Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S933335AbaGYNyW (ORCPT ); Fri, 25 Jul 2014 09:54:22 -0400 Received: from mail-vc0-f173.google.com ([209.85.220.173]:53446 "EHLO mail-vc0-f173.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932866AbaGYNyT (ORCPT ); Fri, 25 Jul 2014 09:54:19 -0400 MIME-Version: 1.0 In-Reply-To: <20140725115414.GA4770@salvia> References: <1406275499-7822-1-git-send-email-ast@plumgrid.com> <53D23EAF.4000001@redhat.com> <20140725115414.GA4770@salvia> From: Willem de Bruijn Date: Fri, 25 Jul 2014 09:53:48 -0400 Message-ID: Subject: Re: [PATCH net-next] net: filter: rename 'struct sk_filter' to 'struct bpf_prog' To: Pablo Neira Ayuso Cc: Daniel Borkmann , Alexei Starovoitov , "David S. Miller" , netdev@vger.kernel.org, linux-kernel , netfilter-devel Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org >> >alternative fix for xt_bpf.h could be to replace: >> > /* only used in the kernel */ >> > struct sk_filter *filter __attribute__((aligned(8))); >> >with >> > /* only used in the kernel */ >> > void *filter __attribute__((aligned(8))); >> > >> >but this 'void *' approach may further break broken userspace, >> >whereas the fix implemented here is more seamless. >> >> Yep, that's not good, 'struct sk_filter' should never have been in a uapi >> file actually. This follows a convention in include/uapi/linux/netfilter/*.h that likely predates the introduction of uapi. A search for "Used internally by the kernel" shows many more examples. I should not have included filter.h, however. The common behavior when using pointers to kernel-internal structures is to have a forward declaration. I suggest making that change, instead of changing to void *. This avoids having to add casts where xt_bpf_info is used in net/netfilter/xt_bpf.c: -#include #include #define XT_BPF_MAX_NUM_INSTR 64 +struct sk_filter; + struct xt_bpf_info { I can send this as a separate patch to net-next, if that helps. > You can just send me a patch to change it to void. It's an internal > kernel pointer as the comment states. There is **no** way that > userspace can lurk with that from iptables at all. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/