[Buildroot] [PATCH 3/3] package/python-iptables: use installed iptables by default

Frank Vanbever frank.vanbever at essensium.com
Fri Feb 28 16:17:20 UTC 2020


Hi Thomas,

> I'll see if I can whip something up and submit it upstream.

I gave it another try but it seems that I was a bit too optimistic yesterday. 
The xtables module requires the ABI  version to cast the return values for 
matches and targets to something it can access.

I have a final last ditch theory about how this could be fixed, but to be honest 
it's really starting to look like more trouble than it's worth.

The ABI version information is embedded into struct xtables_match and 
 struct xtables_target. You should be able to get to these just from a handle 
to the libxtables.so and the location of the iptables extensions (i.e. 
xtables_libdir), for which you could use the same solution as for libc and 
test a number of sensible locations if ldconfig is unavailable.
The xtables_{match,target} structs always have the version field as the first 
field in the returned struct so I think you could do an 
xtables_find_{target,match} and do a ctypes.cast to a dummy ctypes.struct class 
with  just the version field.

The way the module is written though requires the ABI  version global variable 
to instantiate the xtables class which contains the logic that would allow you 
to find a match/target. So you get into this chicken or the egg type situation 
where you need to know the ABI version to get the workaround way to get the 
ABI version to work.


Best regards,
Frank






More information about the buildroot mailing list