Hi,
Am Mo. Nov. 14 15:01:57 2016 GMT+0100 schrieb Davide Caratti:
> On Fri, 2016-11-11 at 13:02 +0100, Davide Caratti wrote:
> >
> > > Is there a kernel side conflict between uapi and net/netns headers?
> >
> > Looks like a circular dependency is here, or nf_conntrack_tuple_common.h
> > is including the wrong netfilter.h. From within net/netns/conntrack.h I
> > can include only those UAPI files that don't include <linux/netfilter.h>
> > (for example, nf_conntrack_tcp.h that uses '2' instead of
> > IP_CT_DIR_MAX).
>
> hello Mikko,
>
> I looked at the dependency issue:
>
> current include/linux/netfilter.h needs include/net/net_namespace.h (i.e.
> nf_hook() needs struct net), and include/net/net_namespace.h needs
> include/net/netns/conntrack.h (i.e. struct net needs struct netns_ct).
>
> That's why it's not possible to do #include <linux/netfilter.h> in
> include/net/netns/conntrack.h, and it's not possible in
> include/net/netns/conntrack.h to include any linux/netfilter/*.h UAPI
> header where #include <linux/netfilter.h> line is present: the
> preprocessor will prefer including include/linux/netfilter.h before
> include/uapi/linux/netfilter.h, thus generating the dependency error.
Thanks for digging into this. In many other subsystems the kernel side headers start by including the matching uapi header and then add the kernel side stuff. It seems netfilter has not done this and the split to uapi is not always clear.
> One possible fix for the above issue is to modify
> include/uapi/nf_conntrack_tuple_common.h in a way that it avoids including
> <linux/netfilter.h> when kernel sources are being built, and still exposes
> to userspace applications the same contents as commit 1ffad83dffd6
> ("netfilter: fix include files for compilation"):
>
> <...>
> #include <linux/types.h>
> #ifndef __KERNEL__
> #include <linux/netfilter.h>
> #endif
> #include <linux/netfilter/nf_conntrack_common.h> /* for IP_CT_IS_REPLY */
> <...>
>
> BTW, include/uapi/linux/capi.h apparently does something similar with
> linux/kernelcapi.h. With the above change, also the output of
>
> $ pushd usr/include
> $ ../../scripts/headers_compile_test.sh -k | grep FAILED
> $ popd
>
> is preserved.
>
> Are you ok if I post a v2 where the above change (and a minor fix: use
> _UAPI_NF_CONNTRACK_TUPLE_COMMON_H in place of NF_CONNTRACK_TUPLE_COMMON_H
> on the first lines) is done to nf_conntrack_tuple_common.h?
Yes, this looks ok for me.
-Mikko
> regards,
> --
> davide
>
>
--
Sent from my Jolla��.n��������+%�������w��{.n����z�����n�r�������&��z�ޗ�zf���h���~����������_��+v���)ߣ�
