Rick Jones wrote: > I can see the appeal to an application since it does provide a nice > abstraction. Sure, but there was never any intention for it to be stable. iptables can change that library at any time, with no guarentee that any other apps trying to use it will keep working. >> The getsockopt() calls are part of the linux ABI. Using them is safe. >> You just need to make sure you handle the case that they aren't >> implemented. > > Time to go find their documentation then I suppose. I don't expect there is any, but I might be wrong. > Looks like struct ipt_getinfo and ip6t_getinfo are only in header files > that come with "iptables-dev?" They are defined in the kernel header files. It's a stable ABI, so creating a local copy is fine (which is what iptables does now... iptables used to require the presence of the kernel headers). -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
