You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

312 lines
11 KiB

  1. Restore support for kernel 4.9
  2. This reverts commits:
  3. 94656621ed269882aedf116f900009f1ccade3f6
  4. 95d4f9e113fae3ef1e161548fe25c43c091392e3
  5. 123e1a14e95f01b6ba2e4a31b3b2a74ff250be57
  6. f4f3f9860916d2ec88eb8339680d9ca0f64d41a4
  7. 9b1c7c1c047f0e9c6cb4f9abbdb9fd7b86ae6c1b
  8. ---
  9. configure.ac | 2 +-
  10. extensions/ACCOUNT/xt_ACCOUNT.c | 4 ++++
  11. extensions/compat_xtables.h | 8 ++++++--
  12. extensions/xt_CHAOS.c | 28 ++++++++++++++++++++++++++--
  13. extensions/xt_DELUDE.c | 8 +++++++-
  14. extensions/xt_DNETMAP.c | 13 +++++++++++++
  15. extensions/xt_ECHO.c | 4 ++++
  16. extensions/xt_LOGMARK.c | 8 ++++++++
  17. extensions/xt_TARPIT.c | 10 ++++++++++
  18. extensions/xt_iface.c | 8 ++++++++
  19. extensions/xt_lscan.c | 4 ++++
  20. 11 files changed, 91 insertions(+), 6 deletions(-)
  21. diff --git a/configure.ac b/configure.ac
  22. index 0d3aa72..1cea354 100644
  23. --- a/configure.ac
  24. +++ b/configure.ac
  25. @@ -59,7 +59,7 @@ if test -n "$kbuilddir"; then
  26. echo "$kmajor.$kminor.$kmicro.$kstable in $kbuilddir";
  27. if test "$kmajor" -gt 5 -o "$kmajor" -eq 5 -a "$kminor" -gt 0; then
  28. echo "WARNING: That kernel version is not officially supported yet. Continue at own luck.";
  29. - elif test "$kmajor" -eq 4 -a "$kminor" -ge 14; then
  30. + elif test "$kmajor" -eq 4 -a "$kminor" -ge 9; then
  31. :
  32. else
  33. echo "WARNING: That kernel version is not officially supported.";
  34. diff --git a/extensions/ACCOUNT/xt_ACCOUNT.c b/extensions/ACCOUNT/xt_ACCOUNT.c
  35. index 019f5bd..8abe8ab 100644
  36. --- a/extensions/ACCOUNT/xt_ACCOUNT.c
  37. +++ b/extensions/ACCOUNT/xt_ACCOUNT.c
  38. @@ -485,7 +485,11 @@ static void ipt_acc_depth2_insert(struct ipt_acc_mask_8 *mask_8,
  39. static unsigned int
  40. ipt_acc_target(struct sk_buff *skb, const struct xt_action_param *par)
  41. {
  42. +#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,10,0)
  43. struct ipt_acc_net *ian = net_generic(par->state->net, ipt_acc_net_id);
  44. +#else
  45. + struct ipt_acc_net *ian = net_generic(par->net, ipt_acc_net_id);
  46. +#endif
  47. struct ipt_acc_table *ipt_acc_tables = ian->ipt_acc_tables;
  48. const struct ipt_acc_info *info =
  49. par->targinfo;
  50. diff --git a/extensions/compat_xtables.h b/extensions/compat_xtables.h
  51. index faf5dd8..23785d9 100644
  52. --- a/extensions/compat_xtables.h
  53. +++ b/extensions/compat_xtables.h
  54. @@ -8,8 +8,8 @@
  55. #define DEBUGP Use__pr_debug__instead
  56. -#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 14, 0)
  57. -# warning Kernels below 4.14 not supported.
  58. +#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 9, 0)
  59. +# warning Kernels below 4.9 not supported.
