compat update: allow building from 2.6.18 onwards

2025-09-06 20:55:13 +02:00 · 2008-03-11 16:59:49 +01:00
parent 10e3d8fe0d
commit 5fd97e9973
10 changed files with 168 additions and 46 deletions
--- a/4
+++ b/4
@@ -12,9 +12,9 @@ in combination with the kernel's Kbuild system.
 Prerequirements
 ===============
-	* xtables(-devel) 1.5.0
+	* xtables(-devel) 1.5.2
-	* kernel-source >= 2.6.22 with prepared output directory
+	* kernel-source >= 2.6.18 with prepared build/output directory
 Selecting extensions
--- a/extensions/compat_skbuff.h
+++ b/extensions/compat_skbuff.h
@@ -0,0 +1,20 @@
 #ifndef COMPAT_SKBUFF_H
 #define COMPAT_SKBUFF_H 1
 #if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 19)
 #	define skb_nfmark(skb) (((struct sk_buff *)(skb))->nfmark)
 #else
 #	define skb_nfmark(skb) (((struct sk_buff *)(skb))->mark)
 #endif
 #if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 21)
 #	define ip_hdr(skb) ((skb)->nh.iph)
 #	define ip_hdrlen(skb) (ip_hdr(skb)->ihl * 4)
 #	define skb_network_header(skb) ((skb)->nh.raw)
 static inline void skb_reset_network_header(struct sk_buff *skb)
 {
 	skb->nh.raw = skb->data;
 }
 #endif
 #endif /* COMPAT_SKBUFF_H */
--- a/extensions/compat_xtables.c
+++ b/extensions/compat_xtables.c
@@ -1,3 +1,4 @@
 #include <linux/ip.h>
 #include <linux/kernel.h>
 #include <linux/list.h>
 #include <linux/slab.h>
@@ -8,9 +9,10 @@
 #include <linux/netfilter_arp.h>
 #include <net/ip.h>
 #include <net/route.h>
 #include "compat_skbuff.h"
 #include "compat_xtnu.h"
-#if LINUX_VERSION_CODE == KERNEL_VERSION(2, 6, 22)
+#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 22)
 static int xtnu_match_run(const struct sk_buff *skb,
    const struct net_device *in, const struct net_device *out,
    const struct xt_match *cm, const void *matchinfo, int offset,
@@ -26,9 +28,17 @@ static int xtnu_match_run(const struct sk_buff *skb,
 	*hotdrop = lo_drop;
 	return lo_ret;
 }
 #endif
 #if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 18)
 static int xtnu_match_check(const char *table, const void *entry,
    const struct xt_match *cm, void *matchinfo, unsigned int matchinfosize,
    unsigned int hook_mask)
 #elif LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 22)
 static int xtnu_match_check(const char *table, const void *entry,
    const struct xt_match *cm, void *matchinfo, unsigned int hook_mask)
 #endif
 #if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 22)
 {
 	struct xtnu_match *nm = xtcompat_numatch(cm);
@@ -38,15 +48,24 @@ static int xtnu_match_check(const char *table, const void *entry,
 		return true;
 	return nm->checkentry(table, entry, nm, matchinfo, hook_mask);
 }
 #endif
 #if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 18)
 static void xtnu_match_destroy(const struct xt_match *cm, void *matchinfo,
    unsigned int matchinfosize)
 #elif LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 22)
 static void xtnu_match_destroy(const struct xt_match *cm, void *matchinfo)
 #endif
 #if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 22)
 {
 	struct xtnu_match *nm = xtcompat_numatch(cm);
 	if (nm != NULL && nm->destroy != NULL)
 		nm->destroy(nm, matchinfo);
 }
 #endif
 #if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 22)
 int xtnu_register_match(struct xtnu_match *nt)
 {
 	struct xt_match *ct;
@@ -114,52 +133,65 @@ void xtnu_unregister_matches(struct xtnu_match *nt, unsigned int num)
 		xtnu_unregister_match(&nt[i]);
 }
 EXPORT_SYMBOL_GPL(xtnu_unregister_matches);
 static int xtnu_target_check(const char *table, const void *entry,
    const struct xt_target *ct, void *targinfo, unsigned int hook_mask)
 {
 	struct xtnu_target *nt = xtcompat_nutarget(ct);
 	if (nt == NULL)
 		return false;
 	if (nt->checkentry == NULL)
 		/* this is valid, just like if there was no function */
 		return true;
 	return nt->checkentry(table, entry, nt, targinfo, hook_mask);
 }
 #endif
-#if LINUX_VERSION_CODE == KERNEL_VERSION(2, 6, 23)
+#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 18)
-static bool xtnu_target_check(const char *table, const void *entry,
+static unsigned int xtnu_target_run(struct sk_buff **pskb,
-    const struct xt_target *ct, void *targinfo, unsigned int hook_mask)
+    const struct net_device *in, const struct net_device *out,
-{
+    unsigned int hooknum, const struct xt_target *ct, const void *targinfo,
