On Tue, Sep 06, 2011 at 08:11:30PM +0200, Jan Engelhardt wrote: > > On Tuesday 2011-09-06 18:44, Anthony G. Basile wrote: > >> > >> Could anyone clarify why miniupnpd (or any other application) require > >> this? > >> > >> Those headers contain structure layouts that may change along time > >> without further notice, thus breaking backward compatibility. > > > >It makes use of > > > > union nf_conntrack_man_proto > > struct nf_nat_range > > struct nf_nat_multi_range_compat > > miniupnpd is fiddling with the binary representation. Yes, classic > case of "all the xt headers are exported, just DNAT/SNAT's structs are not". > > Did miniupnpd consider using the text-based interface? The iptables NAT targets are using this binary representation, so we should export those definitions. We gain nothing from keeping them defined privately. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
