gandalf/secubox-openwrt
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
82d2e8575d
secubox-openwrt/package/secubox/netifyd/SDK-LIMITATION.md
CyberMind-FR 8fcd34abd0 feat: Netifyd Integration & Build System Improvements (v0.9.1) 
Major updates:
- Replace luci-app-netifyd-dashboard with enhanced luci-app-secubox-netifyd
- Add netifyd 5.2.1 package with GCC 13.3/C++17 build fixes
- Fix nd-risks.cpp compilation errors via inline static maps patch
- Enhance local-build.sh with improved package building workflow
- Update secubox-core scripts version to v0.9.1

New Features:
- Complete netifyd dashboard with flows, devices, applications, and settings
- Local data collection with netifyd-collector
- Automated cron-based data aggregation
- RPCd integration for real-time statistics

Build Fixes:
- Patch 001: Fix C++17 inline static maps in nd-risks.hpp and nd-protos.hpp
- Patch 003: Skip ndpi tests to resolve roaring_v2 dependency issues
- Add libatomic dependency
- Include libnetifyd shared libraries in package

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-01-05 17:35:11 +01:00

79 lines
2.5 KiB
Markdown
Raw Blame History

# SDK Build Limitation for Netifyd
## Issue
Netifyd **cannot be built using the OpenWrt SDK** because it requires base system libraries that are not available in the SDK environment:
- `libmnl` (Minimal Netlink library)
- `libnetfilter-conntrack`
- `libpcap`
- `libjson-c`
- Various kernel modules
## Why This Happens
The OpenWrt SDK is designed for building **application packages** that depend on already-compiled system libraries. Net
ifyd is a **system-level daemon** with deep integration into the kernel networking stack, requiring libraries that must be compiled as part of the base system.
## Solution
### Build netifyd as part of firmware
```bash
# Build full SecuBox firmware with netifyd included
./secubox-tools/local-build.sh build-firmware mochabin
```
Netifyd will be automatically included in firmware builds as it's configured in the firmware package list.
### Alternative: Use Pre-Built Packages
If you need standalone `.ipk` files, build them from a full firmware build:
```bash
# After firmware build completes
find openwrt/bin/packages -name "netifyd*.ipk"
find openwrt/bin/packages -name "luci-app-secubox-netifyd*.ipk"
```
## Why SDK Builds Fail
When you try `./secubox-tools/local-build.sh build netifyd`, it fails with:
```
configure: error: Package requirements (libmnl >= 1.0.3) were not met
```
This is because:
1. SDK doesn't include kernel-level libraries
2. SDK can't compile these libraries (they require full buildroot)
3. Netifyd's configure script can't find the required dependencies
## Recommended Workflow
**For Development:**
- Build firmware with netifyd: `./secubox-tools/local-build.sh build-firmware x86-64`
- Extract netifyd IPK from `openwrt/bin/packages`
- Install on device for testing
**For Production:**
- Always include netifyd in firmware images
- Distributed as part of complete SecuBox firmware
## Technical Details
Netifyd requires these system components:
- **Kernel modules:** nf_conntrack, nfnetlink, etc.
- **System libraries:** Built against specific libc (musl/glibc)
- **Headers:** Kernel headers for netlink/conntrack
- **Build tools:** Full autotools, pkg-config with system library paths
The SDK provides none of these - it only provides a cross-compilation toolchain and application-level library stubs.
## See Also
- [BUILD-INSTRUCTIONS.md](BUILD-INSTRUCTIONS.md) - Full build instructions
- [INTEGRATION.md](INTEGRATION.md) - Integration with SecuBox
- OpenWrt docs on SDK limitations: https://openwrt.org/docs/guide-developer/toolchain/using_the_sdk
Reference in New Issue View Git Blame Copy Permalink