The library "owns" this structure and maintains 'afinfo' pointer to
instances of it. With libxt_set, there's even an extension making use of
the data.
To avoid impact on library users, guard it by XTABLES_INTERNAL.
To eliminate the xshared.h include by libxt_set, DEBUGP has to be
redefined. Other extensions have similar defines, fix this later.
Signed-off-by: Phil Sutter <phil@xxxxxx>
---
extensions/libxt_set.c | 6 ++++++
extensions/libxt_set.h | 1 -
include/xtables.h | 22 ++++++++++++++++++++++
iptables/xshared.h | 22 ----------------------
4 files changed, 28 insertions(+), 23 deletions(-)
diff --git a/extensions/libxt_set.c b/extensions/libxt_set.c
index 16921023a22f8..a2137ab1eb180 100644
--- a/extensions/libxt_set.c
+++ b/extensions/libxt_set.c
@@ -22,6 +22,12 @@
#include <linux/netfilter/xt_set.h>
#include "libxt_set.h"
+#ifdef DEBUG
+#define DEBUGP(x, args...) fprintf(stderr, x, ## args)
+#else
+#define DEBUGP(x, args...)
+#endif
+
/* Revision 0 */
static void
diff --git a/extensions/libxt_set.h b/extensions/libxt_set.h
index ad895a7504d9d..597bf7ebe575a 100644
--- a/extensions/libxt_set.h
+++ b/extensions/libxt_set.h
@@ -6,7 +6,6 @@
#include <sys/types.h>
#include <sys/socket.h>
#include <errno.h>
-#include "../iptables/xshared.h"
static int
get_version(unsigned *version)
diff --git a/include/xtables.h b/include/xtables.h
index f1937f3ea0530..b8d8372d0e498 100644
--- a/include/xtables.h
+++ b/include/xtables.h
@@ -665,6 +665,28 @@ void xtables_announce_chain(const char *name);
extern void _init(void);
+/**
+ * xtables_afinfo - protocol family dependent information
+ * @kmod: kernel module basename (e.g. "ip_tables")
+ * @proc_exists: file which exists in procfs when module already loaded
+ * @libprefix: prefix of .so library name (e.g. "libipt_")
+ * @family: nfproto family
+ * @ipproto: used by setsockopt (e.g. IPPROTO_IP)
+ * @so_rev_match: optname to check revision support of match
+ * @so_rev_target: optname to check revision support of target
+ */
+struct xtables_afinfo {
+ const char *kmod;
+ const char *proc_exists;
+ const char *libprefix;
+ uint8_t family;
+ uint8_t ipproto;
+ int so_rev_match;
+ int so_rev_target;
+};
+
+extern const struct xtables_afinfo *afinfo;
+
#endif /* XTABLES_INTERNAL */
#ifdef __cplusplus
diff --git a/iptables/xshared.h b/iptables/xshared.h
index 1d6b9bf4ee9b7..1fdc760a32442 100644
--- a/iptables/xshared.h
+++ b/iptables/xshared.h
@@ -75,26 +75,6 @@ struct xtables_target;
#define IPT_INV_ARPOP 0x0400
#define IPT_INV_ARPHRD 0x0800
-/**
- * xtables_afinfo - protocol family dependent information
- * @kmod: kernel module basename (e.g. "ip_tables")
- * @proc_exists: file which exists in procfs when module already loaded
- * @libprefix: prefix of .so library name (e.g. "libipt_")
- * @family: nfproto family
- * @ipproto: used by setsockopt (e.g. IPPROTO_IP)
- * @so_rev_match: optname to check revision support of match
- * @so_rev_target: optname to check revision support of target
- */
-struct xtables_afinfo {
- const char *kmod;
- const char *proc_exists;
- const char *libprefix;
- uint8_t family;
- uint8_t ipproto;
- int so_rev_match;
- int so_rev_target;
-};
-
/* trick for ebtables-compat, since watchers are targets */
struct ebt_match {
struct ebt_match *next;
@@ -187,8 +167,6 @@ int parse_counters(const char *string, struct xt_counters *ctr);
bool tokenize_rule_counters(char **bufferp, char **pcnt, char **bcnt, int line);
bool xs_has_arg(int argc, char *argv[]);
-extern const struct xtables_afinfo *afinfo;
-
#define MAX_ARGC 255
struct argv_store {
int argc;
--
2.34.1
