[PATCH] [iptables] extensions: libxt_LOG.c: fix linux/netfilter/xt_LOG.h include on Linux < 3.4

[PATCH] [iptables] extensions: libxt_LOG.c: fix linux/netfilter/xt_LOG.h include on Linux < 3.4

[Thomas Devoogdt]

libxt_LOG.c:6:10: fatal error: linux/netfilter/xt_LOG.h: No such file or directory
. #include <linux/netfilter/xt_LOG.h>
          ^~~~~~~~~~~~~~~~~~~~~~~~~~

Linux < 3.4 defines are in include/linux/netfilter_ipv{4,6}/ipt_LOG.h,
but the naming is slightly different, so just define it here as the values are the same.

https://github.com/torvalds/linux/commit/6939c33a757bd006c5e0b8b5fd429fc587a4d0f4

Signed-off-by: Thomas Devoogdt <thomas.devoogdt@barco.com>
---
 extensions/libxt_LOG.c | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/extensions/libxt_LOG.c b/extensions/libxt_LOG.c
index b6fe0b2e..beb1d40a 100644
--- a/extensions/libxt_LOG.c
+++ b/extensions/libxt_LOG.c
@@ -3,7 +3,27 @@
 #define SYSLOG_NAMES
 #include <syslog.h>
 #include <xtables.h>
+#include <linux/version.h>
+
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(3, 4, 0)
 #include <linux/netfilter/xt_LOG.h>
+#else
+/* Linux < 3.4 defines are in include/linux/netfilter_ipv{4,6}/ipt_LOG.h,
+   but the naming is slightly different, so just define it here as the values are the same. */
+#define XT_LOG_TCPSEQ           0x01    /* Log TCP sequence numbers */
+#define XT_LOG_TCPOPT           0x02    /* Log TCP options */
+#define XT_LOG_IPOPT            0x04    /* Log IP options */
+#define XT_LOG_UID              0x08    /* Log UID owning local socket */
+#define XT_LOG_NFLOG            0x10    /* Unsupported, don't reuse */
+#define XT_LOG_MACDECODE        0x20    /* Decode MAC header */
+#define XT_LOG_MASK             0x2f
+
+struct xt_log_info {
+        unsigned char level;
+        unsigned char logflags;
+        char prefix[30];
+};
+#endif
 
 #define LOG_DEFAULT_LEVEL LOG_WARNING
 
-- 
2.39.2

Re: [PATCH] [iptables] extensions: libxt_LOG.c: fix linux/netfilter/xt_LOG.h include on Linux < 3.4

[Pablo Neira Ayuso]

On Wed, Feb 22, 2023 at 08:23:49AM +0100, Thomas Devoogdt wrote:
> libxt_LOG.c:6:10: fatal error: linux/netfilter/xt_LOG.h: No such file or directory
> . #include <linux/netfilter/xt_LOG.h>
>           ^~~~~~~~~~~~~~~~~~~~~~~~~~
> 
> Linux < 3.4 defines are in include/linux/netfilter_ipv{4,6}/ipt_LOG.h,
> but the naming is slightly different, so just define it here as the values are the same.
> 
> https://github.com/torvalds/linux/commit/6939c33a757bd006c5e0b8b5fd429fc587a4d0f4

Probably you could add xt_LOG.h to iptables/include/linux/netfilter/ ?

There are plenty of headers that are cached there to make sure
userspace compile with minimal external dependencies.

xt_LOG.h is missing for some reason in that folder, but there are many
of xt_*.h files there.

