From 0021003dc780554e2e5c31b3505ce4a412892358 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Thu, 19 Nov 2020 12:52:57 +0100 Subject: [PATCH] extensions: abolish NIPQUAD/NIP6 Support for Linux 2.6.28 is long gone. --- extensions/ACCOUNT/xt_ACCOUNT.c | 39 ++++++++++++---------------- extensions/compat_xtables.h | 20 --------------- extensions/pknock/xt_pknock.c | 7 ++--- extensions/xt_DNETMAP.c | 45 ++++++++++++++++----------------- extensions/xt_SYSRQ.c | 15 +++++------ extensions/xt_ipp2p.c | 14 +++++++--- 6 files changed, 56 insertions(+), 84 deletions(-) diff --git a/extensions/ACCOUNT/xt_ACCOUNT.c b/extensions/ACCOUNT/xt_ACCOUNT.c index 7f4da85..7155509 100644 --- a/extensions/ACCOUNT/xt_ACCOUNT.c +++ b/extensions/ACCOUNT/xt_ACCOUNT.c @@ -187,24 +187,22 @@ static int ipt_acc_table_insert(struct ipt_acc_table *ipt_acc_tables, { unsigned int i; - pr_debug("ACCOUNT: ipt_acc_table_insert: %s, %u.%u.%u.%u/%u.%u.%u.%u\n", - name, NIPQUAD(ip), NIPQUAD(netmask)); + pr_debug("ACCOUNT: ipt_acc_table_insert: %s, %pI4/%pI4\n", + name, &ip, &netmask); /* Look for existing table */ for (i = 0; i < max_tables_limit; i++) { if (strncmp(ipt_acc_tables[i].name, name, ACCOUNT_TABLE_NAME_LEN) == 0) { - pr_debug("ACCOUNT: Found existing slot: %d - " - "%u.%u.%u.%u/%u.%u.%u.%u\n", i, - NIPQUAD(ipt_acc_tables[i].ip), - NIPQUAD(ipt_acc_tables[i].netmask)); + pr_debug("ACCOUNT: Found existing slot: %d - %pI4/%pI4\n", + i, &ipt_acc_tables[i].ip, &ipt_acc_tables[i].netmask); if (ipt_acc_tables[i].ip != ip || ipt_acc_tables[i].netmask != netmask) { printk("ACCOUNT: Table %s found, but IP/netmask mismatch. " - "IP/netmask found: %u.%u.%u.%u/%u.%u.%u.%u\n", - name, NIPQUAD(ipt_acc_tables[i].ip), - NIPQUAD(ipt_acc_tables[i].netmask)); + "IP/netmask found: %pI4/%pI4\n", + name, &ipt_acc_tables[i].ip, + &ipt_acc_tables[i].netmask); return -1; } @@ -343,9 +341,8 @@ static void ipt_acc_depth0_insert(struct ipt_acc_mask_24 *mask_24, /* Check if this entry is new */ bool is_src_new_ip = false, is_dst_new_ip = false; - pr_debug("ACCOUNT: ipt_acc_depth0_insert: %u.%u.%u.%u/%u.%u.%u.%u " - "for net %u.%u.%u.%u/%u.%u.%u.%u, size: %u\n", NIPQUAD(src_ip), - NIPQUAD(dst_ip), NIPQUAD(net_ip), NIPQUAD(netmask), size); + pr_debug("ACCOUNT: ipt_acc_depth0_insert: %pI4/%pI4 for net %pI4/%pI4," + " size: %u\n", &src_ip, &dst_ip, &net_ip, &netmask, size); /* Check if src/dst is inside our network. */ /* Special: net_ip = 0.0.0.0/0 gets stored as src in slot 0 */ @@ -357,9 +354,8 @@ static void ipt_acc_depth0_insert(struct ipt_acc_mask_24 *mask_24, is_dst = true; if (!is_src && !is_dst) { - pr_debug("ACCOUNT: Skipping packet %u.%u.%u.%u/%u.%u.%u.