[Buildroot] [PATCH 1/1] iptables: fix userspace compilation of ip tables with C++

[Buildroot] [PATCH 1/1] iptables: fix userspace compilation of ip tables with C++

[Matt Weber]

Signed-off-by: Matt Weber <matthew.weber@rockwellcollins.com>
---
 ...ix-userspace-compilation-of-ip_tables_c_h.patch |   43 ++++++++++++++++++++
 1 file changed, 43 insertions(+)
 create mode 100644 package/iptables/iptables-03-fix-userspace-compilation-of-ip_tables_c_h.patch

diff --git a/package/iptables/iptables-03-fix-userspace-compilation-of-ip_tables_c_h.patch b/package/iptables/iptables-03-fix-userspace-compilation-of-ip_tables_c_h.patch
new file mode 100644
index 0000000..5b769b1
--- /dev/null
+++ b/package/iptables/iptables-03-fix-userspace-compilation-of-ip_tables_c_h.patch
@@ -0,0 +1,43 @@
+From: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
+Date: Sun, 30 Sep 2012 22:49:11 -0600
+Subject: [PATCH] Fix userspace compilation of ip_tables.h/ip6_tables.h in
+	C++ mode
+
+The implicit cast from void * is not allowed for C++ compilers, and the
+arithmetic on void * generates warnings in C++ mode.
+
+$ g++ -c t.cc
+ip_tables.h:221:24: warning: pointer of type 'void *' used in arithmetic
+ip_tables.h:221:24: error: invalid conversion from 'void*' to 'xt_entry_target*'
+
+Signed-off-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
+---
+ include/linux/netfilter_ipv4/ip_tables.h  |    2 +-
+ include/linux/netfilter_ipv6/ip6_tables.h |    2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+diff --git a/include/linux/netfilter_ipv4/ip_tables.h b/include/linux/netfilter_ipv4/ip_tables.h
+index db79231..050ad8a 100644
+--- a/include/linux/netfilter_ipv4/ip_tables.h
++++ b/include/linux/netfilter_ipv4/ip_tables.h
+@@ -226,7 +226,7 @@ struct ipt_get_entries {
+ static __inline__ struct xt_entry_target *
+ ipt_get_target(struct ipt_entry *e)
+ {
+-	return (void *)e + e->target_offset;
++	return (struct xt_entry_target *)((__u8 *)e + e->target_offset);
+ }
+ 
+ /*
+diff --git a/include/linux/netfilter_ipv6/ip6_tables.h b/include/linux/netfilter_ipv6/ip6_tables.h
+index 08c2cbb..3349bf1 100644
+--- a/include/linux/netfilter_ipv6/ip6_tables.h
++++ b/include/linux/netfilter_ipv6/ip6_tables.h
+@@ -263,7 +263,7 @@ struct ip6t_get_entries {
+ static __inline__ struct xt_entry_target *
+ ip6t_get_target(struct ip6t_entry *e)
+ {
+-	return (void *)e + e->target_offset;
++	return (struct xt_entry_target *)((__u8 *)e + e->target_offset);
+ }
+ 
+ /*
-- 
1.7.9.5

[Buildroot] [PATCH 1/1] iptables: fix userspace compilation of ip tables with C++

[Thomas Petazzoni]

Dear Matt Weber,

On Mon, 13 Oct 2014 14:12:43 -0500, Matt Weber wrote:
> 
> Signed-off-by: Matt Weber <matthew.weber@rockwellcollins.com>
> ---
>  ...ix-userspace-compilation-of-ip_tables_c_h.patch |   43 ++++++++++++++++++++
>  1 file changed, 43 insertions(+)
>  create mode 100644 package/iptables/iptables-03-fix-userspace-compilation-of-ip_tables_c_h.patch

This patch apparently dates back from 2012. Why has it never been
merged upstream? Also, I don't really understand the interaction
between the kernel headers, and this include/linux/ header in iptables.

Has the problem been reported upstream to iptables?

Gustavo, an opinion?

Thomas
-- 
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux, Kernel and Android engineering
http://free-electrons.com

[Buildroot] [PATCH 1/1] iptables: fix userspace compilation of ip tables with C++

[Gustavo Zacarias]

On 10/29/2014 06:34 PM, Thomas Petazzoni wrote:

> Dear Matt Weber,
> 
> On Mon, 13 Oct 2014 14:12:43 -0500, Matt Weber wrote:
>>
>> Signed-off-by: Matt Weber <matthew.weber@rockwellcollins.com>
>> ---
>>  ...ix-userspace-compilation-of-ip_tables_c_h.patch |   43 ++++++++++++++++++++
>>  1 file changed, 43 insertions(+)
>>  create mode 100644 package/iptables/iptables-03-fix-userspace-compilation-of-ip_tables_c_h.patch
> 
> This patch apparently dates back from 2012. Why has it never been
> merged upstream? Also, I don't really understand the interaction
> between the kernel headers, and this include/linux/ header in iptables.
> 
> Has the problem been reported upstream to iptables?
> 
> Gustavo, an opinion?

It was posted to lkml & linux-netdev at first, Davem told to post to
netfilter-devel. That was done:

http://marc.info/?t=134904906300003&r=1&w=1

The logic seems right, C++ is more strict and triggers the issue.
It's an issue when dealing with netfilter rules from custom C++ code.

But it seems to have been rejected without much explanation:
http://patchwork.ozlabs.org/patch/188216/

Regards.

