diff --git a/extensions/compat_xtnu.h b/extensions/compat_xtnu.h index 9583db7..0a267c6 100644 --- a/extensions/compat_xtnu.h +++ b/extensions/compat_xtnu.h @@ -17,6 +17,18 @@ struct net_device; struct rtable; struct sk_buff; +#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 27) +enum { + NFPROTO_UNSPEC = 0, + NFPROTO_IPV4 = 2, + NFPROTO_ARP = 3, + NFPROTO_BRIDGE = 7, + NFPROTO_IPV6 = 10, + NFPROTO_DECNET = 12, + NFPROTO_NUMPROTO, +}; +#endif + struct xtnu_match { struct list_head list; char name[XT_FUNCTION_MAXNAMELEN - 1 - sizeof(void *)]; diff --git a/extensions/xt_CHAOS.c b/extensions/xt_CHAOS.c index 15d48f7..4512a28 100644 --- a/extensions/xt_CHAOS.c +++ b/extensions/xt_CHAOS.c @@ -131,7 +131,8 @@ static bool chaos_tg_check(const char *tablename, const void *entry, static struct xt_target chaos_tg_reg = { .name = "CHAOS", - .family = AF_INET, + .revision = 0, + .family = NFPROTO_IPV4, .table = "filter", .hooks = (1 << NF_INET_LOCAL_IN) | (1 << NF_INET_FORWARD) | (1 << NF_INET_LOCAL_OUT), @@ -145,27 +146,27 @@ static int __init chaos_tg_init(void) { int ret = -EINVAL; - xm_tcp = xt_request_find_match(AF_INET, "tcp", 0); + xm_tcp = xt_request_find_match(NFPROTO_IPV4, "tcp", 0); if (xm_tcp == NULL) { printk(KERN_WARNING PFX "Error: Could not find or load " "\"tcp\" match\n"); return -EINVAL; } - xt_reject = xt_request_find_target(AF_INET, "REJECT", 0); + xt_reject = xt_request_find_target(NFPROTO_IPV4, "REJECT", 0); if (xt_reject == NULL) { printk(KERN_WARNING PFX "Error: Could not find or load " "\"REJECT\" target\n"); goto out2; } - xt_tarpit = xt_request_find_target(AF_INET, "TARPIT", 0); + xt_tarpit = xt_request_find_target(NFPROTO_IPV4, "TARPIT", 0); have_tarpit = xt_tarpit != NULL; if (!have_tarpit) printk(KERN_WARNING PFX "Warning: Could not find or load " "\"TARPIT\" target\n"); - xt_delude = xt_request_find_target(AF_INET, "DELUDE", 0); + xt_delude = xt_request_find_target(NFPROTO_IPV4, "DELUDE", 0); have_delude = xt_delude != NULL; if (!have_delude) printk(KERN_WARNING PFX "Warning: Could not find or load " diff --git a/extensions/xt_DELUDE.c b/extensions/xt_DELUDE.c index 2e2829c..de03ee3 100644 --- a/extensions/xt_DELUDE.c +++ b/extensions/xt_DELUDE.c @@ -157,7 +157,7 @@ static unsigned int delude_tg(struct sk_buff **pskb, static struct xt_target delude_tg_reg __read_mostly = { .name = "DELUDE", .revision = 0, - .family = AF_INET, + .family = NFPROTO_IPV4, .table = "filter", .hooks = (1 << NF_INET_LOCAL_IN) | (1 << NF_INET_FORWARD), .proto = IPPROTO_TCP, diff --git a/extensions/xt_DHCPADDR.c b/extensions/xt_DHCPADDR.c index f57089d..ff893e5 100644 --- a/extensions/xt_DHCPADDR.c +++ b/extensions/xt_DHCPADDR.c @@ -127,7 +127,7 @@ static unsigned int dhcpaddr_tg(struct sk_buff **pskb, static struct xt_target dhcpaddr_tg_reg __read_mostly = { .name = "DHCPADDR", .revision = 0, - .family = PF_INET, + .family = NFPROTO_IPV4, .proto = IPPROTO_UDP, .table = "mangle", .target = dhcpaddr_tg, @@ -138,7 +138,7 @@ static struct xt_target dhcpaddr_tg_reg __read_mostly = { static struct xt_match dhcpaddr_mt_reg __read_mostly = { .name = "dhcpaddr", .revision = 0, - .family = PF_INET, + .family = NFPROTO_IPV4, .proto = IPPROTO_UDP, .match = dhcpaddr_mt, .matchsize = XT_ALIGN(sizeof(struct dhcpaddr_info)), diff --git a/extensions/xt_ECHO.c b/extensions/xt_ECHO.c index 9b024eb..7d3c2fa 100644 --- a/extensions/xt_ECHO.c +++ b/extensions/xt_ECHO.c @@ -109,7 +109,7 @@ static unsigned int echo_tg4(struct sk_buff **poldskb, static struct xt_target echo_tg_reg __read_mostly = { .name = "ECHO", .revision = 0, - .family = AF_INET, + .family = NFPROTO_IPV4, .proto = IPPROTO_UDP, .table = "filter", .target = echo_tg4, diff --git a/extensions/xt_IPMARK.c b/extensions/xt_IPMARK.c index 89756ef..fa45fbc 100644 --- a/extensions/xt_IPMARK.c +++ b/extensions/xt_IPMARK.c @@ -87,7 +87,7 @@ static struct xt_target ipmark_tg_reg[] __read_mostly = { { .name = "IPMARK", .revision = 0, - .family = PF_INET, + .family = NFPROTO_IPV4, .table = "mangle", .target = ipmark_tg4, .targetsize = XT_ALIGN(sizeof(struct xt_ipmark_tginfo)), @@ -96,7 +96,7 @@ static struct xt_target ipmark_tg_reg[] __read_mostly = { { .name = "IPMARK", .revision = 0, - .family = PF_INET6, + .family = NFPROTO_IPV6, .table = "mangle", .target = ipmark_tg6, .targetsize = XT_ALIGN(sizeof(struct xt_ipmark_tginfo)), diff --git a/extensions/xt_LOGMARK.c b/extensions/xt_LOGMARK.c index 754d26b..dc373d4 100644 --- a/extensions/xt_LOGMARK.c +++ b/extensions/xt_LOGMARK.c @@ -101,7 +101,7 @@ static struct xt_target logmark_tg_reg[] __read_mostly = { { .name = "LOGMARK", .revision = 0, - .family = AF_INET, + .family = NFPROTO_IPV4, .checkentry = logmark_tg_check, .target = logmark_tg, .targetsize = sizeof(struct xt_logmark_tginfo), @@ -110,7 +110,7 @@ static struct xt_target logmark_tg_reg[] __read_mostly = { { .name = "LOGMARK", .revision = 0, - .family = AF_INET6, + .family = NFPROTO_IPV6, .checkentry = logmark_tg_check, .target = logmark_tg, .targetsize = sizeof(struct xt_logmark_tginfo), diff --git a/extensions/xt_SYSRQ.c b/extensions/xt_SYSRQ.c index a2aed02..bfa2923 100644 --- a/extensions/xt_SYSRQ.c +++ b/extensions/xt_SYSRQ.c @@ -105,14 +105,14 @@ static unsigned int sysrq_tg6(struct sk_buff **pskb, static bool sysrq_tg_check(const char *table, const void *ventry, const struct xt_target *target, void *targinfo, unsigned int hook_mask) { - if (target->family == PF_INET) { + if (target->family == NFPROTO_IPV4) { const struct ipt_entry *entry = ventry; if ((entry->ip.proto != IPPROTO_UDP && entry->ip.proto != IPPROTO_UDPLITE) || entry->ip.invflags & XT_INV_PROTO) goto out; - } else if (target->family == PF_INET6) { + } else if (target->family == NFPROTO_IPV6) { const struct ip6t_entry *entry = ventry; if ((entry->ipv6.proto != IPPROTO_UDP && @@ -131,16 +131,16 @@ static bool sysrq_tg_check(const char *table, const void *ventry, static struct xt_target sysrq_tg_reg[] __read_mostly = { { .name = "SYSRQ", - .family = PF_INET, .revision = 0, + .family = NFPROTO_IPV4, .target = sysrq_tg4, .checkentry = sysrq_tg_check, .me = THIS_MODULE, }, { .name = "SYSRQ", - .family = PF_INET6, .revision = 0, + .family = NFPROTO_IPV6, .target = sysrq_tg6, .checkentry = sysrq_tg_check, .me = THIS_MODULE, diff --git a/extensions/xt_TARPIT.c b/extensions/xt_TARPIT.c index 60957aa..a4a7624 100644 --- a/extensions/xt_TARPIT.c +++ b/extensions/xt_TARPIT.c @@ -179,7 +179,7 @@ static void tarpit_tcp(struct sk_buff *oldskb, unsigned int hook) nf_ct_attach(nskb, oldskb); - NF_HOOK(PF_INET, NF_INET_LOCAL_OUT, nskb, NULL, nskb->dst->dev, + NF_HOOK(NFPROTO_IPV4, NF_INET_LOCAL_OUT, nskb, NULL, nskb->dst->dev, dst_output); return; @@ -226,7 +226,8 @@ tarpit_tg(struct sk_buff **pskb, const struct net_device *in, static struct xt_target tarpit_tg_reg __read_mostly = { .name = "TARPIT", - .family = AF_INET, + .revision = 0, + .family = NFPROTO_IPV4, .table = "filter", .hooks = (1 << NF_INET_LOCAL_IN) | (1 << NF_INET_FORWARD), .proto = IPPROTO_TCP, diff --git a/extensions/xt_TEE.c b/extensions/xt_TEE.c index f07ef8b..4fe1cca 100644 --- a/extensions/xt_TEE.c +++ b/extensions/xt_TEE.c @@ -220,7 +220,8 @@ static bool tee_tg_check(const char *tablename, const void *entry, static struct xt_target tee_tg_reg __read_mostly = { .name = "TEE", - .family = AF_INET, + .revision = 0, + .family = NFPROTO_IPV4, .table = "mangle", .target = tee_tg, .targetsize = sizeof(struct xt_tee_tginfo), diff --git a/extensions/xt_condition.c b/extensions/xt_condition.c index 0b1dcbf..91d1e65 100644 --- a/extensions/xt_condition.c +++ b/extensions/xt_condition.c @@ -211,7 +211,7 @@ static struct xt_match condition_mt_reg[] __read_mostly = { { .name = "condition", .revision = 0, - .family = PF_INET, + .family = NFPROTO_IPV4, .matchsize = XT_ALIGN(sizeof(struct xt_condition_mtinfo)), .match = condition_mt, .checkentry = condition_mt_check, @@ -221,7 +221,7 @@ static struct xt_match condition_mt_reg[] __read_mostly = { { .name = "condition", .revision = 0, - .family = PF_INET6, + .family = NFPROTO_IPV6, .matchsize = XT_ALIGN(sizeof(struct xt_condition_mtinfo)), .match = condition_mt, .checkentry = condition_mt_check, diff --git a/extensions/xt_fuzzy.c b/extensions/xt_fuzzy.c index 774414b..b09afe1 100644 --- a/extensions/xt_fuzzy.c +++ b/extensions/xt_fuzzy.c @@ -148,7 +148,7 @@ static struct xt_match fuzzy_mt_reg[] __read_mostly = { { .name = "fuzzy", .revision = 0, - .family = PF_INET, + .family = NFPROTO_IPV4, .match = fuzzy_mt, .checkentry = fuzzy_mt_check, .matchsize = XT_ALIGN(sizeof(struct xt_fuzzy_mtinfo)), @@ -157,7 +157,7 @@ static struct xt_match fuzzy_mt_reg[] __read_mostly = { { .name = "fuzzy", .revision = 0, - .family = PF_INET6, + .family = NFPROTO_IPV6, .match = fuzzy_mt, .checkentry = fuzzy_mt_check, .matchsize = XT_ALIGN(sizeof(struct xt_fuzzy_mtinfo)), diff --git a/extensions/xt_geoip.c b/extensions/xt_geoip.c index 8b37b17..1cf0b86 100644 --- a/extensions/xt_geoip.c +++ b/extensions/xt_geoip.c @@ -223,8 +223,9 @@ static void xt_geoip_mt_destroy(const struct xt_match *match, void *matchinfo) } static struct xt_match xt_geoip_match __read_mostly = { - .family = AF_INET, .name = "geoip", + .revision = 0, + .family = NFPROTO_IPV4, .match = xt_geoip_mt, .checkentry = xt_geoip_mt_checkentry, .destroy = xt_geoip_mt_destroy, diff --git a/extensions/xt_ipp2p.c b/extensions/xt_ipp2p.c index f1ffc3a..5472de5 100644 --- a/extensions/xt_ipp2p.c +++ b/extensions/xt_ipp2p.c @@ -869,7 +869,7 @@ ipp2p_mt(const struct sk_buff *skb, const struct net_device *in, static struct xt_match ipp2p_mt_reg __read_mostly = { .name = "ipp2p", .revision = 0, - .family = AF_INET, + .family = NFPROTO_IPV4, .match = ipp2p_mt, .matchsize = sizeof(struct ipt_p2p_info), .me = THIS_MODULE, diff --git a/extensions/xt_portscan.c b/extensions/xt_portscan.c index a1fbbfb..e9581be 100644 --- a/extensions/xt_portscan.c +++ b/extensions/xt_portscan.c @@ -236,7 +236,7 @@ static struct xt_match portscan_mt_reg[] __read_mostly = { { .name = "portscan", .revision = 0, - .family = PF_INET, + .family = NFPROTO_IPV4, .match = portscan_mt, .checkentry = portscan_mt_check, .matchsize = sizeof(struct xt_portscan_mtinfo), @@ -246,7 +246,7 @@ static struct xt_match portscan_mt_reg[] __read_mostly = { { .name = "portscan", .revision = 0, - .family = PF_INET6, + .family = NFPROTO_IPV6, .match = portscan_mt, .checkentry = portscan_mt_check, .matchsize = sizeof(struct xt_portscan_mtinfo), diff --git a/extensions/xt_quota2.c b/extensions/xt_quota2.c index 66a89b1..1604f95 100644 --- a/extensions/xt_quota2.c +++ b/extensions/xt_quota2.c @@ -103,7 +103,7 @@ static struct quota_counter *q2_get_counter(const struct xt_quota_mtinfo2 *q) proc_xt_quota); if (p == NULL || IS_ERR(p)) goto out; - + p->owner = THIS_MODULE; p->data = e; p->read_proc = quota_proc_read; @@ -199,7 +199,7 @@ static struct xt_match quota_mt2_reg[] __read_mostly = { { .name = "quota2", .revision = 2, - .family = AF_INET, + .family = NFPROTO_IPV4, .checkentry = quota_mt2_check, .match = quota_mt2, .destroy = quota_mt2_destroy, @@ -209,7 +209,7 @@ static struct xt_match quota_mt2_reg[] __read_mostly = { { .name = "quota2", .revision = 2, - .family = AF_INET6, + .family = NFPROTO_IPV6, .checkentry = quota_mt2_check, .match = quota_mt2, .destroy = quota_mt2_destroy,