| Message ID | 20180720144113.24268-1-ffmancera@riseup.net |
|---|---|
| State | Changes Requested |
| Delegated to: | Pablo Neira |
| Headers | show |
| Series | [1/3,nf-next,v2] netfilter: nf_osf: rename nf_osf.c to nfnetlink_osf.c | expand |
On Fri, Jul 20, 2018 at 04:41:11PM +0200, Fernando Fernandez Mancera wrote: > Rename nf_osf.c to nfnetlink_osf.c as we introduce nfnetlink_osf which is > the OSF infraestructure. > > Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net> > --- > .../linux/netfilter/{nf_osf.h => nfnetlink_osf.h} | 2 +- > .../linux/netfilter/{nf_osf.h => nfnetlink_osf.h} | 6 +++--- > include/uapi/linux/netfilter/xt_osf.h | 2 +- > net/netfilter/Kconfig | 15 ++++++++++----- > net/netfilter/Makefile | 2 +- > net/netfilter/{nf_osf.c => nfnetlink_osf.c} | 2 +- > 6 files changed, 17 insertions(+), 12 deletions(-) > rename include/linux/netfilter/{nf_osf.h => nfnetlink_osf.h} (95%) > rename include/uapi/linux/netfilter/{nf_osf.h => nfnetlink_osf.h} (96%) The uapi file we cannot rename. Anything in the uapi folder is set in stone forever. > rename net/netfilter/{nf_osf.c => nfnetlink_osf.c} (99%) So just rename nf_osf.c to nfnetlink_osf.c. Thanks! -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Monday 2018-07-23 12:06, Pablo Neira Ayuso wrote: >On Fri, Jul 20, 2018 at 04:41:11PM +0200, Fernando Fernandez Mancera wrote: >> Rename nf_osf.c to nfnetlink_osf.c as we introduce nfnetlink_osf which is >> the OSF infraestructure. >> >> Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net> >> --- >> .../linux/netfilter/{nf_osf.h => nfnetlink_osf.h} | 2 +- >> .../linux/netfilter/{nf_osf.h => nfnetlink_osf.h} | 6 +++--- >> include/uapi/linux/netfilter/xt_osf.h | 2 +- >> net/netfilter/Kconfig | 15 ++++++++++----- >> net/netfilter/Makefile | 2 +- >> net/netfilter/{nf_osf.c => nfnetlink_osf.c} | 2 +- >> 6 files changed, 17 insertions(+), 12 deletions(-) >> rename include/linux/netfilter/{nf_osf.h => nfnetlink_osf.h} (95%) >> rename include/uapi/linux/netfilter/{nf_osf.h => nfnetlink_osf.h} (96%) > >The uapi file we cannot rename. Anything in the uapi folder is set in >stone forever. Userspace such as iptables keeps copies of header files so that it always builds no matter what set of files the kernel offers. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Mon, Jul 23, 2018 at 12:26:31PM +0200, Jan Engelhardt wrote: > On Monday 2018-07-23 12:06, Pablo Neira Ayuso wrote: > > >On Fri, Jul 20, 2018 at 04:41:11PM +0200, Fernando Fernandez Mancera wrote: > >> Rename nf_osf.c to nfnetlink_osf.c as we introduce nfnetlink_osf which is > >> the OSF infraestructure. > >> > >> Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net> > >> --- > >> .../linux/netfilter/{nf_osf.h => nfnetlink_osf.h} | 2 +- > >> .../linux/netfilter/{nf_osf.h => nfnetlink_osf.h} | 6 +++--- > >> include/uapi/linux/netfilter/xt_osf.h | 2 +- > >> net/netfilter/Kconfig | 15 ++++++++++----- > >> net/netfilter/Makefile | 2 +- > >> net/netfilter/{nf_osf.c => nfnetlink_osf.c} | 2 +- > >> 6 files changed, 17 insertions(+), 12 deletions(-) > >> rename