-	struct xtnu_target *nt = xtcompat_nutarget(ct);
+    void *userdata)
-	if (nt == NULL)
+#elif LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 23)
 		return false;
 	if (nt->checkentry == NULL)
 		/* this is valid, just like if there was no function */
 		return true;
 	return nt->checkentry(table, entry, nt, targinfo, hook_mask);
 }
 #endif
 #if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 23)
 static unsigned int xtnu_target_run(struct sk_buff **pskb,
    const struct net_device *in, const struct net_device *out,
    unsigned int hooknum, const struct xt_target *ct, const void *targinfo)
 #endif
 #if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 23)
 {
 	struct xtnu_target *nt = xtcompat_nutarget(ct);
 	if (nt != NULL && nt->target != NULL)
 		return nt->target(*pskb, in, out, hooknum, nt, targinfo);
 	return XT_CONTINUE;
 }
 #endif
 #if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 18)
 static int xtnu_target_check(const char *table, const void *entry,
    const struct xt_target *ct, void *targinfo,
    unsigned int targinfosize, unsigned int hook_mask)
 #elif LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 22)
 static int xtnu_target_check(const char *table, const void *entry,
    const struct xt_target *ct, void *targinfo, unsigned int hook_mask)
 #elif LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 23)
 static bool xtnu_target_check(const char *table, const void *entry,
    const struct xt_target *ct, void *targinfo, unsigned int hook_mask)
 #endif
 #if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 23)
 {
 	struct xtnu_target *nt = xtcompat_nutarget(ct);
 	if (nt == NULL)
 		return false;
 	if (nt->checkentry == NULL)
 		/* this is valid, just like if there was no function */
 		return true;
 	return nt->checkentry(table, entry, nt, targinfo, hook_mask);
 }
 #endif
 #if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 18)
 static void xtnu_target_destroy(const struct xt_target *ct, void *targinfo,
    unsigned int targinfosize)
 #elif LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 23)
 static void xtnu_target_destroy(const struct xt_target *ct, void *targinfo)
 #endif
 #if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 23)
 {
 	struct xtnu_target *nt = xtcompat_nutarget(ct);
 	if (nt != NULL && nt->destroy != NULL)
 		nt->destroy(nt, targinfo);
 }
 #endif
 #if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 23)
 int xtnu_register_target(struct xtnu_target *nt)
 {
 	struct xt_target *ct;
@@ -233,9 +265,14 @@ struct xt_match *xtnu_request_find_match(unsigned int af, const char *name,
    uint8_t revision)
 {
 	static const char *const xt_prefix[] = {
 		[AF_UNSPEC] = "x",
 		[AF_INET]   = "ip",
 		[AF_INET6]  = "ip6",
 #ifdef AF_ARP
 		[AF_ARP]    = "arp",
 #elif defined(NF_ARP) && NF_ARP != AF_UNSPEC
 		[NF_ARP]    = "arp",
 #endif
 	};
 	struct xt_match *match;
@@ -251,7 +288,11 @@ EXPORT_SYMBOL_GPL(xtnu_request_find_match);
 #if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 23)
 int xtnu_ip_route_me_harder(struct sk_buff *skb, unsigned int addr_type)
 {
 #if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 18)
 	return ip_route_me_harder(&skb);
 #elif LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 23)
 	return ip_route_me_harder(&skb, addr_type);
 #endif
 }
 EXPORT_SYMBOL_GPL(xtnu_ip_route_me_harder);
 #endif
@@ -310,4 +351,19 @@ int xtnu_ip_route_output_key(void *net, struct rtable **rp, struct flowi *flp)
 EXPORT_SYMBOL_GPL(xtnu_ip_route_output_key);
 #endif
 #if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 19)
 int xtnu_neigh_hh_output(struct hh_cache *hh, struct sk_buff *skb)
 {
 	unsigned int hh_alen;
 	read_lock_bh(&hh->hh_lock);
 	hh_alen = HH_DATA_ALIGN(hh->hh_len);
 	memcpy(skb->data - hh_alen, hh->hh_data, hh_alen);
 	read_unlock_bh(&hh->hh_lock);
 	skb_push(skb, hh->hh_len);
 	return hh->hh_output(skb);
 }
 EXPORT_SYMBOL_GPL(xtnu_neigh_hh_output);
 #endif
 MODULE_LICENSE("GPL");
--- a/extensions/compat_xtables.h
+++ b/extensions/compat_xtables.h
@@ -2,10 +2,32 @@
 #define _XTABLES_COMPAT_H 1
 #include <linux/version.h>
 #include "compat_skbuff.h"
 #include "compat_xtnu.h"
-#if LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 22)
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 18)
-#	warning Kernels below 2.6.22 not supported anymore
+#	warning Kernels below 2.6.18 not supported.
