixed
  • Status changed from assigned to closed

Fixed with [17050].

comment:3 Changed 7 years ago by Maddes <maddes_trac@…>

Still does *not* build with [17051].
Same error message occurs, when IPv6 disabled.
Please re-open.

As it fails when installing maybe the makefile has to be adapted to *not* install ip6tables when IPv6 is disabled.

comment:4 Changed 7 years ago by René Koens <r.koens@…>

Im seeing the same issue with [17074]

Target System: Broadcom BCM947xx/953xx [2.6]
Target Images: SquashFS image (default)
Global build settings: Select all packages by default

comment:5 Changed 7 years ago by florian

Really fixed with [17076], sorry for the inconvenience.

comment:6 Changed 7 years ago by Maddes <maddes_trac@…>

No error messages anymore for iptables.
Thanks Florian.

comment:7 Changed 2 years ago by jow

  • Milestone changed from Attitude Adjustment 12.09 to Barrier Breaker 14.07

Milestone Attitude Adjustment 12.09 deleted

comment:8 Changed 17 months ago by QQ11435924

  • Resolution fixed deleted
  • Status changed from closed to reopened

i am working on my box of openwrt-r43188 up to date

get an issue about ipv6 even i disabled all .config options about it,
which always working before.

details:

i did source compile on r46514 with iptables-1.4.21,
this error make me fail:

"

Package libiptc is missing dependencies for the following libraries:
libip6tc.so.0

"

okay, seems libip4tc trigger that.
...
check about building directory,
i found its about libiptc.so in fact.

$readelf -d libiptc.so
Dynamic section at offset 0xf4 contains 29 entries:

Tag Type Name/Value

0x00000001 (NEEDED) Shared library: [libip4tc.so.0]
0x00000001 (NEEDED) Shared library: [libip6tc.so.0]
0x00000001 (NEEDED) Shared library: [libgcc_s.so.1]
0x00000001 (NEEDED) Shared library: [libc.so]
...

iptables not put into openwrt as a git feed but a *.bz2 under ./dl instead,
then it seems Makefile and source files from iptables-1.4.21.tar.bz2 hard code
about depends on ipv6,

so i found i cant read documents from http://www.netfilter.org/
to change something for help, such as coding and submit a patch,
sorry about that.

BTY

i am new to iptables, but seems iptables should not care
about ipv6, its ip6tables' business ?

.
.
.

P.S

Guys, think about it,

  • there's .config options about ipv6 switches you let us choose but iptables not follow
  • ipv6 not really popular for home-router, disabled as default? (space care, maybe)

.
.
.

.
.
.
regards

comment:9 Changed 17 months ago by QQ11435924

ok, i got a dirty hack myself (sounds like a patch :p)


main stick of cut entire IPv6 off from OpenWrt

  • first of all, libip6tc.so.0 is not runtime required if IPV6 disabled

so, strip it out (r46514, iptables working well, 12 hours' test pass)

  • hack Makefile's building checking

this stuff report error and exit if libip6tc.so.0 not found

  • based on all .config option about IPV6 disabled
  • someone dont want IPv6 like me

extend disabled the OpenWrt Firewall App and also luci-app-firewall which based on it

if you dont like pure iptables as i did and want GUI tool (luci-app-firewall) or

anything iptables wrapper like the Openwrt Firewall, remain them

  • run the code at OpenWrt SDK root path below

just before the last step make world

  • P.S thanks the forum '恩山无线论坛' a lot.

shell code

# disable ipv6
sed -i \
    -e 's@+luci-app-firewall @@g' \
    -e 's@ +IPV6:luci-proto-ipv6@@g' \
 ./feeds/luci/collections/luci/Makefile

sed -i \
    -e's@+luci-app-firewall @@g' \
    -e's@+firewall@@g' \
 ./feeds/luci/contrib/package/meshwizard/Makefile
sed -i \
    -e 's/#*\s*\(CONFIG_IPV6[^ =]*\).*/# \1=y/g' \
    -e 's/#*\s*\(CONFIG_PACKAGE_firewall[^ =]*\).*/# \1 is not set/g' \
    -e 's/#*\s*\(CONFIG_DEFAULT_firewall[^ =]*\).*/# \1 is not set/g' \
    -e 's/#*\s*\(CONFIG_PACKAGE_libip6tc[^ =]*\).*/# \1 is not set/g' \
    -e 's/#*\s*\(CONFIG_PACKAGE_kmod-l2tp[^ =]*\).*/# \1 is not set/g' \
    -e 's/#*\s*\(CONFIG_BUSYBOX_CONFIG_FEATURE_IPV6[^ =]*\).*/# \1 is not set/g' \
    -e 's/#*\s*\(CONFIG_BUSYBOX_DEFAULT_FEATURE_IPV6[^ =]*\).*/# \1 is not set/g' \
    -e 's/#*\s*\(CONFIG_DEFAULT_ip6tables[^ =]*\).*/# \1 is not set/g' \
    -e 's/#*\s*\(CONFIG_DEFAULT_odhcp6c[^ =]*\).*/# \1 is not set/g' \
    -e 's/#*\s*\(CONFIG_DEFAULT_odhcpd[^ =]*\).*/# \1 is not set/g' \
    -e 's/#*\s*\(CONFIG_BUSYBOX_DEFAULT_PING6[^ =]*\).*/# \1 is not set/g' \
    -e 's/#*\s*\(CONFIG_PACKAGE_kmod-nf-conntrack6[^ =]*\).*/# \1 is not set/g' \
    -e 's/#*\s*\(CONFIG_PACKAGE_kmod-ipv6[^ =]*\).*/# \1 is not set/g' \
    -e 's/#*\s*\(CONFIG_PACKAGE_kmod-ip6[^ =]*\).*/# \1 is not set/g' \
    -e 's/#*\s*\(CONFIG_PACKAGE_kmod-iptunnel6[^ =]*\).*/# \1 is not set/g' \
    -e 's/#*\s*\(CONFIG_PACKAGE_luci-proto-ipv6[^ =]*\).*/# \1 is not set/g' \
 .config
sed -i \
    -e 's@ip6tables @@g' \
    -e 's@firewall @@g' \
    -e 's@odhcpd @@g' \
    -e 's@ odhcp6c@@g' \
 ./include/target.mk
# hack libiptc's libip6tc depends
sed -i \
    -e 's@ +IPV6:libip6tc@@g' \
    -e 's@ +libip6tc@@g' \
    -e "/^define Package\/libiptc\/install\$/{n;\
s#^\(\s*\)\(\$(INSTALL_DIR) \$(1)/usr/lib\)\$#\
\1\$(INSTALL_DIR) \$(1)/tmp\n\
\1\$@ echo empty>\$(1)/tmp/libip6tc.so.0\n\
\1\$@ echo '------- libip6tc.so.0 hack -------'\n\
\1\2#}" \
 ./package/network/utils/iptables/Makefile

comment:10 Changed 11 months ago by anonymous

Wow, have been compiling and recompiling for the last 48 hours now wondering why I can't get iptables, read this and it reminded me: It turns out it broke after I disabled IPv6 support under Global build settings.
A quick recompile and we're back in business.
Definitely still an issue :(

Add Comment

Modify Ticket

Action
as reopened .
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.