diff --git a/doc/changelog.txt b/doc/changelog.txt index c1cca53..fe69305 100644 --- a/doc/changelog.txt +++ b/doc/changelog.txt @@ -1,6 +1,8 @@ HEAD ==== +Enhancements: +- Support for Linux 4.4 Fixes: - xt_ACCOUNT: call free_page with the right amount of pages diff --git a/extensions/compat_xtables.h b/extensions/compat_xtables.h index 9009eeb..a6c61ac 100644 --- a/extensions/compat_xtables.h +++ b/extensions/compat_xtables.h @@ -73,4 +73,20 @@ static inline void proc_remove(struct proc_dir_entry *de) } #endif +#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 4, 0) +# define ip6_local_out(xnet, xsk, xskb) ip6_local_out(xskb) +# define ip6_route_me_harder(xnet, xskb) ip6_route_me_harder(xskb) +# define ip_local_out(xnet, xsk, xskb) ip_local_out(xskb) +# define ip_route_me_harder(xnet, xskb, xaddrtype) ip_route_me_harder((xskb), (xaddrtype)) +#endif + +static inline struct net *par_net(const struct xt_action_param *par) +{ +#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 4, 0) + return par->net; +#else + return dev_net((par->in != NULL) ? par->in : par->out); +#endif +} + #endif /* _XTABLES_COMPAT_H */ diff --git a/extensions/xt_DELUDE.c b/extensions/xt_DELUDE.c index 1568252..aff281f 100644 --- a/extensions/xt_DELUDE.c +++ b/extensions/xt_DELUDE.c @@ -25,7 +25,8 @@ #include "compat_xtables.h" #define PFX KBUILD_MODNAME ": " -static void delude_send_reset(struct sk_buff *oldskb, unsigned int hook) +static void delude_send_reset(struct net *net, struct sk_buff *oldskb, + unsigned int hook) { struct tcphdr _otcph, *tcph; const struct tcphdr *oth; @@ -121,7 +122,7 @@ static void delude_send_reset(struct sk_buff *oldskb, unsigned int hook) /* ip_route_me_harder expects skb->dst to be set */ skb_dst_set(nskb, dst_clone(skb_dst(oldskb))); - if (ip_route_me_harder(nskb, addr_type)) + if (ip_route_me_harder(net, nskb, addr_type)) goto free_nskb; else niph = ip_hdr(nskb); @@ -135,7 +136,7 @@ static void delude_send_reset(struct sk_buff *oldskb, unsigned int hook) nf_ct_attach(nskb, oldskb); - ip_local_out(nskb); + ip_local_out(net, nskb->sk, nskb); return; free_nskb: @@ -150,7 +151,7 @@ delude_tg(struct sk_buff *skb, const struct xt_action_param *par) * a problem, as that is supported since Linux 2.6.35. But since we do not * actually want to have a connection open, we are still going to drop it. */ - delude_send_reset(skb, par->hooknum); + delude_send_reset(par_net(par), skb, par->hooknum); return NF_DROP; } diff --git a/extensions/xt_ECHO.c b/extensions/xt_ECHO.c index c5b529c..f6d2c69 100644 --- a/extensions/xt_ECHO.c +++ b/extensions/xt_ECHO.c @@ -112,7 +112,7 @@ echo_tg6(struct sk_buff *oldskb, const struct xt_action_param *par) goto free_nskb; nf_ct_attach(newskb, oldskb); - ip6_local_out(newskb); + ip6_local_out(par_net(par), newskb->sk, newskb); return NF_DROP; free_nskb: @@ -190,7 +190,7 @@ echo_tg4(struct sk_buff *oldskb, const struct xt_action_param *par) /* ip_route_me_harder expects the skb's dst to be set */ skb_dst_set(newskb, dst_clone(skb_dst(oldskb))); - if (ip_route_me_harder(newskb, RTN_UNSPEC) != 0) + if (ip_route_me_harder(par_net(par), newskb, RTN_UNSPEC) != 0) goto free_nskb; newip->ttl = ip4_dst_hoplimit(skb_dst(newskb)); @@ -201,7 +201,7 @@ echo_tg4(struct sk_buff *oldskb, const struct