build: support for Linux 3.3

2025-09-05 20:26:38 +02:00 · 2012-04-05 04:39:25 +02:00
parent f830dbd34e
commit 7ee9feb20e
9 changed files with 76 additions and 322 deletions
--- a/configure.ac
+++ b/configure.ac
@@ -63,7 +63,7 @@ if test -n "$kbuilddir"; then
 		echo "WARNING: Version detection did not succeed. Continue at own luck.";
 	else
 		echo "$kmajor.$kminor.$kmicro.$kstable in $kbuilddir";
-		if test "$kmajor" -gt 3 -o "$kmajor" -eq 3 -a "$kminor" -gt 2; then
+		if test "$kmajor" -gt 3 -o "$kmajor" -eq 3 -a "$kminor" -gt 3; then
 			echo "WARNING: You are trying a newer kernel. Results may vary. :-)";
 		elif test "$kmajor" -eq 3; then
 			:;
--- a/doc/changelog.txt
+++ b/doc/changelog.txt
@@ -5,6 +5,8 @@ Fixes:
 - compat_xtables: fixed mistranslation of checkentry return values
  (affected kernels < 2.6.23)
 - xt_SYSRQ: fix compile error when crypto is turned off
+Enhancements:
+- Support for Linux 3.3


 v1.41 (2012-01-04)
--- a/extensions/libxt_DNETMAP.c
+++ b/extensions/libxt_DNETMAP.c
@@ -11,7 +11,7 @@
 #include <stdlib.h>
 #include <getopt.h>
 #include <xtables.h>
-#include <net/netfilter/nf_nat.h>
+#include <linux/netfilter/nf_nat.h>
 #include "xt_DNETMAP.h"

 #define MODULENAME "DNETMAP"
@@ -65,7 +65,7 @@ static int netmask2bits(u_int32_t netmask)
 static void DNETMAP_init(struct xt_entry_target *t)
 {
 	struct xt_DNETMAP_tginfo *tginfo = (void *)&t->data;
-	struct nf_nat_multi_range *mr = &tginfo->prefix;
+	struct nf_nat_ipv4_multi_range_compat *mr = &tginfo->prefix;

 	/* Actually, it's 0, but it's ignored at the moment. */
 	mr->rangesize = 1;
@@ -74,14 +74,14 @@ static void DNETMAP_init(struct xt_entry_target *t)
 }

 /* Parses network address */
-static void parse_prefix(char *arg, struct nf_nat_range *range)
+static void parse_prefix(char *arg, struct nf_nat_ipv4_range *range)
 {
 	char *slash;
 	const struct in_addr *ip;
 	u_int32_t netmask;
 	unsigned int bits;

-	range->flags |= IP_NAT_RANGE_MAP_IPS;
+	range->flags |= NF_NAT_RANGE_MAP_IPS;
 	slash = strchr(arg, '/');
 	if (slash)
 		*slash = '\0';
@@ -129,7 +129,7 @@ static int DNETMAP_parse(int c, char **argv, int invert, unsigned int *flags,
 			 const void *entry, struct xt_entry_target **target)
 {
 	struct xt_DNETMAP_tginfo *tginfo = (void *)(*target)->data;
-	struct nf_nat_multi_range *mr = &tginfo->prefix;
+	struct nf_nat_ipv4_multi_range_compat *mr = &tginfo->prefix;
 	char *end;

 	switch (c) {
@@ -171,8 +171,8 @@ static void DNETMAP_print_addr(const void *ip,
 			       int numeric)
 {
 	struct xt_DNETMAP_tginfo *tginfo = (void *)&target->data;
-	const struct nf_nat_multi_range *mr = &tginfo->prefix;
-	const struct nf_nat_range *r = &mr->range[0];
+	const struct nf_nat_ipv4_multi_range_compat *mr = &tginfo->prefix;
+	const struct nf_nat_ipv4_range *r = &mr->range[0];
 	struct in_addr a;
 	int bits;

--- a/extensions/xt_DNETMAP.h
+++ b/extensions/xt_DNETMAP.h
@@ -8,11 +8,7 @@ enum {
 };

 struct xt_DNETMAP_tginfo {
-#ifdef __KERNEL__
 	struct nf_nat_ipv4_multi_range_compat prefix;
-#else
-	struct nf_nat_multi_range_compat prefix;
-#endif
 	__u8 flags;
 	__s16 ttl;
 };
--- a/extensions/xt_ECHO.c
+++ b/extensions/xt_ECHO.c
@@ -92,8 +92,8 @@ echo_tg6(struct sk_buff **poldskb, const struct xt_action_param *par)