include/linux/netfilter/{nf_osf.h => nfnetlink_osf.h} (95%) > >> rename include/uapi/linux/netfilter/{nf_osf.h => nfnetlink_osf.h} (96%) > > > >The uapi file we cannot rename. Anything in the uapi folder is set in > >stone forever. > > Userspace such as iptables keeps copies of header files so that it > always builds no matter what set of files the kernel offers. Right, but we cannot assume users use iptables, they may develop their own applications based on our binary interface. But I think this rename is fine given uapi/linux/netfilter/nf_osf.h did not have users so far, given that this is only useful for nft_osf. Fernando, would you send a patch rename the header to nfnetlink_osf.h as Jan suggested? I suggest you add a Suggested-by: tag. Explain in the commit message that first client of this is nft_osf. Thanks. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Monday 2018-07-30 14:23, Pablo Neira Ayuso wrote: > >Right, but we cannot assume users use iptables, they may develop their >own applications based on our binary interface. But if iptables does the file copy, and nftables does the same copy, then by that pattern, all applications, his own including, should do such a copy. Which is how I remember it... -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/include/linux/netfilter/nf_osf.h b/include/linux/netfilter/nfnetlink_osf.h similarity index 95% rename from include/linux/netfilter/nf_osf.h rename to include/linux/netfilter/nfnetlink_osf.h index 7d0947d6ef16..53c3397fd608 100644 --- a/include/linux/netfilter/nf_osf.h +++ b/include/linux/netfilter/nfnetlink_osf.h @@ -1,4 +1,4 @@ -#include <uapi/linux/netfilter/nf_osf.h> +#include <uapi/linux/netfilter/nfnetlink_osf.h> /* Initial window size option state machine: multiple of mss, mtu or * plain numeric value. Can also be made as plain numeric value which diff --git a/include/uapi/linux/netfilter/nf_osf.h b/include/uapi/linux/netfilter/nfnetlink_osf.h similarity index 96% rename from include/uapi/linux/netfilter/nf_osf.h rename to include/uapi/linux/netfilter/nfnetlink_osf.h index 3738116b2bbe..7c3c79d48289 100644 --- a/include/uapi/linux/netfilter/nf_osf.h +++ b/include/uapi/linux/netfilter/nfnetlink_osf.h @@ -1,5 +1,5 @@ -#ifndef _NF_OSF_H -#define _NF_OSF_H +#ifndef _NFNETLINK_OSF_H +#define _NFNETLINK_OSF_H #include <linux/types.h> @@ -94,4 +94,4 @@ enum nf_osf_attr_type { OSF_ATTR_MAX, }; -#endif /* _NF_OSF_H */ +#endif /* _NFNETLINK_OSF_H */ diff --git a/include/uapi/linux/netfilter/xt_osf.h b/include/uapi/linux/netfilter/xt_osf.h index b189007f4f28..5d2e3cae6201 100644 --- a/include/uapi/linux/netfilter/xt_osf.h +++ b/include/uapi/linux/netfilter/xt_osf.h @@ -23,7 +23,7 @@ #include <linux/types.h> #include <linux/ip.h> #include <linux/tcp.h> -#include <linux/netfilter/nf_osf.h> +#include <linux/netfilter/nfnetlink_osf.h> #define XT_OSF_GENRE NF_OSF_GENRE #define XT_OSF_INVERT NF_OSF_INVERT diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig index e0ab50c58dc4..3e5334997062 100644 --- a/net/netfilter/Kconfig +++ b/net/netfilter/Kconfig @@ -46,6 +46,14 @@ config