lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed,  7 Aug 2019 15:16:57 +0100
From:   Jeremy Sowden <jeremy@...zel.net>
To:     Pablo Neira Ayuso <pablo@...filter.org>
Cc:     Netfilter Devel <netfilter-devel@...r.kernel.org>,
        Net Dev <netdev@...r.kernel.org>,
        Masahiro Yamada <yamada.masahiro@...ionext.com>
Subject: [PATCH net-next v1 0/8] netfilter: header compilation fixes

A number of netfilter header files are on the header-test blacklist
becuse they cannot be compiled stand-alone.   There are two main reasons
for this: missing inclusions of other headers, and missing conditionals
checking for CONFIG_* symbols.

The first six of these patches rectify these omissions, the seventh
removes some unnecessary "#ifdef __KERNEL__" checks, and the last
removes all the NF headers from the blacklist.

I've cc'ed Masahiro Yamada because the last patch removes 74 lines from
include/Kbuild and may conflict with his kbuild tree.

Jeremy Sowden (8):
  netfilter: inlined four headers files into another one.
  netfilter: added missing includes to a number of header-files.
  netfilter: added missing IS_ENABLED(CONFIG_BRIDGE_NETFILTER) checks to
    header-file.
  netfilter: added missing IS_ENABLED(CONFIG_NF_TABLES) check to
    header-file.
  netfilter: added missing IS_ENABLED(CONFIG_NF_CONNTRACK) checks to
    some header-files.
  netfilter: added missing IS_ENABLED(CONFIG_NETFILTER) checks to some
    header-files.
  netfilter: removed "#ifdef __KERNEL__" guards from some headers.
  kbuild: removed all netfilter headers from header-test blacklist.

 include/Kbuild                                |  74 ------
 include/linux/netfilter/ipset/ip_set.h        | 238 +++++++++++++++++-
 .../linux/netfilter/ipset/ip_set_comment.h    |  73 ------
 .../linux/netfilter/ipset/ip_set_counter.h    |  84 -------
 .../linux/netfilter/ipset/ip_set_getport.h    |   4 +
 .../linux/netfilter/ipset/ip_set_skbinfo.h    |  42 ----
 .../linux/netfilter/ipset/ip_set_timeout.h    |  77 ------
 include/linux/netfilter/nf_conntrack_amanda.h |   4 +
 include/linux/netfilter/nf_conntrack_dccp.h   |   3 -
 include/linux/netfilter/nf_conntrack_ftp.h    |   8 +-
 include/linux/netfilter/nf_conntrack_h323.h   |  11 +-
 .../linux/netfilter/nf_conntrack_h323_asn1.h  |   2 +
 include/linux/netfilter/nf_conntrack_irc.h    |   5 +-
 include/linux/netfilter/nf_conntrack_pptp.h   |  12 +-
 .../linux/netfilter/nf_conntrack_proto_gre.h  |   2 -
 include/linux/netfilter/nf_conntrack_sane.h   |   4 -
 include/linux/netfilter/nf_conntrack_sip.h    |   6 +-
 include/linux/netfilter/nf_conntrack_snmp.h   |   3 +
 include/linux/netfilter/nf_conntrack_tftp.h   |   5 +
 include/linux/netfilter/x_tables.h            |   6 +
 include/linux/netfilter_arp/arp_tables.h      |   2 +
 include/linux/netfilter_bridge/ebtables.h     |   2 +
 include/linux/netfilter_ipv4/ip_tables.h      |   4 +
 include/linux/netfilter_ipv6/ip6_tables.h     |   2 +
 include/net/netfilter/br_netfilter.h          |  12 +
 include/net/netfilter/ipv4/nf_dup_ipv4.h      |   3 +
 include/net/netfilter/ipv6/nf_defrag_ipv6.h   |   4 +-
 include/net/netfilter/ipv6/nf_dup_ipv6.h      |   2 +
 include/net/netfilter/nf_conntrack.h          |  10 +
 include/net/netfilter/nf_conntrack_acct.h     |  13 +
 include/net/netfilter/nf_conntrack_bridge.h   |   6 +
 include/net/netfilter/nf_conntrack_core.h     |   3 +
 include/net/netfilter/nf_conntrack_count.h    |   3 +
 include/net/netfilter/nf_conntrack_l4proto.h  |   4 +
 .../net/netfilter/nf_conntrack_timestamp.h    |   6 +
 include/net/netfilter/nf_conntrack_tuple.h    |   2 +
 include/net/netfilter/nf_dup_netdev.h         |   2 +
 include/net/netfilter/nf_flow_table.h         |   5 +
 include/net/netfilter/nf_nat.h                |   4 +
 include/net/netfilter/nf_nat_helper.h         |   4 +-
 include/net/netfilter/nf_nat_redirect.h       |   3 +
 include/net/netfilter/nf_queue.h              |   7 +
 include/net/netfilter/nf_reject.h             |   3 +
 include/net/netfilter/nf_synproxy.h           |   4 +
 include/net/netfilter/nf_tables.h             |  12 +
 include/net/netfilter/nf_tables_ipv6.h        |   1 +
 include/net/netfilter/nft_fib.h               |   2 +
 include/net/netfilter/nft_meta.h              |   2 +
 include/net/netfilter/nft_reject.h            |   5 +
 include/uapi/linux/netfilter/xt_policy.h      |   1 +
 net/netfilter/ipset/ip_set_hash_gen.h         |   2 +-
 net/netfilter/xt_set.c                        |   1 -
 52 files changed, 409 insertions(+), 390 deletions(-)
 delete mode 100644 include/linux/netfilter/ipset/ip_set_comment.h
 delete mode 100644 include/linux/netfilter/ipset/ip_set_counter.h
 delete mode 100644 include/linux/netfilter/ipset/ip_set_skbinfo.h
 delete mode 100644 include/linux/netfilter/ipset/ip_set_timeout.h

-- 
2.20.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