|
|
- Restore support for kernel 4.9
- This reverts commits:
- 94656621ed269882aedf116f900009f1ccade3f6
- 95d4f9e113fae3ef1e161548fe25c43c091392e3
- 123e1a14e95f01b6ba2e4a31b3b2a74ff250be57
- f4f3f9860916d2ec88eb8339680d9ca0f64d41a4
- 9b1c7c1c047f0e9c6cb4f9abbdb9fd7b86ae6c1b
- ---
- configure.ac | 2 +-
- extensions/ACCOUNT/xt_ACCOUNT.c | 4 ++++
- extensions/compat_xtables.h | 8 ++++++--
- extensions/xt_CHAOS.c | 28 ++++++++++++++++++++++++++--
- extensions/xt_DELUDE.c | 8 +++++++-
- extensions/xt_DNETMAP.c | 13 +++++++++++++
- extensions/xt_ECHO.c | 4 ++++
- extensions/xt_LOGMARK.c | 8 ++++++++
- extensions/xt_TARPIT.c | 10 ++++++++++
- extensions/xt_iface.c | 8 ++++++++
- extensions/xt_lscan.c | 4 ++++
- 11 files changed, 91 insertions(+), 6 deletions(-)
-
- diff --git a/configure.ac b/configure.ac
- index 0d3aa72..1cea354 100644
- --- a/configure.ac
- +++ b/configure.ac
- @@ -59,7 +59,7 @@ if test -n "$kbuilddir"; then
- echo "$kmajor.$kminor.$kmicro.$kstable in $kbuilddir";
- if test "$kmajor" -gt 5 -o "$kmajor" -eq 5 -a "$kminor" -gt 0; then
- echo "WARNING: That kernel version is not officially supported yet. Continue at own luck.";
- - elif test "$kmajor" -eq 4 -a "$kminor" -ge 14; then
- + elif test "$kmajor" -eq 4 -a "$kminor" -ge 9; then
- :
- else
- echo "WARNING: That kernel version is not officially supported.";
- diff --git a/extensions/ACCOUNT/xt_ACCOUNT.c b/extensions/ACCOUNT/xt_ACCOUNT.c
- index 019f5bd..8abe8ab 100644
- --- a/extensions/ACCOUNT/xt_ACCOUNT.c
- +++ b/extensions/ACCOUNT/xt_ACCOUNT.c
- @@ -485,7 +485,11 @@ static void ipt_acc_depth2_insert(struct ipt_acc_mask_8 *mask_8,
- static unsigned int
- ipt_acc_target(struct sk_buff *skb, const struct xt_action_param *par)
- {
- +#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,10,0)
- struct ipt_acc_net *ian = net_generic(par->state->net, ipt_acc_net_id);
- +#else
- + struct ipt_acc_net *ian = net_generic(par->net, ipt_acc_net_id);
- +#endif
- struct ipt_acc_table *ipt_acc_tables = ian->ipt_acc_tables;
- const struct ipt_acc_info *info =
- par->targinfo;
- diff --git a/extensions/compat_xtables.h b/extensions/compat_xtables.h
- index faf5dd8..23785d9 100644
- --- a/extensions/compat_xtables.h
- +++ b/extensions/compat_xtables.h
- @@ -8,8 +8,8 @@
-
- #define DEBUGP Use__pr_debug__instead
-
- -#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 14, 0)
- -# warning Kernels below 4.14 not supported.
- +#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 9, 0)
- +# warning Kernels below 4.9 not supported.
