Bugzilla – Bug 588
make ipv6 optional in iptables
Last modified: 2009-04-05 13:44:46
You need to log in before you can comment on or make changes to this bug.
For use in embedded environments, it would be useful if IPv6 support could be disabled via ./configure. This option was available in older versions, but then removed.
I get an error when trying to attach a file: URL: http://bugzilla.netfilter.org/attachment.cgi undef error - Undefined subroutine Fh::slice at data/template/template/en/default/global/hidden-fields.html.tmpl line 58 So my proposed patch comes here, sorry the for inconvenience: diff -ru iptables-1.4.2/configure.ac iptables-1.4.2_patched/configure.ac --- iptables-1.4.2/configure.ac 2009-03-29 15:49:24.764299587 +0000 +++ iptables-1.4.2_patched/configure.ac 2009-03-29 15:38:29.082512186 +0000 @@ -37,6 +37,9 @@ [enable_devel="$enableval"], [enable_devel="yes"]) AC_ARG_ENABLE([libipq], AS_HELP_STRING([--enable-libipq], [Build and install libipq])) +AC_ARG_ENABLE([ipv6], + AS_HELP_STRING([--enable-ipv6], [Build and install ip6tables]), + [enable_ipv6="$enableval"], [enable_ipv6="yes"]) AC_ARG_WITH([pkgconfigdir], AS_HELP_STRING([--with-pkgconfigdir=PATH], [Path to the pkgconfig directory [[LIBDIR/pkgconfig]]]), [pkgconfigdir="$withval"], [pkgconfigdir='${libdir}/pkgconfig']) @@ -53,6 +56,7 @@ AM_CONDITIONAL([ENABLE_SHARED], [test "$enable_shared" = "yes"]) AM_CONDITIONAL([ENABLE_DEVEL], [test "$enable_devel" = "yes"]) AM_CONDITIONAL([ENABLE_LIBIPQ], [test "$enable_libipq" = "yes"]) +AM_CONDITIONAL([ENABLE_IPV6], [test "$enable_ipv6" == "yes"]) regular_CFLAGS="-D_LARGEFILE_SOURCE=1 -D_LARGE_FILES -D_FILE_OFFSET_BITS=64 \ -D_REENTRANT -Wall -Waggregate-return -Wmissing-declarations \ Only in iptables-1.4.2: configure.ac.orig Only in iptables-1.4.2: configure.ac.rej diff -ru iptables-1.4.2/Makefile.am iptables-1.4.2_patched/Makefile.am --- iptables-1.4.2/Makefile.am 2008-10-08 16:31:58.000000000 +0000 +++ iptables-1.4.2_patched/Makefile.am 2009-03-29 15:38:29.082512186 +0000 @@ -80,11 +80,17 @@ endif if ENABLE_STATIC -sbin_PROGRAMS += iptables-static ip6tables-static +sbin_PROGRAMS += iptables-static +if ENABLE_IPV6 +sbin_PROGRAMS += ip6tables-static +endif + endif if ENABLE_SHARED -sbin_PROGRAMS += iptables iptables-multi iptables-restore iptables-save \ - ip6tables ip6tables-multi ip6tables-restore ip6tables-save +sbin_PROGRAMS += iptables iptables-multi iptables-restore iptables-save +if ENABLE_IPV6 +sbin_PROGRAMS += ip6tables ip6tables-multi ip6tables-restore ip6tables-save +endif endif iptables.8: ${srcdir}/iptables.8.in extensions/matches4.man extensions/targets4.man diff -ru iptables-1.4.2/xtables.c iptables-1.4.2_patched/xtables.c --- iptables-1.4.2/xtables.c 2008-10-08 16:31:58.000000000 +0000 +++ iptables-1.4.2_patched/xtables.c 2009-03-29 15:38:29.082512186 +0000 @@ -964,6 +964,8 @@ } } +#ifdef ENABLE_IPV6 + const char *ip6addr_to_numeric(const struct in6_addr *addrp) { /* 0000:0000:0000:0000:0000:000.000.000.000 @@ -1189,6 +1191,7 @@ } } } +#endif void save_string(const char *value) {
Slightly incomplete (nowhere do you add -DENABLE_IPV6 or similar), but I will fix that up.
Would not it be simpler to just provide the zero ipv6 address variable outselves?
Ignore comment #3, it was sort of for bug #569. What I do wonder, you only use #ifdef ENABLE_IPV6 in xtables.c, but there are more places where it would have to be done, i.e. extensions/libxt_*.c. I am not keen on sprinkling the code with lots of these ifdefs, though. Any comments from Patrick?
For now, it has been committed as 8e58613df53f5f83e8ab92dec61d8065c68d967d and a094eb0f2a57592b6f3cf42fdbb9d49fead2d57c, though these commits merely skip building pure-v4/v6 parts; libxtables remains as is. Also see bug #569 which is relevant to people wanting to disable components for embedded reasons.