On Wednesday 2022-06-01 16:22, Nick wrote: > More Information: > https://github.com/openwrt/openwrt/pull/9886#issuecomment-1143191713 iptables offers three configurations off the bat: - default: extensions are shipped as 124 plugin files - ALL_INCLUSIVE: 0 plugin files (instead, code is built into xtables proper); optional extra .so files (e.g. from xt-addons) can still be loaded from the fs. - NO_SHARED_LIBS: as above but dlopen is completely disabled openwrt patches iptables to the point that all shipped extensions are grouped into *five* .so files. It's a custom modification, and not upstream, so if it breaks, one gets to keep the pieces. I do not really see the point of that patch. There was something about tiny libcs missing (being compiled without) IPv6 functions maybe 15 years ago. But neither libxt_*.c nor libip6t_*.c were really vetted for missing C library functions. Quite frankly, we could just name all plugins in iptables libxt_*.c and almost nothing would change.
