Hi Gustavo, On Sun, Jul 19, 2020 at 10:34:01AM -0500, Gustavo A. R. Silva wrote: > Please, see this: > > https://git.kernel.org/linus/1e6e9d0f4859ec698d55381ea26f4136eff3afe1 > > We are refraining from doing flexible-array conversions in UAPI, for now. Oh, thanks for clarifying. Still, gcc spits out warnings about it when compiling iptables. I see several options and their downsides: - Convert iptables' copy of UAPI headers only and maintain the divergence in future. - Compile iptables with -Wno-stringop-overflow, losing the checks in valid cases. Not sure if we may just define that we know how structs in ip_tables.h and ip6_tables.h are (supposed to) being used and just change it anyway. BTW: The commit above link points at mentions structs possibly being embedded as the rationale for keeping things as-is. Yet structs ipt_entry and ip6t_entry are already embedded into other structs within the same header file. Seems like gcc is fine with that as long as they occupy the last field. And that even if they are declared as zero-length array themselves, which means indexes can't be used to address individual items. Cheers, Phil