  60. #endif
  61. #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
  62. @@ -44,7 +44,11 @@
  63. static inline struct net *par_net(const struct xt_action_param *par)
  64. {
  65. +#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 10, 0)
  66. return par->state->net;
  67. +#else
  68. + return par->net;
  69. +#endif
  70. }
  71. #ifndef NF_CT_ASSERT
  72. diff --git a/extensions/xt_CHAOS.c b/extensions/xt_CHAOS.c
  73. index eec36d4..cee2026 100644
  74. --- a/extensions/xt_CHAOS.c
  75. +++ b/extensions/xt_CHAOS.c
  76. @@ -58,7 +58,12 @@ xt_chaos_total(struct sk_buff *skb, const struct xt_action_param *par)
  77. {
  78. struct xt_action_param local_par;
  79. +#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,10,0)
  80. local_par.state = par->state;
  81. +#else
  82. + local_par.in = par->in,
  83. + local_par.out = par->out,
  84. +#endif
  85. local_par.match = xm_tcp;
  86. local_par.matchinfo = &tcp_params;
  87. local_par.fragoff = fragoff;
  88. @@ -73,7 +78,14 @@ xt_chaos_total(struct sk_buff *skb, const struct xt_action_param *par)
  89. destiny = (info->variant == XTCHAOS_TARPIT) ? xt_tarpit : xt_delude;
  90. {
  91. struct xt_action_param local_par;
  92. +#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,10,0)
  93. local_par.state = par->state;
  94. +#else
  95. + local_par.in = par->in;
  96. + local_par.out = par->out;
  97. + local_par.hooknum = par->hooknum;
  98. + local_par.family = par->family;
  99. +#endif
  100. local_par.target = destiny;
  101. local_par.targinfo = par->targinfo;
  102. destiny->target(skb, &local_par);
  103. @@ -96,15 +108,27 @@ chaos_tg(struct sk_buff *skb, const struct xt_action_param *par)
  104. if ((unsigned int)prandom_u32() <= reject_percentage) {
  105. struct xt_action_param local_par;
  106. +#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,10,0)
  107. local_par.state = par->state;
  108. +#else
  109. + local_par.in = par->in;
  110. + local_par.out = par->out;
  111. + local_par.hooknum = par->hooknum;
  112. +#endif
  113. local_par.target = xt_reject;
  114. local_par.targinfo = &reject_params;
  115. return xt_reject->target(skb, &local_par);
  116. }
  117. /* TARPIT/DELUDE may not be called from the OUTPUT chain */
  118. - if (iph->protocol == IPPROTO_TCP && info->variant != XTCHAOS_NORMAL &&
  119. - par->state->hook != NF_INET_LOCAL_OUT)
  120. + if (iph->protocol == IPPROTO_TCP &&
  121. + info->variant != XTCHAOS_NORMAL &&
  122. +#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,10,0)
  123. + par->state->hook
  124. +#else
  125. + par->hooknum
  126. +#endif
  127. + != NF_INET_LOCAL_OUT)
  128. xt_chaos_total(skb, par);
  129. return NF_DROP;
  130. diff --git a/extensions/xt_DELUDE.c b/extensions/xt_DELUDE.c
  131. index 618de5e..221f342 100644
  132. --- a/extensions/xt_DELUDE.c
  133. +++ b/extensions/xt_DELUDE.c
  134. @@ -146,7 +146,13 @@ delude_tg(struct sk_buff *skb, const struct xt_action_param *par)
  135. * a problem, as that is supported since Linux 2.6.35. But since we do not
  136. * actually want to have a connection open, we are still going to drop it.
  137. */
  138. - delude_send_reset(par_net(par), skb, par->state->hook);
  139. + delude_send_reset(par_net(par), skb,
  140. +#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,10,0)
  141. + par->state->hook
  142. +#else
  143. + par->hooknum
  144. +#endif
  145. + );
  146. return NF_DROP;
  147. }
  148. diff --git a/extensions/xt_DNETMAP.c b/extensions/xt_DNETMAP.c
  149. index de7d4ec..36a59e2 100644
  150. --- a/extensions/xt_DNETMAP.c
  151. +++ b/extensions/xt_DNETMAP.c
  152. @@ -356,7 +356,11 @@ out:
  153. static unsigned int
  154. dnetmap_tg(struct sk_buff *skb, const struct xt_action_param *par)
  155. {
  156. +#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,10,0)
  157. struct net *net = dev_net(par->state->in ? par->state->in : par->state->out);
  158. +#else
  159. + struct net *net = dev_net(par->in ? par->in : par->out);
  160. +#endif
  161. struct dnetmap_net *dnetmap_net = dnetmap_pernet(net);
  162. struct nf_conn *ct;
  163. enum ip_conntrack_info ctinfo;
  164. @@ -371,7 +375,11 @@ dnetmap_tg(struct sk_buff *skb, const struct xt_action_param *par)
  165. struct dnetmap_entry *e;
  166. struct dnetmap_prefix *p;
  167. __s32 jttl;
  168. +#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,10,0)
  169. unsigned int hooknum = par->state->hook;
  170. +#else
  171. + unsigned int hooknum = par->hooknum;
  172. +#endif
  173. ct = nf_ct_get(skb, &ctinfo);
  174. jttl = tginfo->flags & XT_DNETMAP_TTL ? tginfo->ttl * HZ : jtimeout;
  175. @@ -496,7 +504,12 @@ bind_new_prefix:
  176. newrange.max_addr.ip = postnat_ip;
  177. newrange.min_proto = mr->min_proto;
  178. newrange.max_proto = mr->max_proto;