 #endif
 #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
 #	if !defined(CONFIG_NF_CONNTRACK_MARK) || !defined(CONFIG_NF_CONNTRACK_SECMARK)
 #		warning You have CONFIG_NF_CONNTRACK enabled, but CONFIG_NF_CONNTRACK_MARK or CONFIG_NF_CONNTRACK_SECMARK are not (please enable).
 #	endif
 #	include <net/netfilter/nf_conntrack.h>
 #elif defined(CONFIG_IP_NF_CONNTRACK) || defined(CONFIG_IP_NF_CONNTRACK_MODULE)
 #	if !defined(CONFIG_IP_NF_CONNTRACK_MARK) || !defined(CONFIG_IP_NF_CONNTRACK_SECMARK)
 #		warning You have CONFIG_IP_NF_CONNTRACK enabled, but CONFIG_IP_NF_CONNTRACK_MARK or CONFIG_IP_NF_CONNTRACK_SECMARK are not (please enable).
 #	endif
 #	include <linux/netfilter_ipv4/ip_conntrack.h>
 #	define nf_conn ip_conntrack
 #	define nf_ct_get ip_conntrack_get
 #	define nf_conntrack_untracked ip_conntrack_untracked
 #else
 #	warning You need either CONFIG_NF_CONNTRACK or CONFIG_IP_NF_CONNTRACK.
 #endif
 #if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 19)
 #	define neigh_hh_output xtnu_neigh_hh_output
 #endif
 #if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 24)
@@ -26,7 +48,7 @@
 #	define init_net__loopback_dev init_net.loopback_dev
 #endif
-#if LINUX_VERSION_CODE == KERNEL_VERSION(2, 6, 22)
+#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 22)
 #	define xt_match              xtnu_match
 #	define xt_register_match     xtnu_register_match
 #	define xt_unregister_match   xtnu_unregister_match
--- a/extensions/compat_xtnu.h
+++ b/extensions/compat_xtnu.h
@@ -5,7 +5,13 @@
 #include <linux/netfilter/x_tables.h>
 #include <linux/spinlock.h>
 #if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 18)
 typedef _Bool bool;
 enum { false = 0, true = 1, };
 #endif
 struct flowi;
 struct hh_cache;
 struct module;
 struct net_device;
 struct rtable;
@@ -74,5 +80,6 @@ extern int xtnu_register_targets(struct xtnu_target *, unsigned int);
 extern void xtnu_unregister_targets(struct xtnu_target *, unsigned int);
 extern struct xt_match *xtnu_request_find_match(unsigned int,
 	const char *, uint8_t);
 extern int xtnu_neigh_hh_output(struct hh_cache *, struct sk_buff *);
 #endif /* _COMPAT_XTNU_H */
--- a/extensions/xt_CHAOS.c
+++ b/extensions/xt_CHAOS.c
@@ -53,7 +53,7 @@ static void xt_chaos_total(const struct xt_chaos_tginfo *info,
 	const int offset        = ntohs(iph->frag_off) & IP_OFFSET;
 	typeof(xt_tarpit) destiny;
 	bool ret;
-#if LINUX_VERSION_CODE == KERNEL_VERSION(2, 6, 22)
+#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 22)
 	int hotdrop = false;
 #else
 	bool hotdrop = false;
@@ -65,7 +65,9 @@ static void xt_chaos_total(const struct xt_chaos_tginfo *info,
 		return;
 	destiny = (info->variant == XTCHAOS_TARPIT) ? xt_tarpit : xt_delude;
-#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 23)
+#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 18)
 	destiny->target(&skb, in, out, hooknum, destiny, NULL, NULL);
 #elif LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 23)
 	destiny->target(&skb, in, out, hooknum, destiny, NULL);
 #else
 	destiny->target(skb, in, out, hooknum, destiny, NULL);
@@ -89,7 +91,10 @@ static unsigned int chaos_tg(struct sk_buff *skb, const struct net_device *in,
 	const struct iphdr *iph = ip_hdr(skb);
 	if ((unsigned int)net_random() <= reject_percentage)
-#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 23)
+#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 18)
 		return xt_reject->target(&skb, in, out, hooknum,
 		       target->__compat_target, &reject_params, NULL);
 #elif LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 23)