 	memset(&fl, 0, sizeof(fl));
 	fl.flowi6_proto = newip->nexthdr;
-	ipv6_addr_copy(&fl.saddr, &newip->saddr);
-	ipv6_addr_copy(&fl.daddr, &newip->daddr);
+	memcpy(&fl.saddr, &newip->saddr, sizeof(fl.saddr));
+	memcpy(&fl.daddr, &newip->daddr, sizeof(fl.daddr));
 	fl.fl6_sport = newudp->source;
 	fl.fl6_dport = newudp->dest;
 	security_skb_classify_flow((struct sk_buff *)oldskb, flowi6_to_flowi(&fl));
--- a/include/linux/netfilter/nf_conntrack_tuple_common.h
+++ b/include/linux/netfilter/nf_conntrack_tuple_common.h
@@ -0,0 +1,39 @@
+#ifndef _NF_CONNTRACK_TUPLE_COMMON_H
+#define _NF_CONNTRACK_TUPLE_COMMON_H
+
+enum ip_conntrack_dir {
+	IP_CT_DIR_ORIGINAL,
+	IP_CT_DIR_REPLY,
+	IP_CT_DIR_MAX
+};
+
+/* The protocol-specific manipulable parts of the tuple: always in
+ * network order
+ */
+union nf_conntrack_man_proto {
+	/* Add other protocols here. */
+	__be16 all;
+
+	struct {
+		__be16 port;
+	} tcp;
+	struct {
+		__be16 port;
+	} udp;
+	struct {
+		__be16 id;
+	} icmp;
+	struct {
+		__be16 port;
+	} dccp;
+	struct {
+		__be16 port;
+	} sctp;
+	struct {
+		__be16 key;	/* GRE key is 32bit, PPtP only uses 16bit */
+	} gre;
+};
+
+#define CTINFO2DIR(ctinfo) ((ctinfo) >= IP_CT_IS_REPLY ? IP_CT_DIR_REPLY : IP_CT_DIR_ORIGINAL)
+
+#endif /* _NF_CONNTRACK_TUPLE_COMMON_H */
--- a/include/linux/netfilter/nf_nat.h
+++ b/include/linux/netfilter/nf_nat.h
@@ -0,0 +1,25 @@
+#ifndef _NETFILTER_NF_NAT_H
+#define _NETFILTER_NF_NAT_H
+
+#include <linux/netfilter.h>
+#include <linux/netfilter/nf_conntrack_tuple_common.h>
+
+#define NF_NAT_RANGE_MAP_IPS		1
+#define NF_NAT_RANGE_PROTO_SPECIFIED	2
+#define NF_NAT_RANGE_PROTO_RANDOM	4
+#define NF_NAT_RANGE_PERSISTENT		8
+
+struct nf_nat_ipv4_range {
+	unsigned int			flags;
+	__be32				min_ip;
+	__be32				max_ip;
+	union nf_conntrack_man_proto	min;
+	union nf_conntrack_man_proto	max;
+};
+
+struct nf_nat_ipv4_multi_range_compat {
+	unsigned int			rangesize;
+	struct nf_nat_ipv4_range	range[1];
+};
+
+#endif /* _NETFILTER_NF_NAT_H */
--- a/include/net/netfilter/nf_conntrack_tuple.h
+++ b/include/net/netfilter/nf_conntrack_tuple.h
@@ -1,215 +0,0 @@
-/*
- * Definitions and Declarations for tuple.
- *
- * 16 Dec 2003: Yasuyuki Kozakai @USAGI <yasuyuki.kozakai@toshiba.co.jp>
- *	- generalize L3 protocol dependent part.
- *
- * Derived from include/linux/netfiter_ipv4/ip_conntrack_tuple.h
- */
-
-#ifndef _NF_CONNTRACK_TUPLE_H
-#define _NF_CONNTRACK_TUPLE_H
-
-#include <linux/netfilter/x_tables.h>
-#include <linux/netfilter/nf_conntrack_tuple_common.h>
-/*#include <linux/list_nulls.h>*/
-
-/* A `tuple' is a structure containing the information to uniquely
-  identify a connection.  ie. if two packets have the same tuple, they
-  are in the same connection; if not, they are not.
-
-  We divide the structure along "manipulatable" and
-  "non-manipulatable" lines, for the benefit of the NAT code.
-*/
-
-#define NF_CT_TUPLE_L3SIZE	ARRAY_SIZE(((union nf_inet_addr *)NULL)->all)
-
-/* The protocol-specific manipulable parts of the tuple: always in
-   network order! */
-union nf_conntrack_man_proto {
-	/* Add other protocols here. */
-	__be16 all;
-
-	struct {
-		__be16 port;
-	} tcp;
-	struct {
-		__be16 port;
-	} udp;
-	struct {
-		__be16 id;
-	} icmp;
-	struct {
-		__be16 port;
-	} dccp;
-	struct {
-		__be16 port;
-	} sctp;
-	struct {
-		__be16 key;	/* GRE key is 32bit, PPtP only uses 16bit */
