Re: Recompile iptables

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi

So, If we had made any changes ipt_entry structure in our existing kernel,
If
 we want the change to be percolated to iptables-1.4.12.2, then we have 
to make corresponding changes in ipt_entry structure of ip_tables.h of 
iptables-1.4.12.2/include directory. (Apply it as a patch).
So that both iptables and kernel are in sync.
Simply
 by using -with-ksource option would not suffice. As in the include 
path, build_dir/include path comes first and then kernel source include 
path.
Please correct me If I am wrong.

Regards,
Gopi



----- Original Message -----
From: Jan Engelhardt <jengelh@xxxxxxxxxx>
To: Rob Sterenborg (lists) <lists@xxxxxxxxxxxxxxx>
Cc: "netfilter@xxxxxxxxxxxxxxx" <netfilter@xxxxxxxxxxxxxxx>; gopimallikharjun@xxxxxxxxx
Sent: Thursday, March 29, 2012 1:45 PM
Subject: Re: Recompile iptables

On Thursday 2012-03-29 09:29, Rob Sterenborg (lists) wrote:

>On Thu, 2012-03-29 at 00:01 -0700, gopi bhimavarapu wrote:
>> Hi
>> 
>> I need to recompile the iptables userspace program using the include
>> files of my kernel. (which has specific improvements in ipt_entry structure).
>> I am using iptables-1.4.12.2 and ussing --with-ksource option and giving my
>> kernels include directory.
>> Even then, ipt_entry sturcture of iptables-1.4.12.2/include is getting precedence.
>> How can I force it to take my include files.

# Rob, don't strip Ccs.

Nah, the issue really is that ${kinclude_CPPFLAGS} comes after 
-I${top_builddir}/include -I${top_srcdir}/include in 
extensions/GNUmakefile.in near AM_CPPFLAGS=.

And as I try to find a reason (use case) why we even still have 
--with-ksource — iptables is completely independent of it —, I guess it 
is so that one does not have to copy forth and back header files when 
developing a *new, previously non-existing extension*. For that, 
placement of ${kinclude_CPPFLAGS} at the end of line is sufficient.

Note that by changing ipt_entry, you are making yourself incompatible to 
everyone and everything.

>Besides, if you checked ./configure --help, it says that --with-ksource
>should point to '/lib/modules/CURRENT/source', not
>'/lib/modules/CURRENT/source/include' which is what you seem to have
>done.

--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux