Re: Use of Kernel Headers

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Jim Gifford <maillist@jg555.com>
To: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Cc: Henrik Nordstrom <hno@marasystems.com>,
	Netfilter Developer <netfilter-devel@lists.netfilter.org>
Subject: Re: Use of Kernel Headers
Date: Fri, 20 Aug 2004 23:47:52 -0700	[thread overview]
Message-ID: <4126F018.207@jg555.com> (raw)
In-Reply-To: <Pine.LNX.4.58.0408182356030.5432@blackhole.kfki.hu>

Jozsef Kadlecsik wrote:

>On Wed, 18 Aug 2004, Henrik Nordstrom wrote:
>
>  
>
>>On Tue, 17 Aug 2004, Jim Gifford wrote:
>>
>>    
>>
>>>It has been stated numerous times that userspace programs should not be
>>>compiled against raw kernel headers, but iptables does compile against
>>>userspace headers and breaks this rule. With the advent of the
>>>linux-libc-headers package, should iptables be compiled against the
>>>linux-libc-headers or the raw kernel headers since iptables is a user space
>>>program?
>>>      
>>>
>>This depends on if you build iptables for your custom patched kernel or a
>>standard kernel.
>>
>>For a standard kernel it should be sufficient with linux-libc-headers I
>>think, but it is possible some required linux iptables headers is missing
>>from the iptables package (include/linux/netfilter_ipv[46]/). If
>>you find some missing please report here which files needs to be added
>>from the kernel tree and maybe it can be cleaned up.
>>    
>>
>
>The include/linux tree in the iptables source exists for
>forward-compatibility reasons only. The to-be-submitted new extensions are
>added to the iptables tree, together with their header files and enabled
>for default compilation in the Makefile. Thus when one donwloads/installs
>the next kernel release, there is no need to touch the iptables binary
>because it knows about the new extensions. The definite source of the
>include files is the kernel tree for iptables, which overrides the
>include directory in the userspace source.
>
>  
>
>>>Should patch-o-matic update the headers in the proper location,
>>>/usr/include/linux/netfilter_ipv4 etc?
>>>      
>>>
>>patch-o-matic should always update the kernel source tree and your
>>iptables should then be built to this source tree. This to make sure
>>the view of iptables and your kernel matches. But to be honest it should
>>only be the include/linux/netfilter_ipv[46]/ directories which is required
>>by iptables.
>>    
>>
>
>pom should definitely not update /usr/include/linux because the kernel
>version there can be (usually are) different than in the patched kernel
>source. Also, /usr/include/linux is maintained by the given distribution.
>Next update could simply overwrite patched files, checksumming would fail
>in built-in IDS, etc.
>
>My impression is that netfilter/iptables/pom does not really fit into
>the linux-libc-headers schema. And iptables should compile cleanly on any
>distro, including the ones which do not contain linux-libc-headers.
>
>Best regards,
>Jozsef
>-
>E-mail  : kadlec@blackhole.kfki.hu, kadlec@sunserv.kfki.hu
>PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
>Address : KFKI Research Institute for Particle and Nuclear Physics
>          H-1525 Budapest 114, POB. 49, Hungary
>
>  
>
Jozsef,
    I understand you point, and have thought about it quite a bit before 
I replied. Most of the distro's who are distributing 2.6 are using the 
linux-libc-headers or making there own. Currently Linus has stated on 
numerous times that userspace programs should not use the kernel source 
headers.

This all goes back to having true separation between the kernel and 
userspace, I'm starting to think iptables is different in it's situation 
and true separation will never be possible


-- 
----
Jim Gifford
maillist@jg555.com

next prev parent reply	other threads:[~2004-08-21  6:47 UTC|newest]

Thread overview: 17+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2004-08-17 21:10 Use of Kernel Headers Jim Gifford
2004-08-17 23:32 ` Henrik Nordstrom
2004-08-18  5:36   ` Jim Gifford
2004-08-18 19:00     ` Henrik Nordstrom
2004-08-18 19:25       ` Jim Gifford
2004-08-18 20:03         ` Henrik Nordstrom
2004-08-18 20:48           ` Jim Gifford
2004-08-18 20:51             ` Henrik Nordstrom
2004-08-18 21:01               ` Jim Gifford
2004-08-18 22:30   ` Jozsef Kadlecsik
2004-08-21  6:47     ` Jim Gifford [this message]
2004-08-21  9:30       ` Henrik Nordstrom
2004-08-21 14:53         ` Tobias DiPasquale
2004-08-21 15:13           ` Henrik Nordstrom
  -- strict thread matches above, loose matches on Subject: below --
2004-08-17 20:40 Jim Gifford
2004-08-17 21:00 ` Antony Stone
2004-08-17 21:09   ` Jim Gifford

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4126F018.207@jg555.com \
    --to=maillist@jg555.com \
    --cc=hno@marasystems.com \
    --cc=kadlec@blackhole.kfki.hu \
    --cc=netfilter-devel@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.