xt_action_param *par) goto free_nskb; nf_ct_attach(newskb, oldskb); - ip_local_out(newskb); + ip_local_out(par_net(par), newskb->sk, newskb); return NF_DROP; free_nskb: diff --git a/extensions/xt_TARPIT.c b/extensions/xt_TARPIT.c index 67986ad..95faba0 100644 --- a/extensions/xt_TARPIT.c +++ b/extensions/xt_TARPIT.c @@ -170,8 +170,8 @@ static bool tarpit_generic(struct tcphdr *tcph, const struct tcphdr *oth, return true; } -static void tarpit_tcp4(struct sk_buff *oldskb, unsigned int hook, - unsigned int mode) +static void tarpit_tcp4(struct net *net, struct sk_buff *oldskb, + unsigned int hook, unsigned int mode) { struct tcphdr _otcph, *tcph; const struct tcphdr *oth; @@ -261,7 +261,7 @@ static void tarpit_tcp4(struct sk_buff *oldskb, unsigned int hook, #endif addr_type = RTN_LOCAL; - if (ip_route_me_harder(nskb, addr_type)) + if (ip_route_me_harder(net, nskb, addr_type)) goto free_nskb; else niph = ip_hdr(nskb); @@ -284,8 +284,11 @@ static void tarpit_tcp4(struct sk_buff *oldskb, unsigned int hook, nf_ct_attach(nskb, oldskb); -#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 1, 0) - NF_HOOK(NFPROTO_IPV4, NF_INET_LOCAL_OUT, NULL, nskb, NULL, +#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 4, 0) + NF_HOOK(NFPROTO_IPV4, NF_INET_LOCAL_OUT, net, nskb->sk, nskb, NULL, + skb_dst(nskb)->dev, dst_output); +#elif LINUX_VERSION_CODE >= KERNEL_VERSION(4, 1, 0) + NF_HOOK(NFPROTO_IPV4, NF_INET_LOCAL_OUT, nskb->sk, nskb, NULL, skb_dst(nskb)->dev, dst_output_sk); #else NF_HOOK(NFPROTO_IPV4, NF_INET_LOCAL_OUT, nskb, NULL, @@ -298,8 +301,8 @@ static void tarpit_tcp4(struct sk_buff *oldskb, unsigned int hook, } #ifdef WITH_IPV6 -static void tarpit_tcp6(struct sk_buff *oldskb, unsigned int hook, - unsigned int mode) +static void tarpit_tcp6(struct net *net, struct sk_buff *oldskb, + unsigned int hook, unsigned int mode) { struct sk_buff *nskb; struct tcphdr *tcph, oth; @@ -397,15 +400,18 @@ static void tarpit_tcp6(struct sk_buff *oldskb, unsigned int hook, IPPROTO_TCP, csum_partial(tcph, sizeof(struct tcphdr), 0)); - if (ip6_route_me_harder(nskb)) + if (ip6_route_me_harder(net, nskb)) goto free_nskb; nskb->ip_summed = CHECKSUM_NONE; nf_ct_attach(nskb, oldskb); -#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 1, 0) - NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, NULL, nskb, NULL, +#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 4, 0) + NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, net, nskb->sk, nskb, NULL, + skb_dst(nskb)->dev, dst_output); +#elif LINUX_VERSION_CODE >= KERNEL_VERSION(4, 1, 0) + NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, nskb->sk, nskb, NULL, skb_dst(nskb)->dev, dst_output_sk); #else NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, nskb, NULL, @@ -449,7 +455,7 @@ tarpit_tg4(struct sk_buff *skb, const struct xt_action_param *par) if (iph->frag_off & htons(IP_OFFSET)) return NF_DROP; - tarpit_tcp4(skb, par->hooknum, info->variant); + tarpit_tcp4(par_net(par), skb, par->hooknum, info->variant); return NF_DROP; } @@ -491,7 +497,7 @@ tarpit_tg6(struct sk_buff *skb, const struct xt_action_param *par) return NF_DROP; } - tarpit_tcp6(skb, par->hooknum, info->variant); + tarpit_tcp6(par_net(par), skb, par->hooknum, info->variant); return NF_DROP; } #endif