From c5876252eb251ecf70e66770cd7dcd212d41ed28 Mon Sep 17 00:00:00 2001 From: Richard Fuchs Date: Mon, 5 Jan 2026 08:49:20 -0400 Subject: [PATCH] MT#55283 auto detect libiptc Instead of having to manually disable legacy iptables support, auto detect presence of libiptc and only include the feature if present. Closes #2045 Change-Id: I649320727e9e9a565eabd369c683dfe6b6bdaec1 (cherry picked from commit cc53062ca1c57eb1ff638129a3351235ed474650) (cherry picked from commit d2b06dab4a8c4d342eb16c2ed709b01b8f544be9) --- daemon/.ycm_extra_conf.py | 2 +- daemon/Makefile | 6 ------ daemon/iptables.c | 8 ++++---- daemon/main.c | 2 +- docs/compiling_and_installing.md | 8 ++------ utils/gen-common-flags | 7 ++++++- 6 files changed, 14 insertions(+), 19 deletions(-) diff --git a/daemon/.ycm_extra_conf.py b/daemon/.ycm_extra_conf.py index 78557db4a..2db7ade4d 100644 --- a/daemon/.ycm_extra_conf.py +++ b/daemon/.ycm_extra_conf.py @@ -43,7 +43,7 @@ flags = [ '-DPCRE2_CODE_UNIT_WIDTH=8', '-DRTPENGINE_VERSION="dummy"', '-DRE_PLUGIN_DIR="/usr/lib/rtpengine"', - '-DWITH_IPTABLES_OPTION', + '-DHAVE_LIBIPTC', '-DWITH_TRANSCODING', '-DHAVE_BCG729', '-DHAVE_MQTT', diff --git a/daemon/Makefile b/daemon/Makefile index 9fd29a24e..807df42a5 100644 --- a/daemon/Makefile +++ b/daemon/Makefile @@ -4,7 +4,6 @@ export top_srcdir = .. include ../lib/deps.Makefile -with_iptables_option ?= yes with_transcoding ?= yes ifeq ($(origin CFLAGS),undefined) @@ -29,10 +28,7 @@ CFLAGS+= $(CFLAGS_JSON_GLIB) CFLAGS+= $(CFLAGS_LIBWEBSOCKETS) CFLAGS+= $(CFLAGS_LIBNFTNL) CFLAGS+= $(CFLAGS_LIBMNL) -ifeq ($(with_iptables_option),yes) CFLAGS+= $(CFLAGS_LIBIPTC) -CFLAGS+= -DWITH_IPTABLES_OPTION -endif ifeq ($(with_transcoding),yes) CFLAGS+= $(CFLAGS_LIBAVCODEC) CFLAGS+= $(CFLAGS_LIBAVFORMAT) @@ -69,9 +65,7 @@ LDLIBS+= $(LDLIBS_JSON_GLIB) LDLIBS+= $(LDLIBS_LIBWEBSOCKETS) LDLIBS+= $(LDLIBS_LIBNFTNL) LDLIBS+= $(LDLIBS_LIBMNL) -ifeq ($(with_iptables_option),yes) LDLIBS+= $(LDLIBS_LIBIPTC) -endif ifeq ($(with_transcoding),yes) LDLIBS+= $(LDLIBS_LIBAVCODEC) LDLIBS+= $(LDLIBS_LIBAVFORMAT) diff --git a/daemon/iptables.c b/daemon/iptables.c index 1fcefd0de..e112e1adb 100644 --- a/daemon/iptables.c +++ b/daemon/iptables.c @@ -5,7 +5,7 @@ int (*iptables_add_rule)(const socket_t *local_sock, const str *comment); int (*iptables_del_rule)(const socket_t *local_sock); -#ifdef WITH_IPTABLES_OPTION +#ifdef HAVE_LIBIPTC #include #include @@ -308,7 +308,7 @@ static int __iptables_del_rule(const socket_t *local_sock) { return 0; } -#endif // WITH_IPTABLES_OPTION +#endif // HAVE_LIBIPTC static int __iptables_stub(void) { return 0; @@ -325,7 +325,7 @@ void iptables_init(void) { return; } -#ifdef WITH_IPTABLES_OPTION +#ifdef HAVE_LIBIPTC iptables_add_rule = __iptables_add_rule; iptables_del_rule = __iptables_del_rule; @@ -375,6 +375,6 @@ out: if (err) ilog(LOG_ERROR, "Failed to flush iptables chain: %s (%s)", err, strerror(errno)); -#endif // WITH_IPTABLES_OPTION +#endif // HAVE_LIBIPTC } diff --git a/daemon/main.c b/daemon/main.c index 41619d03a..7369f06d9 100644 --- a/daemon/main.c +++ b/daemon/main.c @@ -787,7 +787,7 @@ static void options(int *argc, char ***argv, charp_ht templates) { { "recording-method",0, 0, G_OPTION_ARG_STRING, &rtpe_config.rec_method, "Strategy for call recording", "pcap|proc|all" }, { "recording-format",0, 0, G_OPTION_ARG_STRING, &rtpe_config.rec_format, "File format for stored pcap files", "raw|eth" }, { "record-egress",0, 0, G_OPTION_ARG_NONE, &rtpe_config.rec_egress, "Recording egress media instead of ingress", NULL }, -#ifdef WITH_IPTABLES_OPTION +#ifdef HAVE_LIBIPTC { "iptables-chain",0,0, G_OPTION_ARG_STRING, &rtpe_config.iptables_chain,"Add explicit firewall rules to this iptables chain","STRING" }, #endif { "codecs", 0, 0, G_OPTION_ARG_NONE, &codecs, "Print a list of supported codecs and exit", NULL }, diff --git a/docs/compiling_and_installing.md b/docs/compiling_and_installing.md index 5fc8e3ffe..84bab99f9 100644 --- a/docs/compiling_and_installing.md +++ b/docs/compiling_and_installing.md @@ -89,15 +89,11 @@ test suite. The `Makefile` contains a few Debian-specific flags, which may have to removed for compilation to be successful. This will not affect operation in any way. - If you do not wish to (or cannot) compile the optional iptables management feature, the - `Makefile` also contains a switch to disable it. See the `--iptables-chain` option for - a description. The name of the `make` switch and its default value is `with_iptables_option=yes`. - - Similarly, the transcoding feature can be excluded via a switch in the `Makefile`, making it + The transcoding feature can be excluded via a switch in the `Makefile`, making it unnecessary to have the *ffmpeg* libraries installed. The name of the `make` switch and its default value is `with_transcoding=yes`. - Both `Makefile` switches can be provided to the `make` system via environment variables, for + `Makefile` switches can be provided to the `make` system via environment variables, for example by building with the shell command `with_transcoding=no make`. * `kernel-module` diff --git a/utils/gen-common-flags b/utils/gen-common-flags index a1e1fde1a..a2f3b6059 100755 --- a/utils/gen-common-flags +++ b/utils/gen-common-flags @@ -79,7 +79,6 @@ gen-pkgconf-flags LIBAVUTIL libavutil gen-pkgconf-flags LIBCURL libcurl gen-pkgconf-flags LIBCRYPTO libcrypto gen-pkgconf-flags LIBEVENT libevent_pthreads -gen-pkgconf-flags LIBIPTC libiptc gen-pkgconf-flags LIBMNL libmnl gen-pkgconf-flags LIBNFTNL libnftnl gen-pkgconf-flags LIBPCRE libpcre2-8 @@ -112,6 +111,12 @@ if pkg-config --atleast-version=2.3 liburing; then echo "CFLAGS_LIBURING += -DHAVE_LIBURING" fi +# look for libiptc +if pkg-config libiptc; then + gen-pkgconf-flags LIBIPTC libiptc + echo "CFLAGS_LIBIPTC += -DHAVE_LIBIPTC" +fi + # alternative MySQL/MariaDB if pkg-config --exists libmariadb; then gen-pkgconf-flags MYSQL libmariadb