| Message ID | 1406648188-3681-1-git-send-email-pablo@netfilter.org |
|---|---|
| State | Superseded, archived |
| Delegated to: | David Miller |
| Headers | show |
> In e6f30c7 ("netfilter: x_tables: add xt_bpf match"), the internal > linux/filter.h header slipped through in the user exposed xt_bpf.h > header as included file. is that true? #include <linux/filter.h> should include include/uapi/linux/filter.h in userspace builds. > > +struct sk_filter; > + > struct xt_bpf_info { > __u16 bpf_program_num_elem; > struct sock_filter bpf_program[XT_BPF_MAX_NUM_INSTR]; I think include/uapi/linux/filter.h is still needed for the definition of struct sock_filter. The uapi file does not declare sk_filter, so we do need to add the forward declaration. Thanks, Pablo. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Tue, Jul 29, 2014 at 11:43:57AM -0400, Willem de Bruijn wrote: > > In e6f30c7 ("netfilter: x_tables: add xt_bpf match"), the internal > > linux/filter.h header slipped through in the user exposed xt_bpf.h > > header as included file. > > is that true? #include <linux/filter.h> should include > include/uapi/linux/filter.h in userspace builds. You're right. I'm going to send a v2. We should also cache the linux/filter.h header in the iptables sources, would you send a patch for that? Thanks. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Tue, Jul 29, 2014 at 12:05 PM, Pablo Neira Ayuso <pablo@netfilter.org> wrote: > On Tue, Jul 29, 2014 at 11:43:57AM -0400, Willem de Bruijn wrote: >> > In e6f30c7 ("netfilter: x_tables: add xt_bpf match"), the internal >> > linux/filter.h header slipped through in the user exposed xt_bpf.h >> > header as included file. >> >> is that true? #include <linux/filter.h> should include >> include/uapi/linux/filter.h in userspace builds. > > You're right. I'm going to send a v2. Thanks for fixing my bug. I agree that it's better to do this independent of the sk_filter/bpf_prog patch. > We should also cache the linux/filter.h header in the iptables > sources, would you send a patch for that? Thanks. Will do. Should I just import the latest version of the file, or is there a sync policy, such as that all kernel headers come from the same kernel release? > -- > To unsubscribe from this list: send the line "unsubscribe netdev" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Tue, Jul 29, 2014 at 12:35:00PM -0400, Willem de Bruijn wrote: > On Tue, Jul 29, 2014 at 12:05 PM, Pablo Neira Ayuso <pablo@netfilter.org> wrote: > > On Tue, Jul 29, 2014 at 11:43:57AM -0400, Willem de Bruijn wrote: > >> > In e6f30c7 ("netfilter: x_tables: add xt_bpf match"), the internal > >> > linux/filter.h header slipped through in the user exposed xt_bpf.h > >> > header as included file. > >> > >> is that true? #include <linux/filter.h> should include > >> include/uapi/linux/filter.h in userspace builds. > > > > You're right. I'm going to send a v2. > > Thanks for fixing my bug. I agree that it's better to do this > independent of the sk_filter/bpf_prog patch. > > > We should also cache the linux/filter.h header in the iptables > > sources, would you send a patch for that? Thanks. > > Will do. Should I just import the latest version of the file, or is > there a sync policy, such as that all kernel headers come from the > same kernel release? Right. The kernel header which is available after make headers_install. Thanks. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/include/uapi/linux/netfilter/xt_bpf.h b/include/uapi/linux/netfilter/xt_bpf.h index 5dda450..93fca65 100644 --- a/include/uapi/linux/netfilter/xt_bpf.h +++ b/include/uapi/linux/netfilter/xt_bpf.h @@ -1,11 +1,12 @@ #ifndef _XT_BPF_H #define _XT_BPF_H -#include <linux/filter.h> #include <linux/types.h> #define XT_BPF_MAX_NUM_INSTR 64 +struct sk_filter; + struct xt_bpf_info { __u16 bpf_program_num_elem; struct sock_filter bpf_program[XT_BPF_MAX_NUM_INSTR];
In e6f30c7 ("netfilter: x_tables: add xt_bpf match"), the internal linux/filter.h header slipped through in the user exposed xt_bpf.h header as included file. Fix this by defining struct sk_filter; so we skip the casting in kernelspace. This is safe since userspace has no way to lurk with that internal pointer. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> --- @David: This patch is very small and it can probably go into net, but it's quite late for changes in -rc7 probably. Your call :-). Thanks. include/uapi/linux/netfilter/xt_bpf.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)