2019-01-23 23:25 CET

View Issue Details Jump to Notes ]
IDProjectCategoryView StatusLast Update
0005352GNUnetbuild processpublic2018-06-27 21:54
Assigned Todvn 
PrioritynormalSeverityminorReproducibilityhave not tried
Product VersionSVN HEAD 
Target Version0.11.0Fixed in Version0.11.0 
Summary0005352: iptables is hardcoded. let's pick its location up at configure time.
DescriptionUnless someone beats me in it, this is a bug report for myself as one of many issues to fix-up to get GNUnet working properly on Guix. Also, assuming hardcoded locations is bad.

Unless we don't already scan for iptables, let's scan for iptables in the configure phase of the build process and use that location for the iptables binary.

more info: iptables exists in my profile (in other words: the visible $PATH). This is straight from HEAD commit.


abyayala$ egrep -nr "iptables"
src/dns/gnunet-helper-dns.c:99:static const char *sbin_iptables;
src/dns/gnunet-helper-dns.c:715: * 6: skip sysctl, routing and iptables setup ("0")
src/dns/gnunet-helper-dns.c:719: * 3 iptables not executable
src/dns/gnunet-helper-dns.c:769: if (0 == access ("/sbin/iptables", X_OK))
src/dns/gnunet-helper-dns.c:770: sbin_iptables = "/sbin/iptables";
src/dns/gnunet-helper-dns.c:771: else if (0 == access ("/usr/sbin/iptables", X_OK))
src/dns/gnunet-helper-dns.c:772: sbin_iptables = "/usr/sbin/iptables";
src/dns/gnunet-helper-dns.c:776: "Fatal: executable iptables not found in approved directories: %s\n",
src/dns/gnunet-helper-dns.c:954: "iptables", "-m", "owner", "-t", "mangle", "-I", "OUTPUT", "1", "-p",
src/dns/gnunet-helper-dns.c:958: if (0 != fork_and_exec (sbin_iptables, mangle_args))
src/dns/gnunet-helper-dns.c:976: "iptables", "-t", "mangle", "-I", "OUTPUT", "2", "-p",
src/dns/gnunet-helper-dns.c:981: if (0 != fork_and_exec (sbin_iptables, mark_args))
src/dns/gnunet-helper-dns.c:1137: "iptables", "-t", "mangle", "-D", "OUTPUT", "-p", "udp",
src/dns/gnunet-helper-dns.c:1140: if (0 != fork_and_exec (sbin_iptables, mark_clean_args))
src/dns/gnunet-helper-dns.c:1160: "iptables", "-m", "owner", "-t", "mangle", "-D", "OUTPUT", "-p", "udp",
src/dns/gnunet-helper-dns.c:1164: if (0 != fork_and_exec (sbin_iptables, mangle_clean_args))
src/dns/test_gnunet_dns.sh:29:if ! iptables -t mangle --list &> /dev/null
src/dns/test_gnunet_dns.sh:31: echo "This test requires iptables with 'mangle' support. Skipping."
src/exit/gnunet-helper-exit.c:73: * Path to 'iptables' binary.
src/exit/gnunet-helper-exit.c:75:static const char *sbin_iptables;
src/exit/gnunet-helper-exit.c:671: if (0 == access ("/sbin/iptables", X_OK))
src/exit/gnunet-helper-exit.c:672: sbin_iptables = "/sbin/iptables";
src/exit/gnunet-helper-exit.c:673: else if (0 == access ("/usr/sbin/iptables", X_OK))
src/exit/gnunet-helper-exit.c:674: sbin_iptables = "/usr/sbin/iptables";
src/exit/gnunet-helper-exit.c:678: "Fatal: executable iptables not found in approved directories: %s\n",
src/exit/gnunet-helper-exit.c:761: char *const iptables_args[] =
src/exit/gnunet-helper-exit.c:763: "iptables", "-t", "nat", "-A", "POSTROUTING", "-o", argv[2], "-j", "MASQUERADE", NULL
src/exit/gnunet-helper-exit.c:765: if (0 != fork_and_exec (sbin_iptables,
src/exit/gnunet-helper-exit.c:766: iptables_args))
README:421:# iptables -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 1080
README:425:# iptables -t nat -A PREROUTING -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 4433
contrib/apparmor/gnunet-helper-dns:31: /usr/lib/iptables/libxt_MARK.so mr,
contrib/apparmor/gnunet-helper-dns:32: /usr/lib/iptables/libxt_owner.so mr,
contrib/apparmor/gnunet-helper-dns:33: /usr/lib/iptables/libxt_standard.so mr,
contrib/apparmor/gnunet-helper-dns:34: /usr/lib/iptables/libxt_udp.so mr,
doc/documentation/chapters/user.texi:3154:make the necessary changes to your firewall (@code{iptables}) rules.
doc/documentation/chapters/developer.texi:7979:iptables -t mangle -I OUTPUT 1 -p udp --sport $LOCALPORT --dport 53 \
doc/documentation/chapters/developer.texi:7980:-j ACCEPT iptables -t mangle -I OUTPUT 2 -p udp --dport 53 -j MARK \
TagsNo tags attached.
Attached Files

-Relationships Relation Graph ] Dependency Graph ]



Christian Grothoff (manager)

Same issue applies to ifconfig in os_network.c.


Christian Grothoff (manager)

configure should check (and allow user to override), but C code should have hard-coded paths as fallbacks.


Christian Grothoff (manager)

I guess override is possible in configure by setting PATH. So this should be addressed now.

-Issue History
Date Modified Username Field Change
2018-06-14 20:37 ng0 New Issue
2018-06-23 15:38 dvn Assigned To => dvn
2018-06-23 15:38 dvn Status new => assigned
2018-06-23 15:39 Christian Grothoff Note Added: 0013057
2018-06-23 15:40 Christian Grothoff Note Added: 0013058
2018-06-27 21:54 Christian Grothoff Note Added: 0013093
2018-06-27 21:54 Christian Grothoff Status assigned => resolved
2018-06-27 21:54 Christian Grothoff Resolution open => fixed
2018-06-27 21:54 Christian Grothoff Fixed in Version => 0.11.0
+Issue History