Re: [PATCH nf-next 1/4] netfilter: nf_conntrack_tuple_common.h: fix #include

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Davide Caratti <dcaratti@redhat.com>
To: Mikko Rapeli <mikko.rapeli@iki.fi>
Cc: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>,
	"David S . Miller" <davem@davemloft.net>,
	Florian Westphal <fw@strlen.de>,
	Hideaki YOSHIFUJI <yoshfuji@linux-ipv6.org>,
	James Morris <jmorris@namei.org>,
	Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>,
	Pablo Neira Ayuso <pablo@netfilter.org>,
	Patrick McHardy <kaber@trash.net>,
	coreteam@netfilter.org, netfilter-devel@vger.kernel.org
Subject: Re: [PATCH nf-next 1/4] netfilter: nf_conntrack_tuple_common.h: fix #include
Date: Mon, 14 Nov 2016 15:01:57 +0100	[thread overview]
Message-ID: <1479132117.2430.66.camel@redhat.com> (raw)
In-Reply-To: <1478865739.2571.62.camel@redhat.com>

On Fri, 2016-11-11 at 13:02 +0100, Davide Caratti wrote:
> 
> > Is there a kernel side conflict between uapi and net/netns headers?
> 
> Looks like a circular dependency is here, or nf_conntrack_tuple_common.h
> is including the wrong netfilter.h. From within net/netns/conntrack.h I
> can include only those UAPI files that don't include <linux/netfilter.h>
> (for example, nf_conntrack_tcp.h that uses '2' instead of
> IP_CT_DIR_MAX).

hello Mikko,

I looked at the dependency issue:

current include/linux/netfilter.h needs include/net/net_namespace.h (i.e.
nf_hook() needs struct net), and include/net/net_namespace.h needs
include/net/netns/conntrack.h (i.e. struct net needs struct netns_ct).

That's why it's not possible to do #include <linux/netfilter.h> in
include/net/netns/conntrack.h, and it's not possible in
include/net/netns/conntrack.h to include any linux/netfilter/*.h UAPI
header where #include <linux/netfilter.h> line is present: the
preprocessor will prefer including include/linux/netfilter.h before
include/uapi/linux/netfilter.h, thus generating the dependency error.

One possible fix for the above issue is to modify
include/uapi/nf_conntrack_tuple_common.h in a way that it avoids including
<linux/netfilter.h> when kernel sources are being built, and still exposes
to userspace applications the same contents as commit 1ffad83dffd6
("netfilter: fix include files for compilation"):

<...>
#include <linux/types.h>
#ifndef __KERNEL__
#include <linux/netfilter.h>
#endif
#include <linux/netfilter/nf_conntrack_common.h> /* for IP_CT_IS_REPLY */
<...>

BTW, include/uapi/linux/capi.h apparently does something similar with
linux/kernelcapi.h. With the above change, also the output of 

$ pushd usr/include
$ ../../scripts/headers_compile_test.sh -k | grep FAILED
$ popd

is preserved.

Are you ok if I post a v2 where the above change (and a minor fix: use
_UAPI_NF_CONNTRACK_TUPLE_COMMON_H in place of NF_CONNTRACK_TUPLE_COMMON_H
on the first lines) is done to nf_conntrack_tuple_common.h?

regards,
--
davide

next prev parent reply	other threads:[~2016-11-14 14:02 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-11-10 14:46 [PATCH nf-next 0/4] netfilter: built-in conntrack support for DCCP, SCTP, UDPlite Davide Caratti
2016-11-10 14:46 ` [PATCH nf-next 1/4] netfilter: nf_conntrack_tuple_common.h: fix #include Davide Caratti
2016-11-11 10:07   ` Mikko Rapeli
2016-11-11 12:02     ` Davide Caratti
2016-11-14 14:01       ` Davide Caratti [this message]
2016-11-14 17:59         ` mikko.rapeli
2016-11-10 14:46 ` [PATCH nf-next 2/4] netfilter: conntrack: built-in support for DCCP Davide Caratti
2016-11-10 14:46 ` [PATCH nf-next 3/4] netfilter: conntrack: built-in support for SCTP Davide Caratti
2016-11-10 14:46 ` [PATCH nf-next 4/4] netfilter: conntrack: built-in support for UDPlite Davide Caratti

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1479132117.2430.66.camel@redhat.com \
    --to=dcaratti@redhat.com \
    --cc=coreteam@netfilter.org \
    --cc=davem@davemloft.net \
    --cc=fw@strlen.de \
    --cc=jmorris@namei.org \
    --cc=kaber@trash.net \
    --cc=kadlec@blackhole.kfki.hu \
    --cc=kuznet@ms2.inr.ac.ru \
    --cc=mikko.rapeli@iki.fi \
    --cc=netfilter-devel@vger.kernel.org \
    --cc=pablo@netfilter.org \
    --cc=yoshfuji@linux-ipv6.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.