From 4dd35fb564d98f08c3a8d15519a1ef6235003cf1 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Thu, 13 May 2010 16:30:22 +0200 Subject: [PATCH 1/5] compat_xtables: move 2.6.28+ xtnu_target_run code --- extensions/compat_xtables.c | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/extensions/compat_xtables.c b/extensions/compat_xtables.c index 02e2509..908e64e 100644 --- a/extensions/compat_xtables.c +++ b/extensions/compat_xtables.c @@ -207,12 +207,9 @@ static unsigned int xtnu_target_run(struct sk_buff **pskb, static unsigned int xtnu_target_run(struct sk_buff *skb, const struct net_device *in, const struct net_device *out, unsigned int hooknum, const struct xt_target *ct, const void *targinfo) -#else -static unsigned int -xtnu_target_run(struct sk_buff *skb, const struct xt_target_param *par) #endif -{ #if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 27) +{ struct xtnu_target *nt = xtcompat_nutarget(ct); struct xt_target_param local_par = { .in = in, @@ -222,20 +219,25 @@ xtnu_target_run(struct sk_buff *skb, const struct xt_target_param *par) .targinfo = targinfo, .family = NFPROTO_UNSPEC, }; -#else - struct xtnu_target *nt = xtcompat_nutarget(par->target); -#endif if (nt != NULL && nt->target != NULL) #if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 23) return nt->target(pskb, &local_par); #elif LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 27) return nt->target(&skb, &local_par); -#else - return nt->target(&skb, par); #endif return XT_CONTINUE; } +#endif +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 28) && \ + LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 34) +static unsigned int +xtnu_target_run(struct sk_buff *skb, const struct xt_target_param *par) +{ + struct xtnu_target *nt = xtcompat_nutarget(par->target); + return nt->target(&skb, par); +} +#endif #if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 18) static int xtnu_target_check(const char *table, const void *entry, From 5b472be9bb9e25eb00d4ef57a74cfc01ca0e97f8 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Thu, 13 May 2010 16:22:36 +0200 Subject: [PATCH 2/5] compat_xtables: move to 2.6.35 xt_action_param (1/3) --- extensions/ACCOUNT/xt_ACCOUNT.c | 2 +- extensions/compat_xtables.c | 74 ++++++++++++++++++++++++--------- extensions/compat_xtnu.h | 31 ++++++++------ extensions/ipset/ipt_SET.c | 2 +- extensions/ipset/ipt_set.c | 2 +- extensions/pknock/xt_pknock.c | 2 +- extensions/xt_CHAOS.c | 14 +++++-- extensions/xt_DELUDE.c | 2 +- extensions/xt_DHCPMAC.c | 4 +- extensions/xt_ECHO.c | 2 +- extensions/xt_IPMARK.c | 4 +- extensions/xt_LOGMARK.c | 2 +- extensions/xt_RAWNAT.c | 8 ++-- extensions/xt_STEAL.c | 2 +- extensions/xt_SYSRQ.c | 4 +- extensions/xt_TARPIT.c | 2 +- extensions/xt_TEE.c | 4 +- extensions/xt_condition.c | 2 +- extensions/xt_fuzzy.c | 2 +- extensions/xt_geoip.c | 2 +- extensions/xt_iface.c | 2 +- extensions/xt_ipp2p.c | 2 +- extensions/xt_ipv4options.c | 2 +- extensions/xt_length2.c | 4 +- extensions/xt_lscan.c | 2 +- extensions/xt_psd.c | 2 +- extensions/xt_quota2.c | 2 +- 27 files changed, 115 insertions(+), 68 deletions(-) diff --git a/extensions/ACCOUNT/xt_ACCOUNT.c b/extensions/ACCOUNT/xt_ACCOUNT.c index 2e0263d..7517d86 100644 --- a/extensions/ACCOUNT/xt_ACCOUNT.c +++ b/extensions/ACCOUNT/xt_ACCOUNT.c @@ -478,7 +478,7 @@ static void ipt_acc_depth2_insert(struct ipt_acc_mask_8 *mask_8, } } -static unsigned int ipt_acc_target(struct sk_buff **pskb, const struct xt_target_param *par) +static unsigned int ipt_acc_target(struct sk_buff **pskb, const struct xt_action_param *par) { const struct