All of lore.kernel.org
 help / color / mirror / Atom feed
From: Pablo Neira Ayuso <pablo@netfilter.org>
To: "Anthony G. Basile" <basile@opensource.dyc.edu>
Cc: davem@davemloft.net, kaber@trash.net, blueness@gentoo.org,
	gurligebis@gentoo.org, base-system@gentoo.org, kernel@gentoo.org,
	toolchain@gentoo.org, mchehab@redhat.com, hverkuil@xs4all.nl,
	laurent.pinchart@ideasonboard.com, arnd@arndb.de,
	eparis@redhat.com, netfilter-devel@vger.kernel.org
Subject: Re: [PATCH] netfilter: install nf_nat.h and related headers to INSTALL_HDR_PATH
Date: Tue, 6 Sep 2011 20:05:05 +0200	[thread overview]
Message-ID: <20110906180505.GA5387@1984> (raw)
In-Reply-To: <4E664E05.4090907@opensource.dyc.edu>

On Tue, Sep 06, 2011 at 12:44:53PM -0400, Anthony G. Basile wrote:
> On 09/05/2011 01:48 PM, Pablo Neira Ayuso wrote:
> > Those headers contain structure layouts that may change along time
> > without further notice, thus breaking backward compatibility.
> > 
> 
> It makes use of
> 
>    union nf_conntrack_man_proto
>    struct nf_nat_range
>    struct nf_nat_multi_range_compat

I see, they are also used by the NAT target in iptables. So these
structure definitions should be exported.

> which are not available in any /usr/include/linux/netfilter header.  It
> needs these for its portfowarding when doing upnp.  The solution in
> Gentoo and other distros is to introduce a local tiny_nf_nat.h in the
> miniupnpd source tree which defines these union/structs, like what
> iptables does. 

This is indeed a good idea. Other net-tools keep a copy of the linux
kernel headers that they need to compile.

> Unlike iptables though, the miniupnpd developer expects
> miniupnpd to -I/usr/src/linux/include which is worse.  Since two
> userland apps need this, and to discourage less than ideal workarounds,
> it makes sense to make it available in include/linux/.

In that case, I'd prefer to add a new file that contains only those
structures to linux/, instead of the whole file with the internal NAT
definitions.

> Also, in answer to Jan, yes it would be best if these go into linux/
> rather than net/.
>
> Perhaps the approach here should be to introduce
> linux/include/linux/netfilter/nf_nat.h which contains these structs and
> is a sanitized version of net/netfilter/nf_nat.h, so that it doesn't
> contain struct layouts that will break backwards compat.  This also
> address Jan's concern and a simple header-y += would install nf_nat.h in
> the right place.

This is exactly what I like, please do it this way.

> > and BTW, no need to cross-post this message to such a huge list of CC.
> > I guess you could simply use netfilter-devel for this.
> 
> I followed what get_maintainer.pl gave me.  I've removed all the
> @vger.kernel.org lists except netfilter-devel@  Please re-add any you
> think they should be there.

Hm, interesting, that's quite spamming.

  reply	other threads:[~2011-09-06 18:05 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2011-09-03 18:49 [PATCH] netfilter: install nf_nat.h and related headers to INSTALL_HDR_PATH Anthony G. Basile
2011-09-03 19:41 ` Jan Engelhardt
2011-09-05 17:48 ` Pablo Neira Ayuso
2011-09-06 16:44   ` Anthony G. Basile
2011-09-06 18:05     ` Pablo Neira Ayuso [this message]
2011-09-06 18:11     ` Jan Engelhardt
2011-09-07  9:31       ` Pablo Neira Ayuso
2011-09-07 14:50         ` Patrick McHardy

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20110906180505.GA5387@1984 \
    --to=pablo@netfilter.org \
    --cc=arnd@arndb.de \
    --cc=base-system@gentoo.org \
    --cc=basile@opensource.dyc.edu \
    --cc=blueness@gentoo.org \
    --cc=davem@davemloft.net \
    --cc=eparis@redhat.com \
    --cc=gurligebis@gentoo.org \
    --cc=hverkuil@xs4all.nl \
    --cc=kaber@trash.net \
    --cc=kernel@gentoo.org \
    --cc=laurent.pinchart@ideasonboard.com \
    --cc=mchehab@redhat.com \
    --cc=netfilter-devel@vger.kernel.org \
    --cc=toolchain@gentoo.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.