From: Jim Gifford <maillist@jg555.com>
To: Henrik Nordstrom <hno@marasystems.com>
Cc: Netfilter Developer <netfilter-devel@lists.netfilter.org>
Subject: Re: Use of Kernel Headers
Date: Tue, 17 Aug 2004 22:36:26 -0700 [thread overview]
Message-ID: <4122EADA.7030501@jg555.com> (raw)
In-Reply-To: <Pine.LNX.4.61.0408180123380.7879@filer.marasystems.com>
Henrik Nordstrom wrote:
> On Tue, 17 Aug 2004, Jim Gifford wrote:
>
>> It has been stated numerous times that userspace programs should not
>> be compiled against raw kernel headers, but iptables does compile
>> against userspace headers and breaks this rule. With the advent of
>> the linux-libc-headers package, should iptables be compiled against
>> the linux-libc-headers or the raw kernel headers since iptables is a
>> user space program?
>
>
> This depends on if you build iptables for your custom patched kernel
> or a standard kernel.
>
> For a standard kernel it should be sufficient with linux-libc-headers
> I think, but it is possible some required linux iptables headers is
> missing from the iptables package (include/linux/netfilter_ipv[46]/).
> If you find some missing please report here which files needs to be
> added from the kernel tree and maybe it can be cleaned up.
>
>> Should patch-o-matic update the headers in the proper location,
>> /usr/include/linux/netfilter_ipv4 etc?
>
>
> patch-o-matic should always update the kernel source tree and your
> iptables should then be built to this source tree. This to make sure
> the view of iptables and your kernel matches. But to be honest it
> should only be the include/linux/netfilter_ipv[46]/ directories which
> is required by iptables.
>
> Regards
> Henrik
>
Ok so we build iptables against the linux-libc-headers, then we then use
patch-o-matic-ng to add new support for psd(insert you own example). But
iptables is set to compile using the linux-libc-headers, won't the
compile fail since it can't find ipt_psd.h in the linux-libc-headers.
If patch-o-matic changes a header, it should also check
/usr/include/linux/netfilter{whatever} and patch that file also so they
are insync with each other. Which presents a headache since the
linux-libc-headers are only released when a new release is out. Unless
you check the version.h file that comes with linux-libc-headers and
verfiy the value of LIBC_HEADERS_VERSION.
So it's a double edge sword the way I see it.
--
----
Jim Gifford
maillist@jg555.com
next prev parent reply other threads:[~2004-08-18 5:36 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-08-17 21:10 Use of Kernel Headers Jim Gifford
2004-08-17 23:32 ` Henrik Nordstrom
2004-08-18 5:36 ` Jim Gifford [this message]
2004-08-18 19:00 ` Henrik Nordstrom
2004-08-18 19:25 ` Jim Gifford
2004-08-18 20:03 ` Henrik Nordstrom
2004-08-18 20:48 ` Jim Gifford
2004-08-18 20:51 ` Henrik Nordstrom
2004-08-18 21:01 ` Jim Gifford
2004-08-18 22:30 ` Jozsef Kadlecsik
2004-08-21 6:47 ` Jim Gifford
2004-08-21 9:30 ` Henrik Nordstrom
2004-08-21 14:53 ` Tobias DiPasquale
2004-08-21 15:13 ` Henrik Nordstrom
-- strict thread matches above, loose matches on Subject: below --
2004-08-17 20:40 Jim Gifford
2004-08-17 21:00 ` Antony Stone
2004-08-17 21:09 ` Jim Gifford
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4122EADA.7030501@jg555.com \
--to=maillist@jg555.com \
--cc=hno@marasystems.com \
--cc=netfilter-devel@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.