%u " - "for net %u.%u.%u.%u/%u.%u.%u.%u\n", NIPQUAD(src_ip), - NIPQUAD(dst_ip), NIPQUAD(net_ip), NIPQUAD(netmask)); + pr_debug("ACCOUNT: Skipping packet %pI4/%pI4 for net %pI4/%pI4\n", + &src_ip, &dst_ip, &net_ip, &netmask); return; } @@ -398,11 +394,11 @@ static void ipt_acc_depth0_insert(struct ipt_acc_mask_24 *mask_24, } } else { if (is_src_new_ip) { - pr_debug("ACCOUNT: New src_ip: %u.%u.%u.%u\n", NIPQUAD(src_ip)); + pr_debug("ACCOUNT: New src_ip: %pI4\n", &src_ip); ++*itemcount; } if (is_dst_new_ip) { - pr_debug("ACCOUNT: New dst_ip: %u.%u.%u.%u\n", NIPQUAD(dst_ip)); + pr_debug("ACCOUNT: New dst_ip: %pI4\n", &dst_ip); ++*itemcount; } } @@ -501,8 +497,7 @@ ipt_acc_target(struct sk_buff *skb, const struct xt_action_param *par) if (ipt_acc_tables[info->table_nr].name[0] == 0) { printk("ACCOUNT: ipt_acc_target: Invalid table id %u. " - "IPs %u.%u.%u.%u/%u.%u.%u.%u\n", info->table_nr, - NIPQUAD(src_ip), NIPQUAD(dst_ip)); + "IPs %pI4/%pI4\n", info->table_nr, &src_ip, &dst_ip); spin_unlock_bh(&ian->ipt_acc_lock); return XT_CONTINUE; } @@ -541,10 +536,8 @@ ipt_acc_target(struct sk_buff *skb, const struct xt_action_param *par) return XT_CONTINUE; } - printk("ACCOUNT: ipt_acc_target: Unable to process packet. " - "Table id %u. IPs %u.%u.%u.%u/%u.%u.%u.%u\n", - info->table_nr, NIPQUAD(src_ip), NIPQUAD(dst_ip)); - + printk("ACCOUNT: ipt_acc_target: Unable to process packet. Table id " + "%u. IPs %pI4/%pI4\n", info->table_nr, &src_ip, &dst_ip); spin_unlock_bh(&ian->ipt_acc_lock); return XT_CONTINUE; } diff --git a/extensions/compat_xtables.h b/extensions/compat_xtables.h index ee0caa0..4afef3a 100644 --- a/extensions/compat_xtables.h +++ b/extensions/compat_xtables.h @@ -21,26 +21,6 @@ # warning You need CONFIG_NF_CONNTRACK. #endif -#if !defined(NIP6) && !defined(NIP6_FMT) -# define NIP6(addr) \ - ntohs((addr).s6_addr16[0]), \ - ntohs((addr).s6_addr16[1]), \ - ntohs((addr).s6_addr16[2]), \ - ntohs((addr).s6_addr16[3]), \ - ntohs((addr).s6_addr16[4]), \ - ntohs((addr).s6_addr16[5]), \ - ntohs((addr).s6_addr16[6]), \ - ntohs((addr).s6_addr16[7]) -# define NIP6_FMT "%04hx:%04hx:%04hx:%04hx:%04hx:%04hx:%04hx:%04hx" -#endif -#if !defined(NIPQUAD) && !defined(NIPQUAD_FMT) -# define NIPQUAD(addr) \ - ((const unsigned char *)&addr)[0], \ - ((const unsigned char *)&addr)[1], \ - ((const unsigned char *)&addr)[2], \ - ((const unsigned char *)&addr)[3] -# define NIPQUAD_FMT "%hhu.%hhu.%hhu.