netfilter: don't pull include/linux/netfilter.h from netns headers

This pulls the full hook netfilter definitions from all those that include net_namespace.h. Instead let's just include the bare minimum required in the new linux/netfilter_defs.h file, and use it from the netfilter netns header files. I also needed to include in.h and in6.h from linux/netfilter.h otherwise we hit this compilation error: In file included from include/linux/netfilter_defs.h:4:0, from include/net/netns/netfilter.h:4, from include/net/net_namespace.h:22, from include/linux/netdevice.h:43, from net/netfilter/nfnetlink_queue_core.c:23: include/uapi/linux/netfilter.h:76:17: error: field ‘in’ has incomplete type struct in_addr in; And also explicit include linux/netfilter.h in several spots. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2015-06-17 11:28:27 -0400
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2015-06-18 15:14:31 -0400
commit: a263653ed798216c0069922d7b5237ca49436007 (patch)
tree: dc6cf8cc8519a3aa4bbb988699bc75042470a793
parent: 10c04a8e715cca824f96bcbf4af07f5a40985357 (diff)
6 files changed, 16 insertions, 7 deletions
diff --git a/include/linux/netfilter.h b/include/linux/netfilter.h
index f5ff5d156da8..00050dfd9f23 100644
--- a/include/linux/netfilter.h
+++ b/include/linux/netfilter.h
@@ -10,7 +10,8 @@
 #include <linux/wait.h>
 #include <linux/list.h>
 #include <linux/static_key.h>
-#include <uapi/linux/netfilter.h>
+#include <linux/netfilter_defs.h>
 #ifdef CONFIG_NETFILTER
 static inline int NF_DROP_GETERR(int verdict)
 {
@@ -38,9 +39,6 @@ static inline void nf_inet_addr_mask(const union nf_inet_addr *a1,
 int netfilter_init(void);
-/* Largest hook number + 1 */
-#define NF_MAX_HOOKS 8
 struct sk_buff;
 struct nf_hook_ops;
diff --git a/include/linux/netfilter_defs.h b/include/linux/netfilter_defs.h
new file mode 100644
index 000000000000..d3a7f8597e82
--- /dev/null
+++ b/include/linux/netfilter_defs.h
@@ -0,0 +1,9 @@
+#ifndef __LINUX_NETFILTER_CORE_H_
+#define __LINUX_NETFILTER_CORE_H_
+#include <uapi/linux/netfilter.h>
+/* Largest hook number + 1, see uapi/linux/netfilter_decnet.h */
+#define NF_MAX_HOOKS 8
+#endif
diff --git a/include/net/netns/netfilter.h b/include/net/netns/netfilter.h
index cf25b5e35f3c..532e4ba64f49 100644
--- a/include/net/netns/netfilter.h
+++ b/include/net/netns/netfilter.h
@@ -1,7 +1,7 @@
 #ifndef __NETNS_NETFILTER_H
 #define __NETNS_NETFILTER_H
-#include <linux/netfilter.h>
+#include <linux/netfilter_defs.h>
 struct proc_dir_entry;
 struct nf_logger;
diff --git a/include/net/netns/x_tables.h b/include/net/netns/x_tables.h
index 4d6597ad6067..c8a7681efa6a 100644
--- a/include/net/netns/x_tables.h
+++ b/include/net/netns/x_tables.h
@@ -2,7 +2,7 @@
 #define __NETNS_X_TABLES_H
 #include <linux/list.h>
-#include <linux/netfilter.h>
+#include <linux/netfilter_defs.h>
 struct ebt_table;
diff --git a/include/uapi/linux/netfilter.h b/include/uapi/linux/netfilter.h
index 177027cce6b3..d93f949d1d9a 100644
--- a/include/uapi/linux/netfilter.h
+++ b/include/uapi/linux/netfilter.h
@@ -4,7 +4,8 @@
 #include <linux/types.h>
 #include <linux/compiler.h>
 #include <linux/sysctl.h>
+#include <linux/in.h>
+#include <linux/in6.h>
 /* Responses from hook functions. */
 #define NF_DROP 0
diff --git a/net/ipv6/output_core.c b/net/ipv6/output_core.c
index 21678acd4521..928a0fb0b744 100644
--- a/net/ipv6/output_core.c
+++ b/net/ipv6/output_core.c
@@ -8,6 +8,7 @@
 #include <net/ip6_fib.h>
 #include <net/addrconf.h>
 #include <net/secure_seq.h>
+#include <linux/netfilter.h>
 static u32 __ipv6_select_ident(struct net *net, u32 hashrnd,
                               const struct in6_addr *dst,
author	Pablo Neira Ayuso <pablo@netfilter.org>	2015-06-17 11:28:27 -0400
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2015-06-18 15:14:31 -0400
commit	a263653ed798216c0069922d7b5237ca49436007 (patch)
tree	dc6cf8cc8519a3aa4bbb988699bc75042470a793
parent	10c04a8e715cca824f96bcbf4af07f5a40985357 (diff)