-	} gre;
-};
-
-/* The manipulable part of the tuple. */
-struct nf_conntrack_man {
-	union nf_inet_addr u3;
-	union nf_conntrack_man_proto u;
-	/* Layer 3 protocol */
-	u_int16_t l3num;
-};
-
-/* This contains the information to distinguish a connection. */
-struct nf_conntrack_tuple {
-	struct nf_conntrack_man src;
-
-	/* These are the parts of the tuple which are fixed. */
-	struct {
-		union nf_inet_addr u3;
-		union {
-			/* Add other protocols here. */
-			__be16 all;
-
-			struct {
-				__be16 port;
-			} tcp;
-			struct {
-				__be16 port;
-			} udp;
-			struct {
-				u_int8_t type, code;
-			} icmp;
-			struct {
-				__be16 port;
-			} dccp;
-			struct {
-				__be16 port;
-			} sctp;
-			struct {
-				__be16 key;
-			} gre;
-		} u;
-
-		/* The protocol. */
-		u_int8_t protonum;
-
-		/* The direction (for tuplehash) */
-		u_int8_t dir;
-	} dst;
-};
-
-struct nf_conntrack_tuple_mask {
-	struct {
-		union nf_inet_addr u3;
-		union nf_conntrack_man_proto u;
-	} src;
-};
-
-#ifdef __KERNEL__
-
-static inline void nf_ct_dump_tuple_ip(const struct nf_conntrack_tuple *t)
-{
-#ifdef DEBUG
-	printk("tuple %p: %u %pI4:%hu -> %pI4:%hu\n",
-	       t, t->dst.protonum,
-	       &t->src.u3.ip, ntohs(t->src.u.all),
-	       &t->dst.u3.ip, ntohs(t->dst.u.all));
-#endif
-}
-
-static inline void nf_ct_dump_tuple_ipv6(const struct nf_conntrack_tuple *t)
-{
-#ifdef DEBUG
-	printk("tuple %p: %u %pI6 %hu -> %pI6 %hu\n",
-	       t, t->dst.protonum,
-	       t->src.u3.all, ntohs(t->src.u.all),
-	       t->dst.u3.all, ntohs(t->dst.u.all));
-#endif
-}
-
-static inline void nf_ct_dump_tuple(const struct nf_conntrack_tuple *t)
-{
-	switch (t->src.l3num) {
-	case AF_INET:
-		nf_ct_dump_tuple_ip(t);
-		break;
-	case AF_INET6:
-		nf_ct_dump_tuple_ipv6(t);
-		break;
-	}
-}
-
-/* If we're the first tuple, it's the original dir. */
-#define NF_CT_DIRECTION(h)						\
-	((enum ip_conntrack_dir)(h)->tuple.dst.dir)
-
-/* Connections have two entries in the hash table: one for each way */
-struct nf_conntrack_tuple_hash {
-	struct hlist_nulls_node hnnode;
-	struct nf_conntrack_tuple tuple;
-};
-
-static inline bool __nf_ct_tuple_src_equal(const struct nf_conntrack_tuple *t1,
-					   const struct nf_conntrack_tuple *t2)
-{ 
-	return (nf_inet_addr_cmp(&t1->src.u3, &t2->src.u3) &&
-		t1->src.u.all == t2->src.u.all &&
-		t1->src.l3num == t2->src.l3num);
-}
-
-static inline bool __nf_ct_tuple_dst_equal(const struct nf_conntrack_tuple *t1,
-					   const struct nf_conntrack_tuple *t2)
-{
-	return (nf_inet_addr_cmp(&t1->dst.u3, &t2->dst.u3) &&
-		t1->dst.u.all == t2->dst.u.all &&
-		t1->dst.protonum == t2->dst.protonum);
-}
-
-static inline bool nf_ct_tuple_equal(const struct nf_conntrack_tuple *t1,
-				     const struct nf_conntrack_tuple *t2)
-{
-	return __nf_ct_tuple_src_equal(t1, t2) &&
-	       __nf_ct_tuple_dst_equal(t1, t2);
-}
-
-static inline bool
-nf_ct_tuple_mask_equal(const struct nf_conntrack_tuple_mask *m1,
-		       const struct nf_conntrack_tuple_mask *m2)
-{
-	return (nf_inet_addr_cmp(&m1->src.u3, &m2->src.u3) &&
-		m1->src.u.all == m2->src.u.all);
-}
-
-static inline bool
-nf_ct_tuple_src_mask_cmp(const struct nf_conntrack_tuple *t1,
-			 const struct nf_conntrack_tuple *t2,
-			 const struct nf_conntrack_tuple_mask *mask)
-{
-	int count;
-
-	for (count = 0; count < NF_CT_TUPLE_L3SIZE; count++) {
