View Issue Details

IDProjectCategoryView StatusLast Update
0004581GNUnetexit daemonpublic2019-09-13 01:23
ReporterlynXAssigned Tong0 
PrioritylowSeverityfeatureReproducibilityalways
Status assignedResolutionopen 
PlatformOSFreeBSDOS Version9.3-RELEASE-p1
Product VersionSVN HEAD 
Target VersionFixed in Version 
Summary0004581: iptables not available on FreeBSD
Descriptionhttps://gnunet.org/book/export/html/1605 mentions exit/VPN possibly working on BSD, but unfortunately /usr/include/net/if_tun.h provides a lot less features than linux/if_tun.h. I added some ifdefs to correct the include and avoid some ioctls that do not exist on BSD, but the fact that gnunet-helper-exit tries to call "iptables" makes this feature currently not very portable to BSD.

I suppose it is pointless to commit my patches that allow gnunet-helper-exit to compile if it can't possibly work.
Additional InformationFatal: executable iptables not found in approved directories: No such file or directory
Fatal: executable iptables not found in approved directories: No such file or directory
Fatal: executable iptables not found in approved directories: No such file or directory
TagsNo tags attached.

Activities

Christian Grothoff

2016-08-03 11:50

manager   ~0011000

Is it so hard to figure out how to translate the iptables invocations to corresponding FreeBSD incantations?

ng0

2019-03-21 14:24

developer   ~0014230

It seems to me as if this bug would be solved once the rewrite of -dns-helper I was told about
is done?

Christian Grothoff

2019-04-05 23:13

manager   ~0014259

Yes, but this would require a _major_ rewrite of gnunet-service-dns to basically turn it into a DNS server instead of a DNS query interceptor.

ng0

2019-09-10 10:38

developer   ~0014879

Last edited: 2019-09-10 10:40

View 3 revisions

meanwhile could I add pf and/or npf support? I can at least come up with this faster than rewriting gnunet-service-dns into a dns server.

Part of the original issue has been worked around iirc (not compiling on FreeBSD) but someone would have to test it (me, as soon as replacement parts for my server arrive).

The issue of this not working on *BSD remains.

Christian Grothoff

2019-09-10 13:34

manager   ~0014880

Sure, pf/npf support would be great. (Note: no relationship to Taler here, though).

ng0

2019-09-11 14:04

developer   ~0014883

This file will also fail with system which do not provide the binary "ip", which also includes the majority of the BSD Operating Systems.

ng0

2019-09-13 01:23

developer   ~0014895

As a sidenote for myself and reference - there seems to be a (slow) move to replace iptables with BPF: https://cilium.io/blog/2018/04/17/why-is-the-kernel-community-replacing-iptables/

Issue History

Date Modified Username Field Change
2016-06-17 20:13 lynX New Issue
2016-08-03 11:50 Christian Grothoff Note Added: 0011000
2017-02-26 01:41 Christian Grothoff Severity block => feature
2019-03-21 14:24 ng0 Note Added: 0014230
2019-03-21 14:24 ng0 Assigned To => Christian Grothoff
2019-03-21 14:24 ng0 Status new => feedback
2019-04-05 23:13 Christian Grothoff Note Added: 0014259
2019-09-04 07:04 Christian Grothoff Assigned To Christian Grothoff =>
2019-09-04 07:04 Christian Grothoff Status feedback => acknowledged
2019-09-10 10:38 ng0 Note Added: 0014879
2019-09-10 10:39 ng0 Note Edited: 0014879 View Revisions
2019-09-10 10:40 ng0 Note Edited: 0014879 View Revisions
2019-09-10 13:34 Christian Grothoff Note Added: 0014880
2019-09-11 14:04 ng0 Note Added: 0014883
2019-09-11 14:04 ng0 Assigned To => ng0
2019-09-11 14:04 ng0 Status acknowledged => assigned
2019-09-13 01:23 ng0 Note Added: 0014895