Re: [PATCH] [iptables] extensions: libxt_LOG.c: fix linux/netfilter/xt_LOG.h include on Linux < 3.4

[Phil Sutter]

On Wed, Feb 22, 2023 at 11:04:41AM +0100, Pablo Neira Ayuso wrote:
> On Wed, Feb 22, 2023 at 08:23:49AM +0100, Thomas Devoogdt wrote:
> > libxt_LOG.c:6:10: fatal error: linux/netfilter/xt_LOG.h: No such file or directory
> > . #include <linux/netfilter/xt_LOG.h>
> >           ^~~~~~~~~~~~~~~~~~~~~~~~~~
> > 
> > Linux < 3.4 defines are in include/linux/netfilter_ipv{4,6}/ipt_LOG.h,
> > but the naming is slightly different, so just define it here as the values are the same.
> > 
> > https://github.com/torvalds/linux/commit/6939c33a757bd006c5e0b8b5fd429fc587a4d0f4
> 
> Probably you could add xt_LOG.h to iptables/include/linux/netfilter/ ?
> 
> There are plenty of headers that are cached there to make sure
> userspace compile with minimal external dependencies.
> 
> xt_LOG.h is missing for some reason in that folder, but there are many
> of xt_*.h files there.

While being at it, how about caching all netfilter kernel headers we
include? The only downside I see is that we may have to update them from
time to time (in case new symbols land) but that's rare and the
alternative is accidental breakages like above.

WDYT? I'd volunteer to do it. :)

Cheers, Phil

Re: [PATCH] [iptables] extensions: libxt_LOG.c: fix linux/netfilter/xt_LOG.h include on Linux < 3.4

[Pablo Neira Ayuso]

On Wed, Feb 22, 2023 at 01:07:15PM +0100, Phil Sutter wrote:
> On Wed, Feb 22, 2023 at 11:04:41AM +0100, Pablo Neira Ayuso wrote:
> > On Wed, Feb 22, 2023 at 08:23:49AM +0100, Thomas Devoogdt wrote:
> > > libxt_LOG.c:6:10: fatal error: linux/netfilter/xt_LOG.h: No such file or directory
> > > . #include <linux/netfilter/xt_LOG.h>
> > >           ^~~~~~~~~~~~~~~~~~~~~~~~~~
> > > 
> > > Linux < 3.4 defines are in include/linux/netfilter_ipv{4,6}/ipt_LOG.h,
> > > but the naming is slightly different, so just define it here as the values are the same.
> > > 
> > > https://github.com/torvalds/linux/commit/6939c33a757bd006c5e0b8b5fd429fc587a4d0f4
> > 
> > Probably you could add xt_LOG.h to iptables/include/linux/netfilter/ ?
> > 
> > There are plenty of headers that are cached there to make sure
> > userspace compile with minimal external dependencies.
> > 
> > xt_LOG.h is missing for some reason in that folder, but there are many
> > of xt_*.h files there.
> 
> While being at it, how about caching all netfilter kernel headers we
> include? The only downside I see is that we may have to update them from
> time to time (in case new symbols land) but that's rare and the
> alternative is accidental breakages like above.

Caching _all_ dependencies is going to be hard, because it might pull
in lots of header files. The idea so far has been to find a reasonable
tradeoff, ensuring that iptables compilation is self-contained in a
best effort approach.

> WDYT? I'd volunteer to do it. :)

iptables already caches a lot of header files, as I said I don't
remember why this one has never been cached before.

Re: [PATCH] [iptables] extensions: libxt_LOG.c: fix linux/netfilter/xt_LOG.h include on Linux < 3.4

[Phil Sutter]

On Wed, Feb 22, 2023 at 02:30:51PM +0100, Pablo Neira Ayuso wrote:
> On Wed, Feb 22, 2023 at 01:07:15PM +0100, Phil Sutter wrote:
> > On Wed, Feb 22, 2023 at 11:04:41AM +0100, Pablo Neira Ayuso wrote:
> > > On Wed, Feb 22, 2023 at 08:23:49AM +0100, Thomas Devoogdt wrote:
> > > > libxt_LOG.c:6:10: fatal error: linux/netfilter/xt_LOG.h: No such file or directory
> > > > . #include <linux/netfilter/xt_LOG.h>
> > > >           ^~~~~~~~~~~~~~~~~~~~~~~~~~
> > > > 
> > > > Linux < 3.4 defines are in include/linux/netfilter_ipv{4,6}/ipt_LOG.h,
> > > > but the naming is slightly different, so just define it here as the values are the same.
> > > > 
> > > > https://github.com/torvalds/linux/commit/6939c33a757bd006c5e0b8b5fd429fc587a4d0f4
> > > 
> > > Probably you could add xt_LOG.h to iptables/include/linux/netfilter/ ?
> > > 
> > > There are plenty of headers that are cached there to make sure
> > > userspace compile with minimal external dependencies.
> > > 
> > > xt_LOG.h is missing for some reason in that folder, but there are many
> > > of xt_*.h files there.
> > 
> > While being at it, how about caching all netfilter kernel headers we
> > include? The only downside I see is that we may have to update them from
> > time to time (in case new symbols land) but that's rare and the
> > alternative is accidental breakages like above.
> 
> Caching _all_ dependencies is going to be hard, because it might pull
> in lots of header files. The idea so far has been to find a reasonable
> tradeoff, ensuring that iptables compilation is self-contained in a
> best effort approach.