ipt_acc_info *info = par->targinfo; diff --git a/extensions/compat_xtables.c b/extensions/compat_xtables.c index 908e64e..69fd607 100644 --- a/extensions/compat_xtables.c +++ b/extensions/compat_xtables.c @@ -1,6 +1,6 @@ /* * API compat layer - * written by Jan Engelhardt , 2008 + * written by Jan Engelhardt , 2008 - 2010 * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License, either @@ -35,16 +35,15 @@ static bool xtnu_match_run(const struct sk_buff *skb, { struct xtnu_match *nm = xtcompat_numatch(cm); bool lo_drop = false, lo_ret; - struct xt_match_param local_par = { - .in = in, - .out = out, - .match = cm, - .matchinfo = matchinfo, - .fragoff = offset, - .thoff = protoff, - .hotdrop = &lo_drop, - .family = NFPROTO_UNSPEC, /* don't have that info */ - }; + struct xt_action_param local_par; + local_par.in = in; + local_par.out = out; + local_par.match = cm; + local_par.matchinfo = matchinfo; + local_par.fragoff = offset; + local_par.thoff = protoff; + local_par.hotdrop = &lo_drop; + local_par.family = NFPROTO_UNSPEC; /* don't have that info */ if (nm == NULL || nm->match == NULL) return false; @@ -53,6 +52,28 @@ static bool xtnu_match_run(const struct sk_buff *skb, return lo_ret; } #endif +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 28) && \ + LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 34) +static bool xtnu_match_run(const struct sk_buff *skb, + const struct xt_match_param *par) +{ + struct xtnu_match *nm = xtcompat_numatch(par->match); + struct xt_action_param local_par; + + local_par.in = par->in; + local_par.out = par->out; + local_par.match = par->match; + local_par.matchinfo = par->matchinfo; + local_par.fragoff = par->fragoff; + local_par.thoff = par->thoff; + local_par.hotdrop = par->hotdrop; + local_par.family = par->family; + + if (nm == NULL || nm->match == NULL) + return false; + return nm->match(skb, &local_par); +} +#endif #if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 18) static int xtnu_match_check(const char *table, const void *entry, @@ -144,6 +165,10 @@ int xtnu_register_match(struct xtnu_match *nt) ct->match = xtnu_match_run; ct->checkentry = xtnu_match_check; ct->destroy = xtnu_match_destroy; +#elif LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 34) + ct->match = xtnu_match_run; + ct->checkentry = xtnu_match_check; + ct->destroy = nt->destroy; #else ct->match = nt->match; ct->checkentry = xtnu_match_check; @@ -211,14 +236,14 @@ static unsigned int xtnu_target_run(struct sk_buff *skb, #if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 27) { struct xtnu_target *nt = xtcompat_nutarget(ct); - struct xt_target_param local_par = { - .in = in, - .out = out, - .hooknum = hooknum, - .target = ct, - .targinfo = targinfo, - .family = NFPROTO_UNSPEC, - }; + struct xt_action_param local_par; + + local_par.in = in; + local_par.out = out; + local_par.hooknum = hooknum; + local_par.target = ct; + local_par.targinfo = targinfo; + local_par.family = NFPROTO_UNSPEC; if (nt != NULL && nt->target != NULL) #if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 23) @@ -235,7 +260,16 @@ static unsigned int xtnu_target_run(struct sk_buff *skb, const struct xt_target_param *par) { struct xtnu_target *nt = xtcompat_nutarget(par->target); - return nt->target(&skb, par); + struct xt_action_param local_par; + + local_par.in = par->in; + local_par.out = par->out; + local_par.hooknum = par->hooknum; + local_par.target = par->target; + local_par.targinfo = par->targinfo; + local_par.family = par->family; + + return nt->target(&skb, &local_par); } #endif diff --git a/extensions/compat_xtnu.h