-		if ((t1->src.u3.all[count] ^ t2->src.u3.all[count]) &
-		    mask->src.u3.all[count])
-			return false;
-	}
-
-	if ((t1->src.u.all ^ t2->src.u.all) & mask->src.u.all)
-		return false;
-
-	if (t1->src.l3num != t2->src.l3num ||
-	    t1->dst.protonum != t2->dst.protonum)
-		return false;
-
-	return true;
-}
-
-static inline bool
-nf_ct_tuple_mask_cmp(const struct nf_conntrack_tuple *t,
-		     const struct nf_conntrack_tuple *tuple,
-		     const struct nf_conntrack_tuple_mask *mask)
-{
-	return nf_ct_tuple_src_mask_cmp(t, tuple, mask) &&
-	       __nf_ct_tuple_dst_equal(t, tuple);
-}
-#endif /* __KERNEL__ */
-
-#endif /* _NF_CONNTRACK_TUPLE_H */
--- a/include/net/netfilter/nf_nat.h
+++ b/include/net/netfilter/nf_nat.h
@@ -1,93 +0,0 @@
-#ifndef _NF_NAT_H
-#define _NF_NAT_H
-#include <linux/netfilter_ipv4.h>
-#include <net/netfilter/nf_conntrack_tuple.h>
-
-#define NF_NAT_MAPPING_TYPE_MAX_NAMELEN 16
-
-enum nf_nat_manip_type {
-	IP_NAT_MANIP_SRC,
-	IP_NAT_MANIP_DST
-};
-
-/* SRC manip occurs POST_ROUTING or LOCAL_IN */
-#define HOOK2MANIP(hooknum) ((hooknum) != NF_INET_POST_ROUTING && \
-			     (hooknum) != NF_INET_LOCAL_IN)
-
-#define IP_NAT_RANGE_MAP_IPS 1
-#define IP_NAT_RANGE_PROTO_SPECIFIED 2
-#define IP_NAT_RANGE_PROTO_RANDOM 4
-#define IP_NAT_RANGE_PERSISTENT 8
-
-/* NAT sequence number modifications */
-struct nf_nat_seq {
-	/* position of the last TCP sequence number modification (if any) */
-	u_int32_t correction_pos;
-
-	/* sequence number offset before and after last modification */
-	int16_t offset_before, offset_after;
-};
-
-/* Single range specification. */
-struct nf_nat_range {
-	/* Set to OR of flags above. */
-	unsigned int flags;
-
-	/* Inclusive: network order. */
-	__be32 min_ip, max_ip;
-
-	/* Inclusive: network order */
-	union nf_conntrack_man_proto min, max;
-};
-
-/* For backwards compat: don't use in modern code. */
-struct nf_nat_multi_range_compat {
-	unsigned int rangesize; /* Must be 1. */
-
-	/* hangs off end. */
-	struct nf_nat_range range[1];
-};
-
-#ifdef __KERNEL__
-#include <linux/list.h>
-#include <linux/netfilter/nf_conntrack_pptp.h>
-#include <net/netfilter/nf_conntrack_extend.h>
-
-/* per conntrack: nat application helper private data */
-union nf_conntrack_nat_help {
-	/* insert nat helper private data here */
-	struct nf_nat_pptp nat_pptp_info;
-};
-
-struct nf_conn;
-
-/* The structure embedded in the conntrack structure. */
-struct nf_conn_nat {
-	struct hlist_node bysource;
-	struct nf_nat_seq seq[IP_CT_DIR_MAX];
-	struct nf_conn *ct;
-	union nf_conntrack_nat_help help;
-#if defined(CONFIG_IP_NF_TARGET_MASQUERADE) || \
-    defined(CONFIG_IP_NF_TARGET_MASQUERADE_MODULE)
-	int masq_index;
-#endif
-};
-
-/* Set up the info structure to map into this range. */
-extern unsigned int nf_nat_setup_info(struct nf_conn *ct,
-				      const struct nf_nat_range *range,
-				      enum nf_nat_manip_type maniptype);
-
-/* Is this tuple already taken? (not by us)*/
-extern int nf_nat_used_tuple(const struct nf_conntrack_tuple *tuple,
-			     const struct nf_conn *ignored_conntrack);
-
-static inline struct nf_conn_nat *nfct_nat(const struct nf_conn *ct)
-{
-	return nf_ct_ext_find(ct, NF_CT_EXT_NAT);
-}
-
-#else  /* !__KERNEL__: iptables wants this to compile. */
-#define nf_nat_multi_range nf_nat_multi_range_compat
-#endif /*__KERNEL__*/
-#endif