Re: src: remove dependency on libiptc headers

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Jan Engelhardt wrote:
> --- a/include/libiptc/libxtc.h
> +++ b/include/libiptc/libxtc.h
> @@ -20,8 +20,6 @@ extern "C" {
>  #define XT_ALIGN(s) (((s) + ((XT_MIN_ALIGN)-1)) & ~((XT_MIN_ALIGN)-1))
>  #endif
>  
> -typedef char xt_chainlabel[32];
> -
>  #define XTC_LABEL_ACCEPT  "ACCEPT"
>  #define XTC_LABEL_DROP    "DROP"
>  #define XTC_LABEL_QUEUE   "QUEUE"
> diff --git a/include/xtables.h.in b/include/xtables.h.in
> index 4ce73e9..51cb67d 100644
> --- a/include/xtables.h.in
> +++ b/include/xtables.h.in
> @@ -1,11 +1,12 @@
>  #ifndef _XTABLES_H
>  #define _XTABLES_H
>  
> +#include <sys/socket.h> /* PF_* */
>  #include <sys/types.h>
> +#include <stdbool.h>
> +#include <net/if.h>
>  #include <linux/types.h>
>  #include <linux/netfilter/x_tables.h>
> -#include <libiptc/libxtc.h>
> -#include <stdbool.h>
>  
>  #ifndef IPPROTO_SCTP
>  #define IPPROTO_SCTP 132
> @@ -22,12 +23,14 @@
>  
>  #define XTABLES_API_VERSION(x,y,z)    (0x10000*(x) + 0x100*(y) + z)
>  
> +struct in_addr;
> +
>  /* Include file for additions: new matches and targets. */
>  struct xtables_match
>  {
>  	struct xtables_match *next;
>  
> -	xt_chainlabel name;
> +	const char *name;
>  
>  	/* Revision of match (0 by default). */
>  	u_int8_t revision;
> @@ -83,7 +86,7 @@ struct xtables_target
>  {
>  	struct xtables_target *next;
>  
> -	xt_chainlabel name;
> +	const char *name;

This is breaking the ABI. You're replacing at field of 32 bytes by one
of 4 bytes.

As we discussed in your previous patch, if your intention is to export
the xtables.h file and make it a public API for other external clients,
you must understand that you should not change a single line of headers
otherwise you may end up breaking backward compatibility (compilation
and binary) for others.

BTW, about the C++ support for xtables. Would we provide support to such
external plugin here? I think that we'll end up telling that we don't
recommend C++ plugins for iptables. I think that we should remove that
support now.

-- 
"Los honestos son inadaptados sociales" -- Les Luthiers
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux