On 07.09.2011 11:31, Pablo Neira Ayuso wrote: > On Tue, Sep 06, 2011 at 08:11:30PM +0200, Jan Engelhardt wrote: >> >> On Tuesday 2011-09-06 18:44, Anthony G. Basile wrote: >>>> >>>> Could anyone clarify why miniupnpd (or any other application) require >>>> this? >>>> >>>> Those headers contain structure layouts that may change along time >>>> without further notice, thus breaking backward compatibility. >>> >>> It makes use of >>> >>> union nf_conntrack_man_proto >>> struct nf_nat_range >>> struct nf_nat_multi_range_compat >> >> miniupnpd is fiddling with the binary representation. Yes, classic >> case of "all the xt headers are exported, just DNAT/SNAT's structs are not". >> >> Did miniupnpd consider using the text-based interface? > > The iptables NAT targets are using this binary representation, so we > should export those definitions. We gain nothing from keeping them > defined privately. > Agreed. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