%hhu" -#endif #if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 10, 0) || \ LINUX_VERSION_CODE >= KERNEL_VERSION(5, 9, 9) && LINUX_VERSION_CODE < KERNEL_VERSION(5, 10, 0) #else diff --git a/extensions/pknock/xt_pknock.c b/extensions/pknock/xt_pknock.c index 4d1982e..c8e41ae 100644 --- a/extensions/pknock/xt_pknock.c +++ b/extensions/pknock/xt_pknock.c @@ -90,9 +90,7 @@ enum { #define hashtable_for_each_safe(pos, n, head, size, i) \ for ((i) = 0; (i) < (size); ++(i)) \ list_for_each_safe((pos), (n), (&head[(i)])) -#define pk_debug(msg, peer) pr_debug( \ - "(S) peer: " NIPQUAD_FMT " - %s.\n", \ - NIPQUAD((peer)->ip), msg) +#define pk_debug(msg, peer) pr_debug("(S) peer: %pI4 - %s.\n", &((peer)->ip), msg) static uint32_t ipt_pknock_hash_rnd; static unsigned int rule_hashsize = DEFAULT_RULE_HASH_SIZE; @@ -234,8 +232,7 @@ pknock_seq_show(struct seq_file *s, void *v) list_for_each_safe(pos, n, peer_head) { peer = list_entry(pos, struct peer, head); - - seq_printf(s, "src=" NIPQUAD_FMT " ", NIPQUAD(peer->ip)); + seq_printf(s, "src=%pI4 ", &peer->ip); seq_printf(s, "proto=%s ", (peer->proto == IPPROTO_TCP) ? "TCP" : "UDP"); seq_printf(s, "status=%s ", status_itoa(peer->status)); diff --git a/extensions/xt_DNETMAP.c b/extensions/xt_DNETMAP.c index 4d34cc6..8cf452e 100644 --- a/extensions/xt_DNETMAP.c +++ b/extensions/xt_DNETMAP.c @@ -293,12 +293,12 @@ static int dnetmap_tg_check(const struct xt_tgchk_param *par) ip_min = ntohl(mr->min_addr.ip) + (whole_prefix == 0); ip_max = ntohl(mr->max_addr.ip) - (whole_prefix == 0); - sprintf(p->prefix_str, NIPQUAD_FMT "/%u", NIPQUAD(mr->min_addr.ip), + sprintf(p->prefix_str, "%pI4/%u", &mr->min_addr.ip, 33 - ffs(~(ip_min ^ ip_max))); #ifdef CONFIG_PROC_FS - sprintf(p->proc_str_data, NIPQUAD_FMT "_%u", NIPQUAD(mr->min_addr.ip), + sprintf(p->proc_str_data, "%pI4_%u", &mr->min_addr.ip, 33 - ffs(~(ip_min ^ ip_max))); - sprintf(p->proc_str_stat, NIPQUAD_FMT "_%u_stat", NIPQUAD(mr->min_addr.ip), + sprintf(p->proc_str_stat, "%pI4_%u_stat", &mr->min_addr.ip, 33 - ffs(~(ip_min ^ ip_max))); #endif printk(KERN_INFO KBUILD_MODNAME ": new prefix %s\n", p->prefix_str); @@ -429,8 +429,8 @@ bind_new_prefix: if (e->prenat_addr != 0 && time_before(jiffies, e->stamp)) { if (!disable_log && ! (p->flags & XT_DNETMAP_FULL) ){ printk(KERN_INFO KBUILD_MODNAME - ": ip " NIPQUAD_FMT " - no free adresses in prefix %s\n", - NIPQUAD(prenat_ip), p->prefix_str); + ": ip %pI4 - no free adresses in prefix %s\n", + &prenat_ip, p->prefix_str); p->flags |= XT_DNETMAP_FULL; } goto no_free_ip; @@ -443,8 +443,8 @@ bind_new_prefix: prenat_ip_prev = e->prenat_addr; if (!disable_log) printk(KERN_INFO KBUILD_MODNAME - ": timeout binding " NIPQUAD_FMT " -> " NIPQUAD_FMT "\n", - NIPQUAD(prenat_ip_prev), NIPQUAD(postnat_ip) ); + ": timeout binding %pI4 -> %pI4\n", + &prenat_ip_prev, &postnat_ip); list_del(&e->glist); list_del(&e->grlist); } @@ -461,18 +461,16 @@ bind_new_prefix: (postnat_ip)]); if (!disable_log) printk(KERN_INFO KBUILD_MODNAME - ": add binding " NIPQUAD_FMT " -> " NIPQUAD_FMT "\n", - NIPQUAD(prenat_ip),NIPQUAD(postnat_ip)); - + ": add binding %pI4 -> %pI4\n", + &prenat_ip, &postnat_ip); } else { if (!