NETFILTER_NETLINK_LOG and is also scheduled to replace the old syslog-based ipt_LOG and ip6t_LOG modules. +config NETFILTER_NETLINK_OSF + tristate "Netfilter OSF over NFNETLINK interface" + depends on NETFILTER_ADVANCED + select NETFILTER_NETLINK + help + If this option is enabled, the kernel will include support + for passive OS fingerprint via NFNETLINK. + config NF_CONNTRACK tristate "Netfilter connection tracking support" default m if NETFILTER_ADVANCED=n @@ -442,9 +450,6 @@ config NETFILTER_SYNPROXY endif # NF_CONNTRACK -config NF_OSF - tristate - config NF_TABLES select NETFILTER_NETLINK tristate "Netfilter nf_tables support" @@ -1379,8 +1384,8 @@ config NETFILTER_XT_MATCH_NFACCT config NETFILTER_XT_MATCH_OSF tristate '"osf" Passive OS fingerprint match' - depends on NETFILTER_ADVANCED && NETFILTER_NETLINK - select NF_OSF + depends on NETFILTER_ADVANCED + select NETFILTER_NETLINK_OSF help This option selects the Passive OS Fingerprinting match module that allows to passively match the remote operating system by diff --git a/net/netfilter/Makefile b/net/netfilter/Makefile index 53bd1ed1228a..150a4eb2373a 100644 --- a/net/netfilter/Makefile +++ b/net/netfilter/Makefile @@ -20,6 +20,7 @@ obj-$(CONFIG_NETFILTER_NETLINK) += nfnetlink.o obj-$(CONFIG_NETFILTER_NETLINK_ACCT) += nfnetlink_acct.o obj-$(CONFIG_NETFILTER_NETLINK_QUEUE) += nfnetlink_queue.o obj-$(CONFIG_NETFILTER_NETLINK_LOG) += nfnetlink_log.o +obj-$(CONFIG_NETFILTER_NETLINK_OSF) += nfnetlink_osf.o # connection tracking obj-$(CONFIG_NF_CONNTRACK) += nf_conntrack.o @@ -107,7 +108,6 @@ obj-$(CONFIG_NFT_HASH) += nft_hash.o obj-$(CONFIG_NFT_FIB) += nft_fib.o obj-$(CONFIG_NFT_FIB_INET) += nft_fib_inet.o obj-$(CONFIG_NFT_FIB_NETDEV) += nft_fib_netdev.o -obj-$(CONFIG_NF_OSF) += nf_osf.o obj-$(CONFIG_NFT_SOCKET) += nft_socket.o # nf_tables netdev diff --git a/net/netfilter/nf_osf.c b/net/netfilter/nfnetlink_osf.c similarity index 99% rename from net/netfilter/nf_osf.c rename to net/netfilter/nfnetlink_osf.c index f4c75e982902..7a8cc8bae714 100644 --- a/net/netfilter/nf_osf.c +++ b/net/netfilter/nfnetlink_osf.c @@ -18,7 +18,7 @@ #include <linux/netfilter/nfnetlink.h> #include <linux/netfilter/x_tables.h> #include <net/netfilter/nf_log.h> -#include <linux/netfilter/nf_osf.h> +#include <linux/netfilter/nfnetlink_osf.h> static inline int nf_osf_ttl(const struct sk_buff *skb, int ttl_check, unsigned char f_ttl)
Rename nf_osf.c to nfnetlink_osf.c as we introduce nfnetlink_osf which is the OSF infraestructure. Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net> --- .../linux/netfilter/{nf_osf.h => nfnetlink_osf.h} | 2 +- .../linux/netfilter/{nf_osf.h => nfnetlink_osf.h} | 6 +++--- include/uapi/linux/netfilter/xt_osf.h | 2 +- net/netfilter/Kconfig | 15 ++++++++++----- net/netfilter/Makefile | 2 +- net/netfilter/{nf_osf.c => nfnetlink_osf.c} | 2 +- 6 files changed, 17 insertions(+), 12 deletions(-) rename include/linux/netfilter/{nf_osf.h => nfnetlink_osf.h} (95%) rename include/uapi/linux/netfilter/{nf_osf.h => nfnetlink_osf.h} (96%) rename net/netfilter/{nf_osf.c => nfnetlink_osf.c} (99%)