diff --git a/include/linux/netfilter.h b/include/linux/netfilter.h index f5ff5d156da8..00050dfd9f23 100644 --- a/include/linux/netfilter.h +++ b/include/linux/netfilter.h
@@ -10,7 +10,8 @@
10	#include <linux/wait.h>	10	#include <linux/wait.h>
11	#include <linux/list.h>	11	#include <linux/list.h>
12	#include <linux/static_key.h>	12	#include <linux/static_key.h>
13	#include <uapi/linux/netfilter.h>	13	#include <linux/netfilter_defs.h>
		14
14	#ifdef CONFIG_NETFILTER	15	#ifdef CONFIG_NETFILTER
15	static inline int NF_DROP_GETERR(int verdict)	16	static inline int NF_DROP_GETERR(int verdict)
16	{	17	{
@@ -38,9 +39,6 @@ static inline void nf_inet_addr_mask(const union nf_inet_addr *a1,
38		39
39	int netfilter_init(void);	40	int netfilter_init(void);
40		41
41	/* Largest hook number + 1 */
42	#define NF_MAX_HOOKS 8
43
44	struct sk_buff;	42	struct sk_buff;
45		43
46	struct nf_hook_ops;	44	struct nf_hook_ops;


diff --git a/include/linux/netfilter_defs.h b/include/linux/netfilter_defs.h new file mode 100644 index 000000000000..d3a7f8597e82 --- /dev/null +++ b/include/linux/netfilter_defs.h
@@ -0,0 +1,9 @@
		1	#ifndef __LINUX_NETFILTER_CORE_H_
		2	#define __LINUX_NETFILTER_CORE_H_
		3
		4	#include <uapi/linux/netfilter.h>
		5
		6	/* Largest hook number + 1, see uapi/linux/netfilter_decnet.h */
		7	#define NF_MAX_HOOKS 8
		8
		9	#endif


diff --git a/include/net/netns/netfilter.h b/include/net/netns/netfilter.h index cf25b5e35f3c..532e4ba64f49 100644 --- a/include/net/netns/netfilter.h +++ b/include/net/netns/netfilter.h
@@ -1,7 +1,7 @@
1	#ifndef __NETNS_NETFILTER_H	1	#ifndef __NETNS_NETFILTER_H
2	#define __NETNS_NETFILTER_H	2	#define __NETNS_NETFILTER_H
3		3
4	#include <linux/netfilter.h>	4	#include <linux/netfilter_defs.h>
5		5
6	struct proc_dir_entry;	6	struct proc_dir_entry;
7	struct nf_logger;	7	struct nf_logger;


diff --git a/include/net/netns/x_tables.h b/include/net/netns/x_tables.h index 4d6597ad6067..c8a7681efa6a 100644 --- a/include/net/netns/x_tables.h +++ b/include/net/netns/x_tables.h
@@ -2,7 +2,7 @@
2	#define __NETNS_X_TABLES_H	2	#define __NETNS_X_TABLES_H
3		3
4	#include <linux/list.h>	4	#include <linux/list.h>
5	#include <linux/netfilter.h>	5	#include <linux/netfilter_defs.h>
6		6
7	struct ebt_table;	7	struct ebt_table;
8		8


diff --git a/include/uapi/linux/netfilter.h b/include/uapi/linux/netfilter.h index 177027cce6b3..d93f949d1d9a 100644 --- a/include/uapi/linux/netfilter.h +++ b/include/uapi/linux/netfilter.h
@@ -4,7 +4,8 @@
4	#include <linux/types.h>	4	#include <linux/types.h>
5	#include <linux/compiler.h>	5	#include <linux/compiler.h>
6	#include <linux/sysctl.h>	6	#include <linux/sysctl.h>
7		7	#include <linux/in.h>
		8	#include <linux/in6.h>
8		9
9	/* Responses from hook functions. */	10	/* Responses from hook functions. */
10	#define NF_DROP 0	11	#define NF_DROP 0


diff --git a/net/ipv6/output_core.c b/net/ipv6/output_core.c index 21678acd4521..928a0fb0b744 100644 --- a/net/ipv6/output_core.c +++ b/net/ipv6/output_core.c
@@ -8,6 +8,7 @@
8	#include <net/ip6_fib.h>	8	#include <net/ip6_fib.h>
9	#include <net/addrconf.h>	9	#include <net/addrconf.h>
10	#include <net/secure_seq.h>	10	#include <net/secure_seq.h>
		11	#include <linux/netfilter.h>
11		12
12	static u32 __ipv6_select_ident(struct net *net, u32 hashrnd,	13	static u32 __ipv6_select_ident(struct net *net, u32 hashrnd,
13	const struct in6_addr *dst,	14	const struct in6_addr *dst,