- #endif
-
- #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
- @@ -44,7 +44,11 @@
-
- static inline struct net *par_net(const struct xt_action_param *par)
- {
- +#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 10, 0)
- return par->state->net;
- +#else
- + return par->net;
- +#endif
- }
-
- #ifndef NF_CT_ASSERT
- diff --git a/extensions/xt_CHAOS.c b/extensions/xt_CHAOS.c
- index eec36d4..cee2026 100644
- --- a/extensions/xt_CHAOS.c
- +++ b/extensions/xt_CHAOS.c
- @@ -58,7 +58,12 @@ xt_chaos_total(struct sk_buff *skb, const struct xt_action_param *par)
-
- {
- struct xt_action_param local_par;
- +#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,10,0)
- local_par.state = par->state;
- +#else
- + local_par.in = par->in,
- + local_par.out = par->out,
- +#endif
- local_par.match = xm_tcp;
- local_par.matchinfo = &tcp_params;
- local_par.fragoff = fragoff;
- @@ -73,7 +78,14 @@ xt_chaos_total(struct sk_buff *skb, const struct xt_action_param *par)
- destiny = (info->variant == XTCHAOS_TARPIT) ? xt_tarpit : xt_delude;
- {
- struct xt_action_param local_par;
- +#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,10,0)
- local_par.state = par->state;
- +#else
- + local_par.in = par->in;
- + local_par.out = par->out;
- + local_par.hooknum = par->hooknum;
- + local_par.family = par->family;
- +#endif
- local_par.target = destiny;
- local_par.targinfo = par->targinfo;
- destiny->target(skb, &local_par);
- @@ -96,15 +108,27 @@ chaos_tg(struct sk_buff *skb, const struct xt_action_param *par)
-
- if ((unsigned int)prandom_u32() <= reject_percentage) {
- struct xt_action_param local_par;
- +#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,10,0)
- local_par.state = par->state;
- +#else
- + local_par.in = par->in;
- + local_par.out = par->out;
- + local_par.hooknum = par->hooknum;
- +#endif
- local_par.target = xt_reject;
- local_par.targinfo = &reject_params;
- return xt_reject->target(skb, &local_par);
- }
-
- /* TARPIT/DELUDE may not be called from the OUTPUT chain */
- - if (iph->protocol == IPPROTO_TCP && info->variant != XTCHAOS_NORMAL &&
- - par->state->hook != NF_INET_LOCAL_OUT)
- + if (iph->protocol == IPPROTO_TCP &&
- + info->variant != XTCHAOS_NORMAL &&
- +#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,10,0)
- + par->state->hook
- +#else
- + par->hooknum
- +#endif
- + != NF_INET_LOCAL_OUT)
- xt_chaos_total(skb, par);
-
- return NF_DROP;
- diff --git a/extensions/xt_DELUDE.c b/extensions/xt_DELUDE.c
- index 618de5e..221f342 100644
- --- a/extensions/xt_DELUDE.c
- +++ b/extensions/xt_DELUDE.c
- @@ -146,7 +146,13 @@ delude_tg(struct sk_buff *skb, const struct xt_action_param *par)
- * a problem, as that is supported since Linux 2.6.35. But since we do not
- * actually want to have a connection open, we are still going to drop it.
- */
- - delude_send_reset(par_net(par), skb, par->state->hook);
- + delude_send_reset(par_net(par), skb,
- +#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,10,0)
- + par->state->hook
- +#else
- + par->hooknum
- +#endif
- + );
- return NF_DROP;
- }
-
- diff --git a/extensions/xt_DNETMAP.c b/extensions/xt_DNETMAP.c
- index de7d4ec..36a59e2 100644
- --- a/extensions/xt_DNETMAP.c
- +++ b/extensions/xt_DNETMAP.c
- @@ -356,7 +356,11 @@ out:
- static unsigned int
- dnetmap_tg(struct sk_buff *skb, const struct xt_action_param *par)
- {
- +#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,10,0)
- struct net *net = dev_net(par->state->in ? par->state->in : par->state->out);
- +#else
- + struct net *net = dev_net(par->in ? par->in : par->out);
- +#endif
- struct dnetmap_net *dnetmap_net = dnetmap_pernet(net);
- struct nf_conn *ct;
- enum ip_conntrack_info ctinfo;
- @@ -371,7 +375,11 @@ dnetmap_tg(struct sk_buff *skb, const struct xt_action_param *par)
- struct dnetmap_entry *e;
- struct dnetmap_prefix *p;
- __s32 jttl;
- +#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,10,0)
- unsigned int hooknum = par->state->hook;
- +#else
- + unsigned int hooknum = par->hooknum;
- +#endif
- ct = nf_ct_get(skb, &ctinfo);
-
- jttl = tginfo->flags & XT_DNETMAP_TTL ? tginfo->ttl * HZ : jtimeout;
- @@ -496,7 +504,12 @@ bind_new_prefix:
- newrange.max_addr.ip = postnat_ip;
- newrange.min_proto = mr->min_proto;
- newrange.max_proto = mr->max_proto;
