From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Jan Engelhardt <jengelh@medozas.de>
Cc: netfilter-devel@vger.kernel.org
Subject: Re: iptables pull request
Date: Tue, 05 May 2009 15:26:35 +0200 [thread overview]
Message-ID: <4A003E8B.7050002@netfilter.org> (raw)
In-Reply-To: <alpine.LSU.2.00.0905050116060.5938@fbirervta.pbzchgretzou.qr>
Jan Engelhardt wrote:
> I do not think we planned for a stable API - but feel free to ask Jamal.
> The main target was ABI, because... - I am not sure how m_ipt did it,
> but I seem to remember that despite version checks (ie. struct
> xtables_match->version) it provided an iptables-like API that was not
> actually that from the respective iptables version. Or something.
Well, IMO if this is intended to be a public API it should be stable.
> I am not sure what m_ipt did previously w.r.t. checks, but there are now
> various mechanisms in place to ensure ABIs do not get mixed up
> erroneously:
>
> - soversion. m_ipt now links against, say, libxtables.so.2. If the
> latter changes incompatibly, it becomes libxtables.so.3, and the
> runtime linker ld.so will take care of it -- by throwing a "file not
> found" error, or by actually loading a still-existing .so.2.
>
> - libxtables will not load extensions that have a mismatching soversion
> string
>
> - lastly, we could make it so that every extension is backlinked to
> libxtables.so.$version as an added measure but I had not yet given
> thought of the impact that it causes for running iptables directly from
> the source directory.
Aware of all of those, but I think that we should not abuse these
because versioning is not a solution, it's more like a workaround. If we
change the ABI over and over again, this will result in binary breakages
and really bad experience from the user side.
--
"Los honestos son inadaptados sociales" -- Les Luthiers
prev parent reply other threads:[~2009-05-05 13:26 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-05-03 19:54 iptables pull request Jan Engelhardt
2009-05-03 19:54 ` [PATCH 1/9] iptables: accept multiple IP address specifications for -s, -d Jan Engelhardt
2009-05-03 19:54 ` [PATCH 2/9] DNAT/SNAT: add manpage documentation for --persistent flag Jan Engelhardt
2009-05-03 19:54 ` [PATCH 3/9] extensions: remove redundant casts Jan Engelhardt
2009-05-03 19:54 ` [PATCH 4/9] extensions: switch numeric to bool Jan Engelhardt
2009-05-03 19:54 ` [PATCH 5/9] libxt_helper: fix invalid passed option to check_inverse Jan Engelhardt
2009-05-03 19:54 ` [PATCH 6/9] extensions: switch invert to bool Jan Engelhardt
2009-05-03 19:54 ` [PATCH 7/9] extensions: switch parse() return type " Jan Engelhardt
2009-05-03 19:54 ` [PATCH 8/9] extensions: add const qualifiers in print/save functions Jan Engelhardt
2009-05-03 19:54 ` [PATCH 9/9] iptables: replace open-coded sizeof by ARRAY_SIZE Jan Engelhardt
2009-05-04 13:23 ` iptables pull request Pablo Neira Ayuso
2009-05-04 23:54 ` Jan Engelhardt
2009-05-05 13:26 ` Pablo Neira Ayuso [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4A003E8B.7050002@netfilter.org \
--to=pablo@netfilter.org \
--cc=jengelh@medozas.de \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.