On Tue, Sep 06, 2011 at 12:44:53PM -0400, Anthony G. Basile wrote: > On 09/05/2011 01:48 PM, Pablo Neira Ayuso wrote: > > Those headers contain structure layouts that may change along time > > without further notice, thus breaking backward compatibility. > > > > It makes use of > > union nf_conntrack_man_proto > struct nf_nat_range > struct nf_nat_multi_range_compat I see, they are also used by the NAT target in iptables. So these structure definitions should be exported. > which are not available in any /usr/include/linux/netfilter header. It > needs these for its portfowarding when doing upnp. The solution in > Gentoo and other distros is to introduce a local tiny_nf_nat.h in the > miniupnpd source tree which defines these union/structs, like what > iptables does. This is indeed a good idea. Other net-tools keep a copy of the linux kernel headers that they need to compile. > Unlike iptables though, the miniupnpd developer expects > miniupnpd to -I/usr/src/linux/include which is worse. Since two > userland apps need this, and to discourage less than ideal workarounds, > it makes sense to make it available in include/linux/. In that case, I'd prefer to add a new file that contains only those structures to linux/, instead of the whole file with the internal NAT definitions. > Also, in answer to Jan, yes it would be best if these go into linux/ > rather than net/. > > Perhaps the approach here should be to introduce > linux/include/linux/netfilter/nf_nat.h which contains these structs and > is a sanitized version of net/netfilter/nf_nat.h, so that it doesn't > contain struct layouts that will break backwards compat. This also > address Jan's concern and a simple header-y += would install nf_nat.h in > the right place. This is exactly what I like, please do it this way. > > and BTW, no need to cross-post this message to such a huge list of CC. > > I guess you could simply use netfilter-devel for this. > > I followed what get_maintainer.pl gave me. I've removed all the > @vger.kernel.org lists except netfilter-devel@ Please re-add any you > think they should be there. Hm, interesting, that's quite spamming. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
