PATCH iproute2] catch iptables interface changes

PATCH iproute2] catch iptables interface changes

[Jamal Hadi Salim]

[-- Attachment #1: Type: text/plain, Size: 95 bytes --]


Thanks to Jan for this suggestion.
Hopefully this would ease some of the pain.

cheers,
jamal

[-- Attachment #2: catch-ipt-upgrade --]
[-- Type: text/plain, Size: 815 bytes --]

commit ba9b18dbcad853e22ea2b8ecf87d53ef2f6cf58c
Author: Jamal Hadi Salim <jhs@mojatatu.com>
Date:   Sun Apr 28 07:41:47 2013 -0400

    Detect future iptable changes interfaces earlier in the dev
    cycles. Hopefully someone is going to complain about such breakage
    and we'll get the fix in sooner.
    
    Signed-off-by: Jamal Hadi Salim <jhs@mojatatu.com>

diff --git a/tc/m_xt.c b/tc/m_xt.c
index 3edf520..b266337 100644
--- a/tc/m_xt.c
+++ b/tc/m_xt.c
@@ -129,6 +129,10 @@ static int parse_ipt(struct action_util *a,int *argc_p,
 	__u32 hook = 0, index = 0;
 	struct option *opts = NULL;
 
+#if (XTABLES_VERSION_CODE > 7)
+#error Someone call the guy who changed xtables ver 7 and \
+	make him fix it^W^W^W^W say you need help.
+#endif
 	xtables_init_all(&tcipt_globals, NFPROTO_IPV4);
 	set_lib_dir();
 

Re: PATCH iproute2] catch iptables interface changes

[Jamal Hadi Salim]

On 13-04-28 10:44 AM, Jamal Hadi Salim wrote:
>
> Thanks to Jan for this suggestion.
> Hopefully this would ease some of the pain.
>
> cheers,
> jamal


Stephen,
Please include this patch. I just pulled and i dont see it
there.

cheers,
jamal

Re: PATCH iproute2] catch iptables interface changes

[Stephen Hemminger]

On Sun, 28 Apr 2013 10:44:38 -0400
Jamal Hadi Salim <jhs@mojatatu.com> wrote:

> 
> Thanks to Jan for this suggestion.
> Hopefully this would ease some of the pain.
> 
> cheers,
> jamal

Any feedback from the netfilter team? Is this right?
I would prefer to change wording of the error to something more professional.
It may trigger 15 years from now and everybody around forgot what that meant.

Re: PATCH iproute2] catch iptables interface changes

[Pablo Neira Ayuso]

On Sun, Apr 28, 2013 at 10:44:38AM -0400, Jamal Hadi Salim wrote:
> commit ba9b18dbcad853e22ea2b8ecf87d53ef2f6cf58c
> Author: Jamal Hadi Salim <jhs@mojatatu.com>
> Date:   Sun Apr 28 07:41:47 2013 -0400
> 
>     Detect future iptable changes interfaces earlier in the dev
>     cycles. Hopefully someone is going to complain about such breakage
>     and we'll get the fix in sooner.
>     
>     Signed-off-by: Jamal Hadi Salim <jhs@mojatatu.com>
> 
> diff --git a/tc/m_xt.c b/tc/m_xt.c
> index 3edf520..b266337 100644
> --- a/tc/m_xt.c
> +++ b/tc/m_xt.c
> @@ -129,6 +129,10 @@ static int parse_ipt(struct action_util *a,int *argc_p,
>  	__u32 hook = 0, index = 0;
>  	struct option *opts = NULL;
>  
> +#if (XTABLES_VERSION_CODE > 7)
> +#error Someone call the guy who changed xtables ver 7 and \
> +	make him fix it^W^W^W^W say you need help.
> +#endif

BTW, iptables 1.4.19 (that will be released soon) will be
XTABLES_VERSION_CODE == 10:

libxtables_vcurrent=10
libxtables_vage=0

XTABLES_VERSION_CODE = libxtables_vcurrent - libxtables_vage

iptables 1.4.19 -> 10
iptables 1.4.18 -> 10
iptables 1.4.17 -> 9
iptables 1.4.16.3 -> 9
[ seems like we have skip one by accident ]
iptables 1.4.15 -> 7

So this error that Jamal proposes will be hit soon again by users. But
I don't think all those API updates affect xt action though. There is
a limited amount of functions that xt action uses.

Let me think if I can come with a better idea.

Regards.

Re: PATCH iproute2] catch iptables interface changes

[Jan Engelhardt]

On Monday 2013-05-06 18:53, Pablo Neira Ayuso wrote:
>
>XTABLES_VERSION_CODE = libxtables_vcurrent - libxtables_vage
>
>iptables 1.4.19 -> 10
>iptables 1.4.18 -> 10
>iptables 1.4.17 -> 9
>iptables 1.4.16.3 -> 9
>[ seems like we have skip one by accident ]
>iptables 1.4.15 -> 7

No accident here. We had 7:0:0, 8:0:1, 9:0:2/9:0:0.