b/extensions/compat_xtnu.h index bcc2ac8..5af3958 100644 --- a/extensions/compat_xtnu.h +++ b/extensions/compat_xtnu.h @@ -32,16 +32,6 @@ enum { NFPROTO_NUMPROTO, }; -struct xt_match_param { - const struct net_device *in, *out; - const struct xt_match *match; - const void *matchinfo; - int fragoff; - unsigned int thoff; - bool *hotdrop; - u_int8_t family; -}; - struct xt_mtchk_param { const char *table; const void *entryinfo; @@ -81,6 +71,23 @@ struct xt_tgdtor_param { }; #endif +#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 34) +struct xt_action_param { + union { + const struct xt_match *match; + const struct xt_target *target; + }; + union { + const void *matchinfo, *targinfo; + }; + const struct net_device *in, *out; + int fragoff; + unsigned int thoff, hooknum; + u_int8_t family; + bool *hotdrop; +}; +#endif + struct xtnu_match { /* * Making it smaller by sizeof(void *) on purpose to catch @@ -88,7 +95,7 @@ struct xtnu_match { */ char name[sizeof(((struct xt_match *)NULL)->name) - 1 - sizeof(void *)]; uint8_t revision; - bool (*match)(const struct sk_buff *, const struct xt_match_param *); + bool (*match)(const struct sk_buff *, const struct xt_action_param *); int (*checkentry)(const struct xt_mtchk_param *); void (*destroy)(const struct xt_mtdtor_param *); struct module *me; @@ -103,7 +110,7 @@ struct xtnu_target { char name[sizeof(((struct xt_target *)NULL)->name) - 1 - sizeof(void *)]; uint8_t revision; unsigned int (*target)(struct sk_buff **, - const struct xt_target_param *); + const struct xt_action_param *); int (*checkentry)(const struct xt_tgchk_param *); void (*destroy)(const struct xt_tgdtor_param *); struct module *me; diff --git a/extensions/ipset/ipt_SET.c b/extensions/ipset/ipt_SET.c index 9dfe3c9..46b5138 100644 --- a/extensions/ipset/ipt_SET.c +++ b/extensions/ipset/ipt_SET.c @@ -29,7 +29,7 @@ #include "../compat_xtables.h" static unsigned int -target(struct sk_buff **pskb, const struct xt_target_param *par) +target(struct sk_buff **pskb, const struct xt_action_param *par) { const struct ipt_set_info_target *info = par->targinfo; diff --git a/extensions/ipset/ipt_set.c b/extensions/ipset/ipt_set.c index ec1a40f..30cc264 100644 --- a/extensions/ipset/ipt_set.c +++ b/extensions/ipset/ipt_set.c @@ -38,7 +38,7 @@ match_set(const struct ipt_set_info *info, } static bool -match(const struct sk_buff *skb, const struct xt_match_param *par) +match(const struct sk_buff *skb, const struct xt_action_param *par) { const struct ipt_set_info_match *info = par->matchinfo; diff --git a/extensions/pknock/xt_pknock.c b/extensions/pknock/xt_pknock.c index a700041..8ddbd5a 100644 --- a/extensions/pknock/xt_pknock.c +++ b/extensions/pknock/xt_pknock.c @@ -958,7 +958,7 @@ is_close_knock(const struct peer *peer, const struct xt_pknock_mtinfo *info, } static bool pknock_mt(const struct sk_buff *skb, - const struct xt_match_param *par) + const struct xt_action_param *par) { const struct xt_pknock_mtinfo *info = par->matchinfo; struct xt_pknock_rule *rule; diff --git a/extensions/xt_CHAOS.c b/extensions/xt_CHAOS.c index 63e5482..44492df 100644 --- a/extensions/xt_CHAOS.c +++ b/extensions/xt_CHAOS.c @@ -45,7 +45,7 @@ static const struct xt_tcp tcp_params = { /* CHAOS functions */ static void -xt_chaos_total(struct sk_buff *skb, const struct xt_target_param *par) +xt_chaos_total(struct sk_buff *skb, const struct xt_action_param *par) { const struct xt_chaos_tginfo *info = par->targinfo; const struct iphdr *iph = ip_hdr(skb); @@ -88,15 +88,21 @@ xt_chaos_total(struct sk_buff *skb, const struct xt_target_param *par) destiny->target(skb, par->in, par->out, par->hooknum, destiny, NULL); #else { - struct xt_target_param local_par = *par; - local_par.target = destiny; + struct xt_target_param local_par = { + .in = par->in, + .out = par->out, + .hooknum = par->hooknum, + .target = destiny, + .targinfo = par->targinfo, + .family = par->family, + }; destiny->target(skb, &local_par); } #endif } static unsigned int -chaos_tg(struct sk_buff **pskb, const struct xt_target_param *par) +chaos_tg(struct sk_buff **pskb, const struct xt_action_param *par) { /* * Equivalent to: diff --git a/extensions/xt_DELUDE.c b/extensions/xt_DELUDE.c index 43df0d2..b0f2de2 100644 --- a/extensions/xt_DELUDE.c +++ b/extensions/xt_DELUDE.c @@ -143,7 +143,7 @@ static void delude_send_reset(struct sk_buff *oldskb, unsigned int hook) } static unsigned int -delude_tg(struct sk_buff **pskb, const struct xt_target_param *par) +delude_tg(struct sk_buff **pskb, const struct xt_action_param *par) { /* WARNING: This code causes reentry within iptables. This means that the iptables jump stack is now crap. We diff --git a/extensions/xt_DHCPMAC.c b/extensions/xt_DHCPMAC.c index 33ba1fe..42b9197 100644 --- a/extensions/xt_DHCPMAC.c +++ b/extensions/xt_DHCPMAC.c @@ -69,7 +69,7 @@ static bool ether_cmp(const unsigned char *lh, const unsigned char *rh, } static bool -dhcpmac_mt(const struct sk_buff *skb, const struct xt_match_param *par) +dhcpmac_mt(const struct sk_buff *skb, const struct xt_action_param *par) { const struct dhcpmac_info *info = par->matchinfo; const struct dhcp_message *dh; @@ -89,7 +89,7 @@ dhcpmac_mt(const struct sk_buff *skb, const struct xt_match_param *par) } static unsigned int -dhcpmac_tg(struct sk_buff **pskb, const struct xt_target_param *par) +dhcpmac_tg(struct sk_buff **pskb, const struct xt_action_param *par) { const struct dhcpmac_info *info = par->targinfo; struct dhcp_message dhcpbuf, *dh; diff --git a/extensions/xt_ECHO.c b/extensions/xt_ECHO.c index 56a7fa4..a09311a 100644 --- a/extensions/xt_ECHO.c +++ b/extensions/xt_ECHO.c @@ -21,7 +21,7 @@ #include "compat_xtables.h" static unsigned int -echo_tg4(struct sk_buff **poldskb, const struct xt_target_param *par) +echo_tg4(struct sk_buff **poldskb, const struct xt_action_param *par) { const struct sk_buff *oldskb = *poldskb; const struct udphdr *oldudp; diff --git a/extensions/xt_IPMARK.c b/extensions/xt_IPMARK.c index a5f9377..a296945 100644 --- a/extensions/xt_IPMARK.c +++ b/extensions/xt_IPMARK.c @@ -25,7 +25,7 @@ MODULE_ALIAS("ipt_IPMARK"); MODULE_ALIAS("ip6t_IPMARK"); static unsigned int -ipmark_tg4(struct sk_buff **pskb, const struct xt_target_param *par) +ipmark_tg4(struct sk_buff **pskb, const struct xt_action_param *par) { const struct xt_ipmark_tginfo *ipmarkinfo = par->targinfo; const struct sk_buff *skb = *pskb; @@ -61,7 +61,7 @@ static __u32 ipmark_from_ip6(const struct in6_addr *a, unsigned int s) } static unsigned int -ipmark_tg6(struct sk_buff **pskb, const struct xt_target_param *par) +ipmark_tg6(struct sk_buff **pskb, const struct xt_action_param *par) { const struct xt_ipmark_tginfo *info = par->targinfo; const struct sk_buff *skb = *pskb; diff --git a/extensions/xt_LOGMARK.c b/extensions/xt_LOGMARK.c index 5fadf09..fce8669 100644 --- a/extensions/xt_LOGMARK.c +++ b/extensions/xt_LOGMARK.c @@ -30,7 +30,7 @@ static const char *const dir_names[] = { }; static unsigned int -logmark_tg(struct sk_buff **pskb, const struct xt_target_param *par) +logmark_tg(struct sk_buff **pskb, const struct xt_action_param *par) { const struct sk_buff *skb = *pskb; const struct xt_logmark_tginfo *info = par->targinfo; diff --git a/extensions/xt_RAWNAT.c