Hi Pablo,
Pablo Neira Ayuso writes:
> On Sat, Nov 17, 2018 at 10:28:56PM +0200, Baruch Siach wrote:
>> Pablo Neira Ayuso writes:
>> > On Fri, Nov 16, 2018 at 09:30:33AM +0200, Baruch Siach wrote:
>> >> Commit 672accf1530 (include: update kernel netfilter header files)
>> >> updated linux/netfilter.h and brought with it the update from kernel
>> >> commit a263653ed798 (netfilter: don't pull include/linux/netfilter.h
>> >> from netns headers). This triggers conflict of headers that is fixed in
>> >> kernel commit 279c6c7fa64f (api: fix compatibility of linux/in.h with
>> >> netinet/in.h) included in kernel version 4.2. For earlier kernel headers
>> >> we need a workaround that prevents the headers conflict.
>> >>
>> >> Fixes the following build failure:
>> >>
>> >> In file included from .../sysroot/usr/include/netinet/ip.h:25:0,
>> >> from ../include/libiptc/ipt_kernel_headers.h:8,
>> >> from ../include/libiptc/libiptc.h:6,
>> >> from libip4tc.c:29:
>> >> .../sysroot/usr/include/linux/in.h:26:3: error: redeclaration of enumerator ‘IPPROTO_IP’
>> >> IPPROTO_IP = 0, /* Dummy protocol for TCP */
>> >> ^
>> >> .../sysroot/usr/include/netinet/in.h:33:5: note: previous definition of ‘IPPROTO_IP’ was here
>> >> IPPROTO_IP = 0, /* Dummy protocol for TCP. */
>> >> ^~~~~~~~~~
>> >>
>> >> Cc: Florian Westphal <fw@xxxxxxxxx>
>> >> Signed-off-by: Baruch Siach <baruch@xxxxxxxxxx>
>> >> ---
>> >> include/linux/netfilter.h | 2 ++
>> >> 1 file changed, 2 insertions(+)
>> >>
>> >> diff --git a/include/linux/netfilter.h b/include/linux/netfilter.h
>> >> index c3f087ac680c..bacf8cd92116 100644
>> >> --- a/include/linux/netfilter.h
>> >> +++ b/include/linux/netfilter.h
>> >> @@ -3,7 +3,9 @@
>> >>
>> >> #include <linux/types.h>
>> >>
>> >> +#ifndef _NETINET_IN_H
>> >> #include <linux/in.h>
>> >> +#endif
>> >
>> > This is updating a cached copy of the kernel headers, we basically
>> > copy kernel headers and place in the userspace tree to make sure that
>> > iptables compiles standalone, without the need for kernel-headers to
>> > be installed in the system in order to simplify building process.
>> >
>> > I would like we don't have to modify this cached copy, so if you can
>> > find a way to update the userspace C files without touching the cached
>> > copy of the kernel header, that would be great. My concern is that
>> > this little tweak will go away once we update the cached copy anytime
>> > soon in the future.
>> >
>> > Thanks.
>>
>> I can't think of any better solution.
>>
>> A possible alternative would be to add '#define _LINUX_IN_H' in every
>> file that include netinet/in.h to suppress the kernel headern. This is a
>> bigger change, although is doesn't touch any cached kernel header as far
>> as I can see.
>>
>> Do you like this solution better?
>
> Probably we can consolidate this in one single spot, eg.
> iptables/nft.h ? So we only have to add this once.
I don't understand your suggestion. Both netfilter.h and netinet/in.h
are included in many places:
extensions/libxt_TEE.c:#include <linux/netfilter.h>
extensions/libxt_iprange.c:#include <linux/netfilter.h>
include/linux/netfilter/nf_nat.h:#include <linux/netfilter.h>
include/linux/netfilter_arp.h:#include <linux/netfilter.h>
include/linux/netfilter_ipv4.h:#include <linux/netfilter.h>
include/linux/netfilter_ipv6.h:#include <linux/netfilter.h>
include/linux/netfilter_ipv6/ip6t_NPT.h:#include <linux/netfilter.h>
include/linux/netfilter_ipv6/ip6t_srh.h:#include <linux/netfilter.h>
include/xtables.h:#include <linux/netfilter.h>
iptables/xtables-config-parser.y:#include <linux/netfilter.h>
libipq/libipq.c:#include <linux/netfilter.h>
extensions/libxt_TEE.c:#include <netinet/in.h>
extensions/libxt_TOS.c:#include <netinet/in.h>
extensions/libxt_sctp.c:#include <netinet/in.h>
extensions/libxt_tcp.c:#include <netinet/in.h>
include/libiptc/ipt_kernel_headers.h:#include <netinet/in.h>
include/xtables.h:#include <netinet/in.h>
iptables/nft-bridge.h:#include <netinet/in.h>
iptables/nft-ipv4.c:#include <netinet/in.h>
iptables/nft.c:#include <netinet/in.h> /* inet_ntoa */
iptables/xshared.h:#include <netinet/in.h>
iptables/xtables-arp.c:/* defined in netinet/in.h */
iptables/xtables-config-parser.y:#include <netinet/in.h>
iptables/xtables-monitor.c:#include <netinet/in.h>
libipq/libipq.c:#include <netinet/in.h>
utils/nfsynproxy.c:#include <netinet/in.h>
Which single place other than netfilter.h itself would solve the headers
conflict?
baruch
--
http://baruch.siach.name/blog/ ~. .~ Tk Open Systems
=}------------------------------------------------ooO--U--Ooo------------{=
- baruch@xxxxxxxxxx - tel: +972.52.368.4656, http://www.tkos.co.il -
