On Sat, Nov 17, 2018 at 10:28:56PM +0200, Baruch Siach wrote: > Hi Pablo, > > Pablo Neira Ayuso writes: > > On Fri, Nov 16, 2018 at 09:30:33AM +0200, Baruch Siach wrote: > >> Commit 672accf1530 (include: update kernel netfilter header files) > >> updated linux/netfilter.h and brought with it the update from kernel > >> commit a263653ed798 (netfilter: don't pull include/linux/netfilter.h > >> from netns headers). This triggers conflict of headers that is fixed in > >> kernel commit 279c6c7fa64f (api: fix compatibility of linux/in.h with > >> netinet/in.h) included in kernel version 4.2. For earlier kernel headers > >> we need a workaround that prevents the headers conflict. > >> > >> Fixes the following build failure: > >> > >> In file included from .../sysroot/usr/include/netinet/ip.h:25:0, > >> from ../include/libiptc/ipt_kernel_headers.h:8, > >> from ../include/libiptc/libiptc.h:6, > >> from libip4tc.c:29: > >> .../sysroot/usr/include/linux/in.h:26:3: error: redeclaration of > >> enumerator ‘IPPROTO_IP’ > >> IPPROTO_IP = 0, /* Dummy protocol for TCP */ > >> ^ > >> .../sysroot/usr/include/netinet/in.h:33:5: note: previous definition of > >> ‘IPPROTO_IP’ was here > >> IPPROTO_IP = 0, /* Dummy protocol for TCP. */ > >> ^~~~~~~~~~ > >> > >> Cc: Florian Westphal <f...@strlen.de> > >> Signed-off-by: Baruch Siach <bar...@tkos.co.il> > >> --- > >> include/linux/netfilter.h | 2 ++ > >> 1 file changed, 2 insertions(+) > >> > >> diff --git a/include/linux/netfilter.h b/include/linux/netfilter.h > >> index c3f087ac680c..bacf8cd92116 100644 > >> --- a/include/linux/netfilter.h > >> +++ b/include/linux/netfilter.h > >> @@ -3,7 +3,9 @@ > >> > >> #include <linux/types.h> > >> > >> +#ifndef _NETINET_IN_H > >> #include <linux/in.h> > >> +#endif > > > > This is updating a cached copy of the kernel headers, we basically > > copy kernel headers and place in the userspace tree to make sure that > > iptables compiles standalone, without the need for kernel-headers to > > be installed in the system in order to simplify building process. > > > > I would like we don't have to modify this cached copy, so if you can > > find a way to update the userspace C files without touching the cached > > copy of the kernel header, that would be great. My concern is that > > this little tweak will go away once we update the cached copy anytime > > soon in the future. > > > > Thanks. > > I can't think of any better solution. > > A possible alternative would be to add '#define _LINUX_IN_H' in every > file that include netinet/in.h to suppress the kernel headern. This is a > bigger change, although is doesn't touch any cached kernel header as far > as I can see. > > Do you like this solution better?
Probably we can consolidate this in one single spot, eg. iptables/nft.h ? So we only have to add this once.
