Hi Jan, Can we step back for a minute and review exactly how this patch originated? ebtables would not build on my system and I submitted a patch to fix that which was accepted as commit 66a97018a31eed416c6a25d051ea172e4d65be1b. Some days later, I received the message as you saw in https://marc.info/?l=netfilter-devel&m=152739396729786&w=3 advising to use double-quotes in some angle-bracketed includes. Using gcc -E to view preprocessor output, I investigated behaviour on my system and was *most* surprised to find angle-bracked includes would pick up local headers, if they existed in directories nominated by -I preprocessor directives. On that basis, I submitted https://marc.info/?l=netfilter-devel&m=152739686630862&w=3 with double quotes for all local headers. Pablo indicated, in https://marc.info/?l=netfilter-devel&m=152809952205113&w=3, a concern that "this may trigger similar patches for all of the userspace netfilter repository sooner or later". I volunteered to get on with that job. Now to your email: I re-tested preprocessor output using ip6tables.c, which uses xtables.h as you highlight below. I restored an iptables that preceded the current patch: > 12:19:16$ head -n50 ip6tables.c > /* Code to take an ip6tables-style command line and do it. */ > > /* > * Author: Paul.Russell@xxxxxxxxxxxxxxx and mneuling@xxxxxxxxxxxxxxx > * > * (C) 2000-2002 by the netfilter coreteam <coreteam@xxxxxxxxxxxxx>: > * Paul 'Rusty' Russell <rusty@xxxxxxxxxxxxxxx> > * Marc Boucher <marc+nf@xxxxxxx> > * James Morris <jmorris@xxxxxxxxxxxxxxxx> > * Harald Welte <laforge@xxxxxxxxxxxx> > * Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx> > * > * This program is free software; you can redistribute it and/or modify > * it under the terms of the GNU General Public License as published by > * the Free Software Foundation; either version 2 of the License, or > * (at your option) any later version. > * > * This program is distributed in the hope that it will be useful, > * but WITHOUT ANY WARRANTY; without even the implied warranty of > * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the > * GNU General Public License for more details. > * > * You should have received a copy of the GNU General Public License > * along with this program; if not, write to the Free Software > * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. > */ > > #include <getopt.h> > #include <string.h> > #include <netdb.h> > #include <errno.h> > #include <stdio.h> > #include <stdlib.h> > #include <ctype.h> > #include <stdarg.h> > #include <stdbool.h> > #include <limits.h> > #include <ip6tables.h> > #include <xtables.h> > #include <arpa/inet.h> > #include <unistd.h> > #include <fcntl.h> > #include <sys/types.h> > #include <sys/socket.h> > #include "ip6tables-multi.h" > #include "xshared.h" > > #ifndef TRUE > #define TRUE 1 > #endif After building, I ran: > gcc -DHAVE_CONFIG_H -I. -I.. -D_LARGEFILE_SOURCE=1 -D_LARGE_FILES -D_FILE_OFFSET_BITS=64 -D_REENTRANT -DXTABLES_LIBDIR=\"/usr/lib64/xtables\" -DXTABLES_INTERNAL -I../include -I../include -I.. -DENABLE_IPV4 -DENABLE_IPV6 -MT xtables_multi-ip6tables.o -MD -MP -MF .deps/xtables_multi-ip6tables.Tpo -E -C -o ip6tables.i ip6tables.c i.e. using all the preprocessor options found in the log of the build. You might like to try it yourself (it only works after you have done a build) to see whether you get the same result. In detail: On Tue, Jun 05, 2018 at 09:50:33PM +0200, Jan Engelhardt wrote: > > On Tuesday 2018-06-05 20:04, Duncan Roe wrote: > >diff --git a/include/ip6tables.h b/include/ip6tables.h > >index 5f1c5b6..d95953e 100644 > >--- a/include/ip6tables.h > >+++ b/include/ip6tables.h > >@@ -2,8 +2,8 @@ > > #define _IP6TABLES_USER_H > > > > #include <netinet/ip.h> > >-#include <xtables.h> > >-#include <libiptc/libip6tc.h> > >+#include "xtables.h" > >+#include "libiptc/libip6tc.h" > > #include <iptables/internal.h> > > Whereas the other patches so far seemed to be mostly cosmetic, this one is > factually wrong. > > ip6tables.h (and other files) get installed into /usr/include (as does > xtables.h), so you *DO* want <xtables.h> all the time. ip6tables.i shows: > 8928 # 1 "../include/xtables.h" 1 demonstrating that the preprocessor has searched the -I directories before /usr/include. This is the point of the patch: code to show what actually happens rather than what someone hopes will happen. > > >diff --git a/include/linux/filter.h b/include/linux/filter.h > >index a9ae93c..dc14392 100644 > >--- a/include/linux/filter.h > >+++ b/include/linux/filter.h > >@@ -6,7 +6,7 @@ > > #define __LINUX_FILTER_H__ > > > > > >-#include <linux/types.h> > >+#include "linux/types.h" > > This is a pointless exercise, these files (include/linux/) are copied from the > kernel, so any modifications will be lost at some point in the future. Same as last time: > 9429 # 1 "../include/linux/types.h" 1 In a perverse way you are almost right except you have the sentence order wrong: any modifications at some point in the future will paas this code by. Cheers ... Duncan. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
