Re: [PATCH iptables 1/4] arptables-nft: use ARPT_INV flags consistently

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


On Fri, Nov 03, 2023 at 05:35:19PM +0100, Florian Westphal wrote:
> Phil Sutter <phil@xxxxxx> wrote:
> > Indeed, I broke the checks for ARPT_INV_ARPHLN in there. That needs a
> > fix either way.
> > 
> > The ARPT_INV_* defines are part of UAPI. They can't be removed without
> > breaking (or also converting?) legacy arptables.
> Its just a cached header.

Ah, you mean dropping them locally just to prevent reuse. Yeah, why not.

> > Either way, we're
> > breaking third-party arptables DSOs using them. Right now, they are only
> > broken with arptables-nft. No idea if such DSOs exist, but if
> > compatibility is to be taken seriously, there's no way around reverting
> > above commit (and reintroducing do_commandarp() or at least a wrapper
> > around the shared do_parse()).
> arptables-legacy doesn't support runtime extension loading.

Ah, that's great news!

> I'll post a patch to convert libarpt_mangle.c.

Cool, thanks!

[Index of Archives]     [Netfitler Users]     [Berkeley Packet Filter]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux