On 2022-06-16, at 15:48:18 -0700, Markus Mayer wrote: > Since libxt_NFLOG is now using the UAPI version of nf_log.h, it should > be bundled alongside the other netfilter kernel headers. Ah, yes. Agreed. J. > This copy of nf_log.h was taken from Linux 5.18. > > Signed-off-by: Markus Mayer <mmayer@xxxxxxxxxxxx> > --- > > Not bundling the header with iptables leads to one of two scenarios: > > * building iptables >=1.8.8 fails due to the missing header > > * building iptables >=1.8.8 succeeds, but silently uses the header copy it > finds under /usr/include/linux/netfilter, which may not match the version > of the other netfilter headers, resulting in a potential "Franken-build" > that would be difficult to detect (unlikely for nf_log.h, since it seems > pretty stable, but not impossible) > > include/linux/netfilter/nf_log.h | 15 +++++++++++++++ > 1 file changed, 15 insertions(+) > create mode 100644 include/linux/netfilter/nf_log.h > > diff --git a/include/linux/netfilter/nf_log.h b/include/linux/netfilter/nf_log.h > new file mode 100644 > index 000000000000..2ae00932d3d2 > --- /dev/null > +++ b/include/linux/netfilter/nf_log.h > @@ -0,0 +1,15 @@ > +/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ > +#ifndef _NETFILTER_NF_LOG_H > +#define _NETFILTER_NF_LOG_H > + > +#define NF_LOG_TCPSEQ 0x01 /* Log TCP sequence numbers */ > +#define NF_LOG_TCPOPT 0x02 /* Log TCP options */ > +#define NF_LOG_IPOPT 0x04 /* Log IP options */ > +#define NF_LOG_UID 0x08 /* Log UID owning local socket */ > +#define NF_LOG_NFLOG 0x10 /* Unsupported, don't reuse */ > +#define NF_LOG_MACDECODE 0x20 /* Decode MAC header */ > +#define NF_LOG_MASK 0x2f > + > +#define NF_LOG_PREFIXLEN 128 > + > +#endif /* _NETFILTER_NF_LOG_H */ > -- > 2.25.1 > >
Attachment:
signature.asc
Description: PGP signature