 		return xt_reject->target(&skb, in, out, hooknum,
 		       target->__compat_target, &reject_params);
 #else
--- a/extensions/xt_DELUDE.c
+++ b/extensions/xt_DELUDE.c
@@ -99,9 +99,15 @@ static void delude_send_reset(struct sk_buff *oldskb, unsigned int hook)
 		}
 	}
 #if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 20)
 	tcph->check = tcp_v4_check(tcph, sizeof(struct tcphdr), niph->saddr,
 	              niph->daddr, csum_partial((char *)tcph,
 	              sizeof(struct tcphdr), 0));
 #else
 	tcph->check = tcp_v4_check(sizeof(struct tcphdr), niph->saddr,
 	              niph->daddr, csum_partial((char *)tcph,
 	              sizeof(struct tcphdr), 0));
 #endif
 	addr_type = RTN_UNSPEC;
 #ifdef CONFIG_BRIDGE_NETFILTER
--- a/extensions/xt_LOGMARK.c
+++ b/extensions/xt_LOGMARK.c
@@ -11,8 +11,9 @@
 #include <linux/kernel.h>
 #include <linux/module.h>
 #include <linux/skbuff.h>
 #include <linux/netfilter/nf_conntrack_common.h>
 #include <linux/netfilter/x_tables.h>
-#include <net/netfilter/nf_conntrack.h>
+//#include <net/netfilter/nf_conntrack.h>
 #include "compat_xtables.h"
 #include "xt_LOGMARK.h"
@@ -27,7 +28,7 @@ logmark_tg(struct sk_buff *skb, const struct net_device *in,
 	printk("<%u>%.*s""nfmark=0x%x secmark=0x%x classify=0x%x",
 	       info->level, (unsigned int)sizeof(info->prefix), info->prefix,
-	       skb->mark, skb->secmark, skb->priority);
+	       skb_nfmark(skb), skb->secmark, skb->priority);
 	ct = nf_ct_get(skb, &ctinfo);
 	if (ct == NULL) {
--- a/extensions/xt_TARPIT.c
+++ b/extensions/xt_TARPIT.c
@@ -90,7 +90,7 @@ static inline void tarpit_tcp(struct sk_buff *oldskb, unsigned int hook)
 	/* This packet will not be the same as the other: clear nf fields */
 	nf_reset(nskb);
-	nskb->mark = 0;
+	skb_nfmark(nskb) = 0;
 	skb_init_secmark(nskb);
 	skb_shinfo(nskb)->gso_size = 0;
@@ -132,9 +132,15 @@ static inline void tarpit_tcp(struct sk_buff *oldskb, unsigned int hook)
 	/* Adjust TCP checksum */
 	tcph->check = 0;
 #if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 20)
 	tcph->check = tcp_v4_check(tcph, sizeof(struct tcphdr), niph->saddr,
 	              niph->daddr, csum_partial((char *)tcph,
 	              sizeof(struct tcphdr), 0));
 #else
 	tcph->check = tcp_v4_check(sizeof(struct tcphdr), niph->saddr,
 	              niph->daddr, csum_partial((char *)tcph,
 	              sizeof(struct tcphdr), 0));
 #endif
 	/* Set DF, id = 0 */
 	niph->frag_off = htons(IP_DF);
--- a/extensions/xt_portscan.c
+++ b/extensions/xt_portscan.c
@@ -17,7 +17,7 @@
 #include <linux/version.h>
 #include <linux/netfilter/x_tables.h>
 #include <linux/netfilter/xt_tcpudp.h>
-#include <net/netfilter/nf_nat_rule.h>
+//#include <net/netfilter/nf_conntrack.h>
 #include "xt_portscan.h"
 #include "compat_xtables.h"
 #define PFX KBUILD_MODNAME ": "
@@ -203,7 +203,7 @@ static bool portscan_mt(const struct sk_buff *skb,
 	 * it either when the connection is already VALID.
 	 */
 	if ((ctdata->mark & connmark_mask) == mark_valid ||
-	     (skb->mark & packet_mask) != mark_seen) {
+	     (skb_nfmark(skb) & packet_mask) != mark_seen) {
 		unsigned int n;
 		n = portscan_mt_full(ctdata->mark & connmark_mask, ctstate,
@@ -211,8 +211,7 @@ static bool portscan_mt(const struct sk_buff *skb,
 		    skb->len - protoff - 4 * tcph->doff);
 		ctdata->mark = (ctdata->mark & ~connmark_mask) | n;
-		((struct sk_buff *)skb)->mark =
+		skb_nfmark(skb) = (skb_nfmark(skb) & ~packet_mask) ^ mark_seen;
 			(skb->mark & ~packet_mask) ^ mark_seen;
 	}
 	return (info->match_syn && ctdata->mark == mark_synscan) ||