Re: [RFC][PATCH] Hide private symbols in libnfnetlink

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Sat, Apr 28, 2018 at 8:45 AM, Jan Engelhardt <jengelh@xxxxxxx> wrote:
>
> On Saturday 2018-04-28 00:29, Yuri Gribov wrote:
>>--- a/Make_global.am
>>+++ b/Make_global.am
>>@@ -5,4 +5,4 @@
>> LIBVERSION=2:0:2
>>
>> AM_CPPFLAGS = -I$(top_srcdir)/include
>>-AM_CFLAGS = -Wall
>>+AM_CFLAGS = -Wall @VISFLAGS@
>
> Only use @@ in .am files when you must (like, left-hand sides).
> Otherwise, just ${VISFLAGS}.

Ok, thanks. LDSFLAGS probly have to keep using @@ as it contains
non-Bash friendly $(top_srcdir) syntax.

>>+dnl Visibility annotations...
>>+OLDCFLAGS="$CFLAGS"
>>+CFLAGS="$CFLAGS -fvisibility=hidden"
>>+VISFLAGS=
>>+AC_SUBST(VISFLAGS)
>>+AC_MSG_CHECKING(whether compiler supports visibility annotations)
>>+AC_COMPILE_IFELSE([AC_LANG_SOURCE([[void __attribute__((visibility("default"))) foo() {}]])],
>>+                  [AC_MSG_RESULT(yes); VISFLAGS='-DNFNL_ENABLE_VISIBILITY'],
>>+                  AC_MSG_RESULT(no))
>>+CFLAGS="$OLDCFLAGS"
>>+
>>+dnl Version scripts...
>>+OLDLDFLAGS="$LDFLAGS"
>>+LDFLAGS="$LDFLAGS -Wl,--version-script=$srcdir/nfnl.version"
>>+LDSFLAGS=
>>+AC_SUBST(LDSFLAGS)
>>+AC_MSG_CHECKING(whether linker accepts version scripts)
>>+AC_TRY_LINK(,,
>>+            [AC_MSG_RESULT(yes); LDSFLAGS='-Wl,--version-script=$(top_srcdir)/nfnl.version'];
>>+            AC_MSG_RESULT(no))
>>+LDFLAGS="$OLDLDFLAGS"
>
> I don't think most of this is needed in practice - just use -fvisibility and
> -Wl,-version-script unconditionally from Makefile.am, most of the netfilter
> utilities don't work with anything but GNU and Linux.

Ok, this would simplify things.

>>@@ -0,0 +1,4 @@
>>+{
>>+  global: nfnl*; nlif*;
>>+  local: *;
>>+};
>
> This ought to be
>
> NFNETLINK_1.0.1 {
>         global: <individual symbol list, no wildcards>...
>         local: *;
> };

TBH linker script might be an overkill here. All regular symbols in
headers are already handled via NFNL_EXPORT in headers. Sole linker
script purpose is to hide dummy symbols like __bss_start or _estart
coming from default linker script (I asked about this in Bintools ML:
https://sourceware.org/ml/binutils/2018-04/msg00326.html). So "global:
nfnl*; nlif*;" isn't as wildcardy as it may seem as it'll only see
symbols already marked with NLNF_EXPORT in headers.

-Y
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux