On Wed, Feb 22, 2023 at 01:07:15PM +0100, Phil Sutter wrote:
> On Wed, Feb 22, 2023 at 11:04:41AM +0100, Pablo Neira Ayuso wrote:
> > On Wed, Feb 22, 2023 at 08:23:49AM +0100, Thomas Devoogdt wrote:
> > > libxt_LOG.c:6:10: fatal error: linux/netfilter/xt_LOG.h: No such file or directory
> > > . #include <linux/netfilter/xt_LOG.h>
> > > ^~~~~~~~~~~~~~~~~~~~~~~~~~
> > >
> > > Linux < 3.4 defines are in include/linux/netfilter_ipv{4,6}/ipt_LOG.h,
> > > but the naming is slightly different, so just define it here as the values are the same.
> > >
> > > https://github.com/torvalds/linux/commit/6939c33a757bd006c5e0b8b5fd429fc587a4d0f4
> >
> > Probably you could add xt_LOG.h to iptables/include/linux/netfilter/ ?
> >
> > There are plenty of headers that are cached there to make sure
> > userspace compile with minimal external dependencies.
> >
> > xt_LOG.h is missing for some reason in that folder, but there are many
> > of xt_*.h files there.
>
> While being at it, how about caching all netfilter kernel headers we
> include? The only downside I see is that we may have to update them from
> time to time (in case new symbols land) but that's rare and the
> alternative is accidental breakages like above.
Caching _all_ dependencies is going to be hard, because it might pull
in lots of header files. The idea so far has been to find a reasonable
tradeoff, ensuring that iptables compilation is self-contained in a
best effort approach.
> WDYT? I'd volunteer to do it. :)
iptables already caches a lot of header files, as I said I don't
remember why this one has never been cached before.
