Re: [PATCH nf-next 1/4] netfilter: nf_conntrack_tuple_common.h: fix #include

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Fri, 2016-11-11 at 13:02 +0100, Davide Caratti wrote:
> 
> > Is there a kernel side conflict between uapi and net/netns headers?
> 
> Looks like a circular dependency is here, or nf_conntrack_tuple_common.h
> is including the wrong netfilter.h. From within net/netns/conntrack.h I
> can include only those UAPI files that don't include <linux/netfilter.h>
> (for example, nf_conntrack_tcp.h that uses '2' instead of
> IP_CT_DIR_MAX).

hello Mikko,

I looked at the dependency issue:

current include/linux/netfilter.h needs include/net/net_namespace.h (i.e.
nf_hook() needs struct net), and include/net/net_namespace.h needs
include/net/netns/conntrack.h (i.e. struct net needs struct netns_ct).

That's why it's not possible to do #include <linux/netfilter.h> in
include/net/netns/conntrack.h, and it's not possible in
include/net/netns/conntrack.h to include any linux/netfilter/*.h UAPI
header where #include <linux/netfilter.h> line is present: the
preprocessor will prefer including include/linux/netfilter.h before
include/uapi/linux/netfilter.h, thus generating the dependency error.

One possible fix for the above issue is to modify
include/uapi/nf_conntrack_tuple_common.h in a way that it avoids including
<linux/netfilter.h> when kernel sources are being built, and still exposes
to userspace applications the same contents as commit 1ffad83dffd6
("netfilter: fix include files for compilation"):

<...>
#include <linux/types.h>
#ifndef __KERNEL__
#include <linux/netfilter.h>
#endif
#include <linux/netfilter/nf_conntrack_common.h> /* for IP_CT_IS_REPLY */
<...>

BTW, include/uapi/linux/capi.h apparently does something similar with
linux/kernelcapi.h. With the above change, also the output of 

$ pushd usr/include
$ ../../scripts/headers_compile_test.sh -k | grep FAILED
$ popd

is preserved.

Are you ok if I post a v2 where the above change (and a minor fix: use
_UAPI_NF_CONNTRACK_TUPLE_COMMON_H in place of NF_CONNTRACK_TUPLE_COMMON_H
on the first lines) is done to nf_conntrack_tuple_common.h?

regards,
--
davide

--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux