In a previous patch-series [0], I removed all netfilter headers from the blacklist of headers which could not be compiled standalone. I did so by fixing the specific compilation failures of the headers in the list, usually by adding a preprocessor conditional to check whether a particu- lar config option was enabled and disable some function definition or struct member which depended on that option. While this was effective, it was not wholly satisfactory since it left a scattering of seemingly random ifdefs throughout the headers. 0 - https://lore.kernel.org/netfilter-devel/20190813113657.GB4840@xxxxxxxxxx/T/ The reason why these ad-hoc conditionals were necessary is that there were inconsistencies in how existing checks were used to disable code when particular options were turned off. For example, a header A.h might define a struct S which was only available if a particular config option C was enabled, but A.h might be included by header B.h, which defined a struct T with a struct S member without checking for C. If A.h and B.h were included in X.c, which was only compiled if C was enabled, everything worked as expected; however, trying to compile B.h standalone when C was disabled would result in a compilation failure. In the previous versions of this patch-series, I attempted to provide a more comprehensive solution by identifying the config options relevant to each header and adding the appropriate conditionals to it where they do not already exist. However, based on feedback and looking at some other examples, it became apparent that a better approach was to endeavour to fix the inconsistencies that made the new config checks necessary, with a view to removing as many of them as possible. Changes since v2: * squashed several of the earlier patches; * dropped the SPDX patch; * dropped most of the later patches adding config checks; * added a patch fixing the paramter type of a stub function. * added a number of new patches removing config checks. Changes since v1: * fixes for build errors reported by the kbuild test robot; * corrected placement of new NF_TPROXY config option. Jeremy Sowden (18): netfilter: fix include guards. netfilter: fix coding-style errors. netfilter: remove unused function declarations. netfilter: inline three headers. netfilter: update include directives. netfilter: remove nf_conntrack_icmpv6.h header. netfilter: move inline function to a more appropriate header. netfilter: move code between synproxy headers. netfilter: move struct definition function to a more appropriate header. netfilter: use consistent style when defining inline functions in nf_conntrack_ecache.h. netfilter: replace defined(CONFIG...) || defined(CONFIG...MODULE) with IS_ENABLED(CONFIG...). netfilter: wrap two inline functions in config checks. netfilter: update stub br_nf_pre_routing_ipv6 parameter to `void *priv`. netfilter: move nf_conntrack code to linux/nf_conntrack_common.h. netfilter: remove CONFIG_NF_CONNTRACK check from nf_conntrack_acct.h. netfilter: remove CONFIG_NETFILTER checks from headers. netfilter: remove CONFIG_NF_CONNTRACK checks from nf_conntrack_zones.h. netfilter: remove two unused functions from nf_conntrack_timestamp.h. include/linux/netfilter.h | 4 +- .../linux/netfilter/ipset/ip_set_getport.h | 2 +- include/linux/netfilter/nf_conntrack_common.h | 20 +++++ include/linux/netfilter/x_tables.h | 8 +- include/linux/netfilter/xt_hashlimit.h | 11 --- include/linux/netfilter/xt_physdev.h | 8 -- include/linux/netfilter_arp/arp_tables.h | 2 - include/linux/netfilter_bridge.h | 7 ++ include/linux/netfilter_bridge/ebt_802_3.h | 12 --- include/linux/netfilter_bridge/ebtables.h | 3 +- include/linux/netfilter_ipv4/ip_tables.h | 9 +- include/linux/netfilter_ipv6.h | 28 +++++-- include/linux/netfilter_ipv6/ip6_tables.h | 20 +---- include/linux/skbuff.h | 32 ++++--- include/net/netfilter/br_netfilter.h | 4 +- .../net/netfilter/ipv6/nf_conntrack_icmpv6.h | 21 ----- include/net/netfilter/nf_conntrack.h | 25 ++---- include/net/netfilter/nf_conntrack_acct.h | 4 +- include/net/netfilter/nf_conntrack_bridge.h | 11 +-- include/net/netfilter/nf_conntrack_core.h | 8 +- include/net/netfilter/nf_conntrack_ecache.h | 84 +++++++++++-------- include/net/netfilter/nf_conntrack_expect.h | 2 +- include/net/netfilter/nf_conntrack_extend.h | 2 +- include/net/netfilter/nf_conntrack_l4proto.h | 16 ++-- include/net/netfilter/nf_conntrack_labels.h | 11 ++- include/net/netfilter/nf_conntrack_synproxy.h | 41 +-------- include/net/netfilter/nf_conntrack_timeout.h | 4 + .../net/netfilter/nf_conntrack_timestamp.h | 16 ---- include/net/netfilter/nf_conntrack_tuple.h | 4 +- include/net/netfilter/nf_conntrack_zones.h | 6 +- include/net/netfilter/nf_flow_table.h | 6 +- include/net/netfilter/nf_nat.h | 21 ++--- include/net/netfilter/nf_nat_masquerade.h | 1 + include/net/netfilter/nf_queue.h | 4 - include/net/netfilter/nf_synproxy.h | 44 +++++++++- include/net/netfilter/nf_tables.h | 8 -- net/bridge/netfilter/ebt_802_3.c | 8 +- net/bridge/netfilter/nf_conntrack_bridge.c | 15 ++-- net/ipv4/netfilter/Kconfig | 8 +- net/ipv4/netfilter/Makefile | 2 +- net/ipv6/netfilter.c | 4 +- net/ipv6/netfilter/ip6t_ipv6header.c | 4 +- net/ipv6/netfilter/nf_log_ipv6.c | 4 +- net/ipv6/netfilter/nf_socket_ipv6.c | 1 - net/netfilter/Kconfig | 8 +- net/netfilter/Makefile | 2 +- net/netfilter/nf_conntrack_ecache.c | 1 + net/netfilter/nf_conntrack_expect.c | 2 + net/netfilter/nf_conntrack_helper.c | 5 +- net/netfilter/nf_conntrack_proto_icmpv6.c | 1 - net/netfilter/nf_conntrack_standalone.c | 1 - net/netfilter/nf_conntrack_timeout.c | 1 + net/netfilter/nf_flow_table_core.c | 1 + net/netfilter/nf_nat_core.c | 6 +- net/netfilter/nft_flow_offload.c | 3 +- net/netfilter/xt_connlimit.c | 2 + net/netfilter/xt_hashlimit.c | 7 +- net/netfilter/xt_physdev.c | 5 +- net/sched/act_ct.c | 2 +- 59 files changed, 265 insertions(+), 337 deletions(-) delete mode 100644 include/linux/netfilter/xt_hashlimit.h delete mode 100644 include/linux/netfilter/xt_physdev.h delete mode 100644 include/linux/netfilter_bridge/ebt_802_3.h delete mode 100644 include/net/netfilter/ipv6/nf_conntrack_icmpv6.h -- 2.23.0