OK, for fun I tried compiling with linux headers from 2.6.39 and 3.0.101
in /usr/include/linux. The only missing files apart from the above were
linux/bpf{,_common}.h. So I guess if we add those as well, we're good
for a while. :)

> > WDYT? I'd volunteer to do it. :)
> 
> iptables already caches a lot of header files, as I said I don't
> remember why this one has never been cached before.

Git says, it's my fault. :(
When merging libipt and libip6t LOG.c files, I introduced the include
but missed to copy the header as well.

I'll apply Thomas' patch adding a reference to my commit and follow up
with bpf header copy (unless someone objects).

Thanks, Phil

Re: [PATCH] [iptables] extensions: libxt_LOG.c: fix linux/netfilter/xt_LOG.h include on Linux < 3.4

[Phil Sutter]

On Wed, Feb 22, 2023 at 04:32:09PM +0100, Phil Sutter wrote:
[...]
> I'll apply Thomas' patch adding a reference to my commit and follow up
> with bpf header copy (unless someone objects).

Actually, I'll send a patch copying xt_LOG.h instead. Sorry for any
confusion mine caused.

Re: [PATCH] [iptables] extensions: libxt_LOG.c: fix linux/netfilter/xt_LOG.h include on Linux < 3.4

[Phil Sutter]

On Wed, Feb 22, 2023 at 04:32:09PM +0100, Phil Sutter wrote:
[...]
> I'll apply Thomas' patch adding a reference to my commit and follow up
> with bpf header copy (unless someone objects).

Scratch the BPF header copy idea - bpf.h is 260KB and libxt_bpf.c acts
accordingly if missing (I just missed calling configure when playing
around).

Re: [PATCH] [iptables] extensions: libxt_LOG.c: fix linux/netfilter/xt_LOG.h include on Linux < 3.4

[Thomas Devoogdt]

HI,

I saw your new commit:
https://patchwork.ozlabs.org/project/netfilter-devel/patch/20230222155601.31645-1-phil@nwl.cc/,

Thx in advance.
No further action from my side is required I guess.

Kr,

Thomas

Op wo 22 feb. 2023 om 16:55 schreef Phil Sutter <phil@nwl.cc>:
>
> On Wed, Feb 22, 2023 at 04:32:09PM +0100, Phil Sutter wrote:
> [...]
> > I'll apply Thomas' patch adding a reference to my commit and follow up
> > with bpf header copy (unless someone objects).
>
> Scratch the BPF header copy idea - bpf.h is 260KB and libxt_bpf.c acts
> accordingly if missing (I just missed calling configure when playing
> around).
>

Re: [PATCH] [iptables] extensions: libxt_LOG.c: fix linux/netfilter/xt_LOG.h include on Linux < 3.4

[Phil Sutter]

On Wed, Feb 22, 2023 at 05:21:58PM +0100, Thomas Devoogdt wrote:
> I saw your new commit:
> https://patchwork.ozlabs.org/project/netfilter-devel/patch/20230222155601.31645-1-phil@nwl.cc/,
> 
> Thx in advance.
> No further action from my side is required I guess.

Thanks for confirming. I'll push the patch.

Cheers, Phil