tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

netfilter: don't pull include/linux/netfilter.h from netns headers

This pulls the full hook netfilter definitions from all those that include
net_namespace.h.

Instead let's just include the bare minimum required in the new
linux/netfilter_defs.h file, and use it from the netfilter netns header files.

I also needed to include in.h and in6.h from linux/netfilter.h otherwise we hit
this compilation error:

In file included from include/linux/netfilter_defs.h:4:0,
from include/net/netns/netfilter.h:4,
from include/net/net_namespace.h:22,
from include/linux/netdevice.h:43,
from net/netfilter/nfnetlink_queue_core.c:23:
include/uapi/linux/netfilter.h:76:17: error: field ‘in’ has incomplete type struct in_addr in;

And also explicit include linux/netfilter.h in several spots.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>

Pablo Neira Ayuso a263653e 10c04a8e

+16 -7
+2 -4
include/linux/netfilter.h
··· 10 10 #include <linux/wait.h> 11 11 #include <linux/list.h> 12 12 #include <linux/static_key.h> 13 - #include <uapi/linux/netfilter.h> 13 + #include <linux/netfilter_defs.h> 14 + 14 15 #ifdef CONFIG_NETFILTER 15 16 static inline int NF_DROP_GETERR(int verdict) 16 17 { ··· 38 37 } 39 38 40 39 int netfilter_init(void); 41 - 42 - /* Largest hook number + 1 */ 43 - #define NF_MAX_HOOKS 8 44 40 45 41 struct sk_buff; 46 42
+9
include/linux/netfilter_defs.h
··· 1 + #ifndef __LINUX_NETFILTER_CORE_H_ 2 + #define __LINUX_NETFILTER_CORE_H_ 3 + 4 + #include <uapi/linux/netfilter.h> 5 + 6 + /* Largest hook number + 1, see uapi/linux/netfilter_decnet.h */ 7 + #define NF_MAX_HOOKS 8 8 + 9 + #endif
+1 -1
include/net/netns/netfilter.h
··· 1 1 #ifndef __NETNS_NETFILTER_H 2 2 #define __NETNS_NETFILTER_H 3 3 4 - #include <linux/netfilter.h> 4 + #include <linux/netfilter_defs.h> 5 5 6 6 struct proc_dir_entry; 7 7 struct nf_logger;
+1 -1
include/net/netns/x_tables.h
··· 2 2 #define __NETNS_X_TABLES_H 3 3 4 4 #include <linux/list.h> 5 - #include <linux/netfilter.h> 5 + #include <linux/netfilter_defs.h> 6 6 7 7 struct ebt_table; 8 8
+2 -1
include/uapi/linux/netfilter.h
··· 4 4 #include <linux/types.h> 5 5 #include <linux/compiler.h> 6 6 #include <linux/sysctl.h> 7 - 7 + #include <linux/in.h> 8 + #include <linux/in6.h> 8 9 9 10 /* Responses from hook functions. */ 10 11 #define NF_DROP 0
+1
net/ipv6/output_core.c
··· 8 8 #include <net/ip6_fib.h> 9 9 #include <net/addrconf.h> 10 10 #include <net/secure_seq.h> 11 + #include <linux/netfilter.h> 11 12 12 13 static u32 __ipv6_select_ident(struct net *net, u32 hashrnd, 13 14 const struct in6_addr *dst,