- +#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,10,0)
- return nf_nat_setup_info(ct, &newrange, HOOK2MANIP(par->state->hook));
- +#else
- + return nf_nat_setup_info(ct, &newrange, HOOK2MANIP(par->hooknum));
- +#endif
- +
- no_rev_map:
- no_free_ip:
- spin_unlock_bh(&dnetmap_lock);
- diff --git a/extensions/xt_ECHO.c b/extensions/xt_ECHO.c
- index e99312b..60cb815 100644
- --- a/extensions/xt_ECHO.c
- +++ b/extensions/xt_ECHO.c
- @@ -35,7 +35,11 @@ echo_tg6(struct sk_buff *oldskb, const struct xt_action_param *par)
- void *payload;
- struct flowi6 fl;
- struct dst_entry *dst = NULL;
- +#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,10,0)
- struct net *net = dev_net((par->state->in != NULL) ? par->state->in : par->state->out);
- +#else
- + struct net *net = dev_net((par->in != NULL) ? par->in : par->out);
- +#endif
-
- /* This allows us to do the copy operation in fewer lines of code. */
- if (skb_linearize(oldskb) < 0)
- diff --git a/extensions/xt_LOGMARK.c b/extensions/xt_LOGMARK.c
- index 0474bf8..02e32be 100644
- --- a/extensions/xt_LOGMARK.c
- +++ b/extensions/xt_LOGMARK.c
- @@ -77,13 +77,21 @@ logmark_tg(struct sk_buff *skb, const struct xt_action_param *par)
- printk("<%u>%.*s""iif=%d hook=%s nfmark=0x%x "
- "secmark=0x%x classify=0x%x",
- info->level, (unsigned int)sizeof(info->prefix), info->prefix,
- +#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,10,0)
- skb_ifindex(skb), hook_names[par->state->hook],
- +#else
- + skb_ifindex(skb), hook_names[par->hooknum],
- +#endif
- skb_nfmark(skb), skb_secmark(skb), skb->priority);
-
- ct = nf_ct_get(skb, &ctinfo);
- printk(" ctdir=%s", dir_names[ctinfo >= IP_CT_IS_REPLY]);
- if (ct == NULL)
- printk(" ct=NULL ctmark=NULL ctstate=INVALID ctstatus=NONE");
- +#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 12, 0)
- + else if (nf_ct_is_untracked(ct))
- + printk(" ct=UNTRACKED ctmark=NULL ctstate=UNTRACKED ctstatus=NONE");
- +#endif
- else
- logmark_ct(ct, ctinfo);
-
- diff --git a/extensions/xt_TARPIT.c b/extensions/xt_TARPIT.c
- index cb98e9e..b78683c 100644
- --- a/extensions/xt_TARPIT.c
- +++ b/extensions/xt_TARPIT.c
- @@ -431,7 +431,12 @@ tarpit_tg4(struct sk_buff *skb, const struct xt_action_param *par)
- /* We are not interested in fragments */
- if (iph->frag_off & htons(IP_OFFSET))
- return NF_DROP;
- +
- +#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,10,0)
- tarpit_tcp4(par_net(par), skb, par->state->hook, info->variant);
- +#else
- + tarpit_tcp4(par_net(par), skb, par->hooknum, info->variant);
- +#endif
- return NF_DROP;
- }
-
- @@ -472,7 +477,12 @@ tarpit_tg6(struct sk_buff *skb, const struct xt_action_param *par)
- pr_debug("addr is not unicast.\n");
- return NF_DROP;
- }
- +
- +#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,10,0)
- tarpit_tcp6(par_net(par), skb, par->state->hook, info->variant);
- +#else
- + tarpit_tcp6(par_net(par), skb, par->hooknum, info->variant);
- +#endif
- return NF_DROP;
- }
- #endif
- diff --git a/extensions/xt_iface.c b/extensions/xt_iface.c
- index 7704686..be52a52 100644
- --- a/extensions/xt_iface.c
- +++ b/extensions/xt_iface.c
- @@ -45,9 +45,17 @@ static const struct net_device *iface_get(const struct xt_iface_mtinfo *info,
- const struct xt_action_param *par, struct net_device **put)
- {
- if (info->flags & XT_IFACE_DEV_IN)
- +#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,10,0)
- return par->state->in;
- +#else
- + return par->in;
- +#endif
- else if (info->flags & XT_IFACE_DEV_OUT)
- +#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,10,0)
- return par->state->out;
- +#else
- + return par->out;
- +#endif
- return *put = dev_get_by_name(&init_net, info->ifname);
- }
-
- diff --git a/extensions/xt_lscan.c b/extensions/xt_lscan.c
- index 060fe44..3a7d2ed 100644
- --- a/extensions/xt_lscan.c
- +++ b/extensions/xt_lscan.c
- @@ -204,7 +204,11 @@ lscan_mt(const struct sk_buff *skb, struct xt_action_param *par)
- unsigned int n;
-
- n = lscan_mt_full(ctdata->mark & connmark_mask, ctstate,
- +#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,10,0)
- par->state->in == init_net.loopback_dev, tcph,
- +#else
- + par->in == init_net.loopback_dev, tcph,
- +#endif
- skb->len - par->thoff - 4 * tcph->doff);
-
- ctdata->mark = (ctdata->mark & ~connmark_mask) | n;
- --
- 2.21.0
-
|