(tginfo->flags & XT_DNETMAP_REUSE) && !(e->flags & XT_DNETMAP_STATIC)) if (time_before(e->stamp, jiffies) && p != e->prefix) { if (!disable_log) printk(KERN_INFO KBUILD_MODNAME - ": timeout binding " NIPQUAD_FMT " -> " NIPQUAD_FMT "\n", - NIPQUAD(e->prenat_addr), - NIPQUAD(e->postnat_addr)); + ": timeout binding %pI4 -> %pI4\n", + &e->prenat_addr, &e->postnat_addr); list_del(&e->glist); list_del(&e->grlist); e->prenat_addr = 0; @@ -571,12 +569,13 @@ static int dnetmap_seq_show(struct seq_file *seq, void *v) const struct dnetmap_entry *e = v; if((e->flags & XT_DNETMAP_STATIC) == 0){ - seq_printf(seq, NIPQUAD_FMT " -> " NIPQUAD_FMT " --- ttl: %d lasthit: %lu\n", - NIPQUAD(e->prenat_addr), NIPQUAD(e->postnat_addr), - (int)(e->stamp - jiffies) / HZ, (e->stamp - jtimeout) / HZ); + seq_printf(seq, "%pI4 -> %pI4 --- ttl: %d lasthit: %lu\n", + &e->prenat_addr, &e->postnat_addr, + (int)(e->stamp - jiffies) / HZ, + (e->stamp - jtimeout) / HZ); }else{ - seq_printf(seq, NIPQUAD_FMT " -> " NIPQUAD_FMT " --- ttl: S lasthit: S\n", - NIPQUAD(e->prenat_addr), NIPQUAD(e->postnat_addr)); + seq_printf(seq, "%pI4 -> %pI4 --- ttl: S lasthit: S\n", + &e->prenat_addr, &e->postnat_addr); } return 0; } @@ -698,8 +697,8 @@ dnetmap_tg_proc_write(struct file *file, const char __user *input,size_t size, l if(e != NULL){ if (!disable_log) printk(KERN_INFO KBUILD_MODNAME - ": timeout binding " NIPQUAD_FMT " -> " NIPQUAD_FMT "\n", - NIPQUAD(e->prenat_addr), NIPQUAD(e->postnat_addr) ); + ": timeout binding %pI4 -> %pI4\n", + &e->prenat_addr, &e->postnat_addr); list_del(&e->glist); list_del(&e->grlist); }else{ @@ -721,7 +720,7 @@ dnetmap_tg_proc_write(struct file *file, const char __user *input,size_t size, l (e->postnat_addr)]); list_del(&e->lru_list); - sprintf(str, NIPQUAD_FMT ":" NIPQUAD_FMT, NIPQUAD(addr1),NIPQUAD(addr2)); + sprintf(str, "%pI4:%pI4", &addr1, &addr2); printk(KERN_INFO KBUILD_MODNAME ": adding static binding %s\n", str); // case of removing binding @@ -737,8 +736,8 @@ dnetmap_tg_proc_write(struct file *file, const char __user *input,size_t size, l if(e != NULL){ if (!disable_log) printk(KERN_INFO KBUILD_MODNAME - ": remove binding " NIPQUAD_FMT " -> " NIPQUAD_FMT "\n", - NIPQUAD(e->prenat_addr), NIPQUAD(e->postnat_addr) ); + ": remove binding %pI4 -> %pI4\n", + &e->prenat_addr, &e->postnat_addr); list_del(&e->glist); list_del(&e->grlist); if(e->flags & XT_DNETMAP_STATIC){ diff --git a/extensions/xt_SYSRQ.c b/extensions/xt_SYSRQ.c index 183692f..6461e6d 100644 --- a/extensions/xt_SYSRQ.c +++ b/extensions/xt_SYSRQ.c @@ -204,12 +204,11 @@ sysrq_tg4(struct sk_buff *skb, const struct xt_action_param *par) if (sysrq_debug) printk(KERN_INFO KBUILD_MODNAME - ": " NIPQUAD_FMT ":%u -> :%u len=%u\n", - NIPQUAD(iph->saddr), htons(udph->source), + ": %pI4:%hu -> :%hu len=%u\n", + &iph->saddr, htons(udph->source), htons(udph->dest), len); #ifdef WITH_CRYPTO - sprintf(sysrq_digest_password, NIPQUAD_FMT ",%s", - NIPQUAD(iph->daddr), sysrq_password); + sprintf(sysrq_digest_password, "%pI4,%s", &iph->daddr, sysrq_password); #endif return sysrq_tg((void *)udph + sizeof(struct udphdr), len); } @@ -238,13 +237,11 @@ sysrq_tg6(struct sk_buff *skb, const struct xt_action_param *par) len = ntohs(udph->len) - sizeof(struct udphdr); if (sysrq_debug) - printk(KERN_INFO KBUILD_MODNAME - ": " NIP6_FMT ":%hu -> :%hu len=%u\n", - NIP6(iph->saddr), ntohs(udph->source), + printk(KERN_INFO KBUILD_MODNAME ": %pI6:%hu -> :%hu len=%u\n", + &iph->saddr, ntohs(udph->source), ntohs(udph->dest), len); #ifdef WITH_CRYPTO - sprintf(sysrq_digest_password, NIP6_FMT ",%s", - NIP6(iph->daddr), sysrq_password); + sprintf(sysrq_digest_password, "%pI6,%s", &iph->daddr, sysrq_password); #endif return sysrq_tg((void *)udph + sizeof(struct udphdr), len); } diff --git a/extensions/xt_ipp2p.c b/extensions/xt_ipp2p.c index 42c8314..8fb1b79 100644 --- a/extensions/xt_ipp2p.c +++ b/extensions/xt_ipp2p.c @@ -857,8 +857,11 @@ ipp2p_mt(const struct sk_buff *skb, struct xt_action_param *par) p2p_result = matchlist[i].function_name(haystack, hlen); if (p2p_result) { if (info->debug) - printk("IPP2P.debug:TCP-match: %i from: %u.%u.%u.%u:%i to: %u.%u.%u.%u:%i Length: %i\n", - p2p_result, NIPQUAD(ip->saddr),ntohs(tcph->source), NIPQUAD(ip->daddr),ntohs(tcph->dest),hlen); + printk("IPP2P.debug:TCP-match: %d from: %pI4:%hu to: %pI4:%hu Length: %d\n", + p2p_result, &ip->saddr, + ntohs(tcph->source), + &ip->daddr, + ntohs(tcph->dest), hlen); return p2p_result; } } @@ -888,8 +891,11 @@ ipp2p_mt(const struct sk_buff *skb, struct xt_action_param *par) p2p_result = udp_list[i].function_name(haystack, hlen); if (p2p_result) { if (info->debug) - printk("IPP2P.debug:UDP-match: %i from: %u.%u.%u.%u:%i to: %u.%u.%u.%u:%i Length: %i\n", - p2p_result, NIPQUAD(ip->saddr), ntohs(udph->source), NIPQUAD(ip->daddr), ntohs(udph->dest), hlen); + printk("IPP2P.debug:UDP-match: %d from: %pI4:%hu to: %pI4:%hu Length: %d\n", + p2p_result, &ip->saddr, + ntohs(udph->source), + &ip->daddr, + ntohs(udph->dest), hlen); return p2p_result; } }