On Wed, 2009-01-21 at 19:44 +0100, Jan Engelhardt wrote:
> On Wednesday 2009-01-21 19:39, jamal wrote:
> >
[..]
> >I am afraid I cant get rid of iptables as is from ipt - it is needed
> >for older kernels.
>
> Well that is bad.
I should have said i need it to work with older iptables xtensions
mostly(than older kernels) i.e before xtables. The old version
works for iptables <=1.4.1
> But it is not really my problem.
It is ethically my problem, unfortunately. I wrote it and there are
users out there.
> m_ipt has so horribly abused iptables it is quite unfixable IMHO.
I am trying to be a better iptableszen ;->
Hence the new m_xipt.c to start the new path. There is now
a new file (m_xipt.c) which will be a lot less abusive.
[But even with that i am being a little preemptive with the tag
TC_CONFIG_XIPT_H as you can see (and volunteering to do the work to
reduce future breakages from xtables).]
> >So Instead I compile something else once i detect
> >there is xtables in the system, I compile with xtables support.
>
> If that works, ok. But I doubt it would get accepted upstream.
I am the maintainer; however, if someone else wants to
take it over, they can be my guest.
> >See attached. In the next iteration I will like to remove everything
> >tagged with "XXX: TC_CONFIG_XIPT_H" by making sure everything i need
>
> IPT -> XT. (not IPXT)
i can change that.
> >Does it compile?
>
> Mostly. I cannot get iproute2 compiled because it cannot find
> the definitions for struct tcmsg, but I think I got rid of all
> the iptables-related compile errors.
If you are on debian - you should be able to install iproute-dev package
and be fine I think. I just dload the tree.
In any case, I am afraid that still doesnt fix the backward/forward
compat challenge. And if you fix that by writing a brand new file you
may end up having something along the lines of what i posted.
I was impressed/suprised you didnt need functions like exit_error()
because i couldnt do it. For example, here's something basic i tried and
could be doing something wrong with iptables 1.4.2:
===== basic-ipt.c ==========
#include <xtables.h>
#include <xtables/internal.h>
int main(int argc, char **argv) {
return 0;
}
-------
Compiling with:
-----
gcc basic-ipt.c -I /home/hadi/iptables-src/iptables-1.4.2/include/
-L /home/hadi/iptables-src/iptables-1.4.2/.libs/ -lxtables -ldl
------
output:
------
/home/hadi/iptables-src/iptables-1.4.2/.libs//libxtables.so: undefined
reference to `program_version'
/home/hadi/iptables-src/iptables-1.4.2/.libs//libxtables.so: undefined
reference to `afinfo'
/home/hadi/iptables-src/iptables-1.4.2/.libs//libxtables.so: undefined
reference to `exit_error'
/home/hadi/iptables-src/iptables-1.4.2/.libs//libxtables.so: undefined
reference to `program_name'
collect2: ld returned 1 exit status
------
Thats why i sent that first patch to get rid of certain things from
internal.h --> xtables.h
and then i was going to move some of those routines into xtables.c
cheers,
jamal
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
