lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20121023085320.GC7079@1984>
Date:	Tue, 23 Oct 2012 10:53:20 +0200
From:	Pablo Neira Ayuso <pablo@...filter.org>
To:	Simon Horman <horms@...ge.net.au>
Cc:	Jesper Dangaard Brouer <brouer@...hat.com>, fengguang.wu@...el.com,
	yuanhan.liu@...ux.intel.com, netdev@...r.kernel.org,
	lvs-devel@...r.kernel.org, netfilter-devel@...r.kernel.org,
	Hans Schillstrom <hans.schillstrom@...csson.com>
Subject: Re: [nf-next PATCH v2] ipvs: fix build errors related to config
 option combinations

On Tue, Oct 23, 2012 at 10:42:41AM +0200, Pablo Neira Ayuso wrote:
> On Tue, Oct 23, 2012 at 09:33:15AM +0900, Simon Horman wrote:
> > On Mon, Oct 22, 2012 at 09:22:45PM +0200, Jesper Dangaard Brouer wrote:
> > > Fix two build error introduced by commit 63dca2c0:
> > >  "ipvs: Fix faulty IPv6 extension header handling in IPVS"
> > > 
> > > First build error was fairly trivial and can occur, when
> > > CONFIG_IP_VS_IPV6 is disabled.
> > > 
> > > The second build error was tricky, and can occur when deselecting
> > > both all Netfilter and IPVS, but selecting CONFIG_IPV6.  This is
> > > caused by "kernel/sysctl_binary.c" including "net/ip_vs.h", which
> > > includes "linux/netfilter_ipv6/ip6_tables.h" causing include
> > > of "include/linux/netfilter/x_tables.h" which then cannot find
> > > the typedef nf_hookfn.
> > > 
> > > Fix this by only including "linux/netfilter_ipv6/ip6_tables.h" in
> > > case of CONFIG_IP_VS_IPV6 as its already used to guard the usage
> > > of ipv6_find_hdr().
> > 
> > Thanks, I have verified both of these fixes and I will send a pull
> > request ASAP.
> > 
> > I do wonder how we might get earlier test coverage of these kinds of problems.
> 
> David already mentioned that we (Netfilter/IPVS) should aim to reduce
> the amount of ifdef pollution in the code. Sometimes it is possible in
> a nice way by encapsulating code that depends on the feature in one
> single file.
> 
> Sometimes it also requires some more thinking to make it that way (not
> as easy as adding ifdef).
> 
> I think if we aim to that, we can avoid this sort of problems.

By looking at all those CONFIG_IP_VS_IPV6. I'd suggest to abstract
generic layer 3 operations and thus move all IPv4 and IPv6 to the
corresponding files (eg. ipvs_l3proto_ipv4.c and
ipvs_l3proto_ipv6.c).
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