gandalf/secubox-openwrt
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8fcd34abd0
secubox-openwrt/package/secubox/netifyd/SDK-LIMITATION.md
CyberMind-FR 8fcd34abd0 feat: Netifyd Integration & Build System Improvements (v0.9.1) 
Major updates:
- Replace luci-app-netifyd-dashboard with enhanced luci-app-secubox-netifyd
- Add netifyd 5.2.1 package with GCC 13.3/C++17 build fixes
- Fix nd-risks.cpp compilation errors via inline static maps patch
- Enhance local-build.sh with improved package building workflow
- Update secubox-core scripts version to v0.9.1

New Features:
- Complete netifyd dashboard with flows, devices, applications, and settings
- Local data collection with netifyd-collector
- Automated cron-based data aggregation
- RPCd integration for real-time statistics

Build Fixes:
- Patch 001: Fix C++17 inline static maps in nd-risks.hpp and nd-protos.hpp
- Patch 003: Skip ndpi tests to resolve roaring_v2 dependency issues
- Add libatomic dependency
- Include libnetifyd shared libraries in package

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-01-05 17:35:11 +01:00

2.5 KiB
Raw Blame History

SDK Build Limitation for Netifyd

Issue

Netifyd cannot be built using the OpenWrt SDK because it requires base system libraries that are not available in the SDK environment:

  • libmnl (Minimal Netlink library)
  • libnetfilter-conntrack
  • libpcap
  • libjson-c
  • Various kernel modules

Why This Happens

The OpenWrt SDK is designed for building application packages that depend on already-compiled system libraries. Net

ifyd is a system-level daemon with deep integration into the kernel networking stack, requiring libraries that must be compiled as part of the base system.

Solution

Build netifyd as part of firmware

# Build full SecuBox firmware with netifyd included
./secubox-tools/local-build.sh build-firmware mochabin

Netifyd will be automatically included in firmware builds as it's configured in the firmware package list.

Alternative: Use Pre-Built Packages

If you need standalone .ipk files, build them from a full firmware build:

# After firmware build completes
find openwrt/bin/packages -name "netifyd*.ipk"
find openwrt/bin/packages -name "luci-app-secubox-netifyd*.ipk"

Why SDK Builds Fail

When you try ./secubox-tools/local-build.sh build netifyd, it fails with:

configure: error: Package requirements (libmnl >= 1.0.3) were not met

This is because:

  1. SDK doesn't include kernel-level libraries
  2. SDK can't compile these libraries (they require full buildroot)
  3. Netifyd's configure script can't find the required dependencies

Recommended Workflow

For Development:

  • Build firmware with netifyd: ./secubox-tools/local-build.sh build-firmware x86-64
  • Extract netifyd IPK from openwrt/bin/packages
  • Install on device for testing

For Production:

  • Always include netifyd in firmware images
  • Distributed as part of complete SecuBox firmware

Technical Details

Netifyd requires these system components:

  • Kernel modules: nf_conntrack, nfnetlink, etc.
  • System libraries: Built against specific libc (musl/glibc)
  • Headers: Kernel headers for netlink/conntrack
  • Build tools: Full autotools, pkg-config with system library paths

The SDK provides none of these - it only provides a cross-compilation toolchain and application-level library stubs.

See Also