[Buildroot] [PATCH 1/1] iptables: fix userspace compilation of ip tables with C++

[Matthew Weber]

All,

On Wed, Oct 29, 2014 at 5:24 PM, Gustavo Zacarias
<gustavo@zacarias.com.ar> wrote:
>
> On 10/29/2014 06:34 PM, Thomas Petazzoni wrote:
>
> > Dear Matt Weber,
> >
> > On Mon, 13 Oct 2014 14:12:43 -0500, Matt Weber wrote:
> >>
> >> Signed-off-by: Matt Weber <matthew.weber@rockwellcollins.com>
> >> ---
> >>  ...ix-userspace-compilation-of-ip_tables_c_h.patch |   43 ++++++++++++++++++++
> >>  1 file changed, 43 insertions(+)
> >>  create mode 100644 package/iptables/iptables-03-fix-userspace-compilation-of-ip_tables_c_h.patch
> >
> > This patch apparently dates back from 2012. Why has it never been
> > merged upstream? Also, I don't really understand the interaction
> > between the kernel headers, and this include/linux/ header in iptables.
> >
> > Has the problem been reported upstream to iptables?
> >
> > Gustavo, an opinion?
>
> It was posted to lkml & linux-netdev at first, Davem told to post to
> netfilter-devel. That was done:
>
> http://marc.info/?t=134904906300003&r=1&w=1
>
> The logic seems right, C++ is more strict and triggers the issue.
> It's an issue when dealing with netfilter rules from custom C++ code.
>
> But it seems to have been rejected without much explanation:
> http://patchwork.ozlabs.org/patch/188216/
>

Should I repost it to netfilter-devel and update my patch to reference
the above information plus the new submission thread?

-- 
Matthew L Weber / Pr Software Engineer
Airborne Information Systems / Security Systems and Software
MS 131-100, C Ave NE, Cedar Rapids, IA, 52498, USA
www.rockwellcollins.com

Note: Any Export License Required Information and License Restricted
Third Party Intellectual Property (TPIP) content must be encrypted and
sent to matthew.weber at corp.rockwellcollins.com.

[Buildroot] [PATCH 1/1] iptables: fix userspace compilation of ip tables with C++

[Matthew Weber]

All,

On Wed, Oct 29, 2014 at 7:48 PM, Matthew Weber
<matthew.weber@rockwellcollins.com> wrote:
> All,
>
> On Wed, Oct 29, 2014 at 5:24 PM, Gustavo Zacarias
> <gustavo@zacarias.com.ar> wrote:
>>
>> On 10/29/2014 06:34 PM, Thomas Petazzoni wrote:
>>
>> > Dear Matt Weber,
>> >
>> > On Mon, 13 Oct 2014 14:12:43 -0500, Matt Weber wrote:
>> >>
>> >> Signed-off-by: Matt Weber <matthew.weber@rockwellcollins.com>
>> >> ---
>> >>  ...ix-userspace-compilation-of-ip_tables_c_h.patch |   43 ++++++++++++++++++++
>> >>  1 file changed, 43 insertions(+)
>> >>  create mode 100644 package/iptables/iptables-03-fix-userspace-compilation-of-ip_tables_c_h.patch
>> >
>> > This patch apparently dates back from 2012. Why has it never been
>> > merged upstream? Also, I don't really understand the interaction
>> > between the kernel headers, and this include/linux/ header in iptables.
>> >
>> > Has the problem been reported upstream to iptables?
>> >
>> > Gustavo, an opinion?
>>
>> It was posted to lkml & linux-netdev at first, Davem told to post to
>> netfilter-devel. That was done:
>>
>> http://marc.info/?t=134904906300003&r=1&w=1
>>
>> The logic seems right, C++ is more strict and triggers the issue.
>> It's an issue when dealing with netfilter rules from custom C++ code.
>>
>> But it seems to have been rejected without much explanation:
>> http://patchwork.ozlabs.org/patch/188216/
>>
>
> Should I repost it to netfilter-devel and update my patch to reference
> the above information plus the new submission thread?

I reposted on netfilter-devel and got clarification that the patch
should probably have been a kernel patch, but the binary interface to
iptables in the kernel has actually been replaced so this issue is
deprecated.  I'll carry the patch in my build locally until we update
our use of the API.

http://www.spinics.net/lists/netfilter-devel/msg33996.html


-- 
Matthew L Weber / Pr Software Engineer
Airborne Information Systems / Security Systems and Software
MS 131-100, C Ave NE, Cedar Rapids, IA, 52498, USA
www.rockwellcollins.com

Note: Any Export License Required Information and License Restricted
Third Party Intellectual Property (TPIP) content must be encrypted and
sent to matthew.weber at corp.rockwellcollins.com.

[Buildroot] [PATCH 1/1] iptables: fix userspace compilation of ip tables with C++

[Yann E. MORIN]

Matthew, All,

On 2014-11-18 07:48 -0600, Matthew Weber spake thusly:
[--SNIP--]
> I reposted on netfilter-devel and got clarification that the patch
> should probably have been a kernel patch, but the binary interface to
> iptables in the kernel has actually been replaced so this issue is
> deprecated.  I'll carry the patch in my build locally until we update
> our use of the API.

Well, the patch seems sensible. So maybe we could carry it in Buildroot?

> http://www.spinics.net/lists/netfilter-devel/msg33996.html

Still, there is a valid point in this reply: do we know of a FLOSS C++
package that uses the iptables binary interface?

If so, that would be interesting to see how they handle that situation.
And it would be a nice shoe to stick in the door so that patch can enter
the kernel.

Regards,
Yann E. MORIN.

-- 
.-----------------.--------------------.------------------.--------------------.
|  Yann E. MORIN  | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software  Designer | \ / CAMPAIGN     |  ___               |
| +33 223 225 172 `------------.-------:  X  AGAINST      |  \e/  There is no  |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL    |   v   conspiracy.  |
'------------------------------^-------^------------------^--------------------'