  179. +#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,10,0)
  180. return nf_nat_setup_info(ct, &newrange, HOOK2MANIP(par->state->hook));
  181. +#else
  182. + return nf_nat_setup_info(ct, &newrange, HOOK2MANIP(par->hooknum));
  183. +#endif
  184. +
  185. no_rev_map:
  186. no_free_ip:
  187. spin_unlock_bh(&dnetmap_lock);
  188. diff --git a/extensions/xt_ECHO.c b/extensions/xt_ECHO.c
  189. index e99312b..60cb815 100644
  190. --- a/extensions/xt_ECHO.c
  191. +++ b/extensions/xt_ECHO.c
  192. @@ -35,7 +35,11 @@ echo_tg6(struct sk_buff *oldskb, const struct xt_action_param *par)
  193. void *payload;
  194. struct flowi6 fl;
  195. struct dst_entry *dst = NULL;
  196. +#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,10,0)
  197. struct net *net = dev_net((par->state->in != NULL) ? par->state->in : par->state->out);
  198. +#else
  199. + struct net *net = dev_net((par->in != NULL) ? par->in : par->out);
  200. +#endif
  201. /* This allows us to do the copy operation in fewer lines of code. */
  202. if (skb_linearize(oldskb) < 0)
  203. diff --git a/extensions/xt_LOGMARK.c b/extensions/xt_LOGMARK.c
  204. index 0474bf8..02e32be 100644
  205. --- a/extensions/xt_LOGMARK.c
  206. +++ b/extensions/xt_LOGMARK.c
  207. @@ -77,13 +77,21 @@ logmark_tg(struct sk_buff *skb, const struct xt_action_param *par)
  208. printk("<%u>%.*s""iif=%d hook=%s nfmark=0x%x "
  209. "secmark=0x%x classify=0x%x",
  210. info->level, (unsigned int)sizeof(info->prefix), info->prefix,
  211. +#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,10,0)
  212. skb_ifindex(skb), hook_names[par->state->hook],
  213. +#else
  214. + skb_ifindex(skb), hook_names[par->hooknum],
  215. +#endif
  216. skb_nfmark(skb), skb_secmark(skb), skb->priority);
  217. ct = nf_ct_get(skb, &ctinfo);
  218. printk(" ctdir=%s", dir_names[ctinfo >= IP_CT_IS_REPLY]);
  219. if (ct == NULL)
  220. printk(" ct=NULL ctmark=NULL ctstate=INVALID ctstatus=NONE");
  221. +#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 12, 0)
  222. + else if (nf_ct_is_untracked(ct))
  223. + printk(" ct=UNTRACKED ctmark=NULL ctstate=UNTRACKED ctstatus=NONE");
  224. +#endif
  225. else
  226. logmark_ct(ct, ctinfo);
  227. diff --git a/extensions/xt_TARPIT.c b/extensions/xt_TARPIT.c
  228. index cb98e9e..b78683c 100644
  229. --- a/extensions/xt_TARPIT.c
  230. +++ b/extensions/xt_TARPIT.c
  231. @@ -431,7 +431,12 @@ tarpit_tg4(struct sk_buff *skb, const struct xt_action_param *par)
  232. /* We are not interested in fragments */
  233. if (iph->frag_off & htons(IP_OFFSET))
  234. return NF_DROP;
  235. +
  236. +#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,10,0)
  237. tarpit_tcp4(par_net(par), skb, par->state->hook, info->variant);
  238. +#else
  239. + tarpit_tcp4(par_net(par), skb, par->hooknum, info->variant);
  240. +#endif
  241. return NF_DROP;
  242. }
  243. @@ -472,7 +477,12 @@ tarpit_tg6(struct sk_buff *skb, const struct xt_action_param *par)
  244. pr_debug("addr is not unicast.\n");
  245. return NF_DROP;
  246. }
  247. +
  248. +#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,10,0)
  249. tarpit_tcp6(par_net(par), skb, par->state->hook, info->variant);
  250. +#else
  251. + tarpit_tcp6(par_net(par), skb, par->hooknum, info->variant);
  252. +#endif
  253. return NF_DROP;
  254. }
  255. #endif
  256. diff --git a/extensions/xt_iface.c b/extensions/xt_iface.c
  257. index 7704686..be52a52 100644
  258. --- a/extensions/xt_iface.c
  259. +++ b/extensions/xt_iface.c
  260. @@ -45,9 +45,17 @@ static const struct net_device *iface_get(const struct xt_iface_mtinfo *info,
  261. const struct xt_action_param *par, struct net_device **put)
  262. {
  263. if (info->flags & XT_IFACE_DEV_IN)
  264. +#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,10,0)
  265. return par->state->in;
  266. +#else
  267. + return par->in;
  268. +#endif
  269. else if (info->flags & XT_IFACE_DEV_OUT)
  270. +#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,10,0)
  271. return par->state->out;
  272. +#else
  273. + return par->out;
  274. +#endif
  275. return *put = dev_get_by_name(&init_net, info->ifname);
  276. }
  277. diff --git a/extensions/xt_lscan.c b/extensions/xt_lscan.c
  278. index 060fe44..3a7d2ed 100644
  279. --- a/extensions/xt_lscan.c
  280. +++ b/extensions/xt_lscan.c
  281. @@ -204,7 +204,11 @@ lscan_mt(const struct sk_buff *skb, struct xt_action_param *par)
  282. unsigned int n;
  283. n = lscan_mt_full(ctdata->mark & connmark_mask, ctstate,
  284. +#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,10,0)
  285. par->state->in == init_net.loopback_dev, tcph,
  286. +#else
  287. + par->in == init_net.loopback_dev, tcph,
  288. +#endif
  289. skb->len - par->thoff - 4 * tcph->doff);
  290. ctdata->mark = (ctdata->mark & ~connmark_mask) | n;
  291. --
  292. 2.21.0