b/extensions/xt_RAWNAT.c index 4bb44ee..f256e4c 100644 --- a/extensions/xt_RAWNAT.c +++ b/extensions/xt_RAWNAT.c @@ -125,7 +125,7 @@ static unsigned int rawnat4_writable_part(const struct iphdr *iph) } static unsigned int -rawsnat_tg4(struct sk_buff **pskb, const struct xt_target_param *par) +rawsnat_tg4(struct sk_buff **pskb, const struct xt_action_param *par) { const struct xt_rawnat_tginfo *info = par->targinfo; struct iphdr *iph; @@ -147,7 +147,7 @@ rawsnat_tg4(struct sk_buff **pskb, const struct xt_target_param *par) } static unsigned int -rawdnat_tg4(struct sk_buff **pskb, const struct xt_target_param *par) +rawdnat_tg4(struct sk_buff **pskb, const struct xt_action_param *par) { const struct xt_rawnat_tginfo *info = par->targinfo; struct iphdr *iph; @@ -241,7 +241,7 @@ static void rawnat6_update_l4(struct sk_buff *skb, unsigned int l4proto, } static unsigned int -rawsnat_tg6(struct sk_buff **pskb, const struct xt_target_param *par) +rawsnat_tg6(struct sk_buff **pskb, const struct xt_action_param *par) { const struct xt_rawnat_tginfo *info = par->targinfo; unsigned int l4offset, l4proto; @@ -262,7 +262,7 @@ rawsnat_tg6(struct sk_buff **pskb, const struct xt_target_param *par) } static unsigned int -rawdnat_tg6(struct sk_buff **pskb, const struct xt_target_param *par) +rawdnat_tg6(struct sk_buff **pskb, const struct xt_action_param *par) { const struct xt_rawnat_tginfo *info = par->targinfo; unsigned int l4offset, l4proto; diff --git a/extensions/xt_STEAL.c b/extensions/xt_STEAL.c index b06d0fb..e8d3e4c 100644 --- a/extensions/xt_STEAL.c +++ b/extensions/xt_STEAL.c @@ -8,7 +8,7 @@ #include "compat_xtables.h" static unsigned int -steal_tg(struct sk_buff **pskb, const struct xt_target_param *par) +steal_tg(struct sk_buff **pskb, const struct xt_action_param *par) { kfree_skb(*pskb); return NF_STOLEN; diff --git a/extensions/xt_SYSRQ.c b/extensions/xt_SYSRQ.c index 8152132..e0b6aa0 100644 --- a/extensions/xt_SYSRQ.c +++ b/extensions/xt_SYSRQ.c @@ -197,7 +197,7 @@ static unsigned int sysrq_tg(const void *pdata, uint16_t len) #endif static unsigned int -sysrq_tg4(struct sk_buff **pskb, const struct xt_target_param *par) +sysrq_tg4(struct sk_buff **pskb, const struct xt_action_param *par) { struct sk_buff *skb = *pskb; const struct iphdr *iph; @@ -224,7 +224,7 @@ sysrq_tg4(struct sk_buff **pskb, const struct xt_target_param *par) #ifdef WITH_IPV6 static unsigned int -sysrq_tg6(struct sk_buff **pskb, const struct xt_target_param *par) +sysrq_tg6(struct sk_buff **pskb, const struct xt_action_param *par) { struct sk_buff *skb = *pskb; const struct ipv6hdr *iph; diff --git a/extensions/xt_TARPIT.c b/extensions/xt_TARPIT.c index ed052e4..92bea2c 100644 --- a/extensions/xt_TARPIT.c +++ b/extensions/xt_TARPIT.c @@ -188,7 +188,7 @@ static void tarpit_tcp(struct sk_buff *oldskb, unsigned int hook) } static unsigned int -tarpit_tg(struct sk_buff **pskb, const struct xt_target_param *par) +tarpit_tg(struct sk_buff **pskb, const struct xt_action_param *par) { const struct sk_buff *skb = *pskb; const struct iphdr *iph = ip_hdr(skb); diff --git a/extensions/xt_TEE.c b/extensions/xt_TEE.c index 8be6173..e98333b 100644 --- a/extensions/xt_TEE.c +++ b/extensions/xt_TEE.c @@ -103,7 +103,7 @@ static void tee_tg_send(struct sk_buff *skb) } static unsigned int -tee_tg4(struct sk_buff **pskb, const struct xt_target_param *par) +tee_tg4(struct sk_buff **pskb, const struct xt_action_param *par) { const struct xt_tee_tginfo *info = par->targinfo; struct sk_buff *skb = *pskb; @@ -205,7 +205,7 @@ tee_tg_route6(struct sk_buff *skb, const struct xt_tee_tginfo *info) } static unsigned int -tee_tg6(struct sk_buff **pskb, const struct xt_target_param *par) +tee_tg6(struct sk_buff **pskb, const struct xt_action_param *par) { const struct xt_tee_tginfo *info = par->targinfo; struct sk_buff *skb = *pskb; diff --git a/extensions/xt_condition.c b/extensions/xt_condition.c index c4a54b9..c1f082d 100644 --- a/extensions/xt_condition.c +++ b/extensions/xt_condition.c @@ -96,7 +96,7 @@ static int condition_proc_write(struct file *file, const char __user *buffer, } static bool -condition_mt(const struct sk_buff *skb, const struct xt_match_param *par) +condition_mt(const struct sk_buff *skb, const struct xt_action_param *par) { const struct xt_condition_mtinfo *info = par->matchinfo; const struct condition_variable *var = info->condvar; diff --git a/extensions/xt_fuzzy.c b/extensions/xt_fuzzy.c index 83903b2..4d066bf 100644 --- a/extensions/xt_fuzzy.c +++ b/extensions/xt_fuzzy.c @@ -60,7 +60,7 @@ static uint8_t mf_low(uint32_t tx, uint32_t mini, uint32_t maxi) } static bool -fuzzy_mt(const struct sk_buff *skb, const struct xt_match_param *par) +fuzzy_mt(const struct sk_buff *skb, const struct xt_action_param *par) { struct xt_fuzzy_mtinfo *info = (void *)par->matchinfo; unsigned long amount; diff --git a/extensions/xt_geoip.c b/extensions/xt_geoip.c index 76c643c..92d2915 100644 --- a/extensions/xt_geoip.c +++ b/extensions/xt_geoip.c @@ -141,7 +141,7 @@ static bool geoip_bsearch(const struct geoip_subnet *range, } static bool -xt_geoip_mt(const struct sk_buff *skb, const struct xt_match_param *par) +xt_geoip_mt(const struct sk_buff *skb, const struct xt_action_param *par) { const struct xt_geoip_match_info *info = par->matchinfo; const struct geoip_country_kernel *node; diff --git a/extensions/xt_iface.c b/extensions/xt_iface.c index 5847e6b..e61dc9d 100644 --- a/extensions/xt_iface.c +++ b/extensions/xt_iface.c @@ -41,7 +41,7 @@ static const struct xt_iface_flag_pairs xt_iface_lookup[] = }; static bool xt_iface_mt(const struct sk_buff *skb, - const struct xt_match_param *par) + const struct xt_action_param *par) { const struct xt_iface_mtinfo *info = par->matchinfo; struct net_device *dev; diff --git a/extensions/xt_ipp2p.c b/extensions/xt_ipp2p.c index a94c2d2..0886fb1 100644 --- a/extensions/xt_ipp2p.c +++ b/extensions/xt_ipp2p.c @@ -808,7 +808,7 @@ static const struct { }; static bool -ipp2p_mt(const struct sk_buff *skb, const struct xt_match_param *par) +ipp2p_mt(const struct sk_buff *skb, const struct xt_action_param *par) { const struct ipt_p2p_info *info = par->matchinfo; const unsigned char *haystack; diff --git a/extensions/xt_ipv4options.c b/extensions/xt_ipv4options.c index b136003..a887821 100644 --- a/extensions/xt_ipv4options.c +++ b/extensions/xt_ipv4options.c @@ -29,7 +29,7 @@ static uint32_t ipv4options_rd(const uint8_t *data, int len) } static bool ipv4options_mt(const struct sk_buff *skb, - const struct xt_match_param *par) + const struct xt_action_param *par) { const struct xt_ipv4options_mtinfo1 *info = par->matchinfo; const struct iphdr *iph = ip_hdr(skb); diff --git a/extensions/xt_length2.c b/extensions/xt_length2.c index 8de6ca5..ca495df 100644 --- a/extensions/xt_length2.c +++ b/extensions/xt_length2.c @@ -137,7 +137,7 @@ static bool xtlength_layer7(unsigned int *length, const struct sk_buff *skb, } static bool -length2_mt(const struct sk_buff *skb, const struct xt_match_param *par) +length2_mt(const struct sk_buff *skb, const struct xt_action_param *par) { const struct xt_length_mtinfo2 *info = par->matchinfo; const struct iphdr *iph = ip_hdr(skb); @@ -198,7 +198,7 @@ llayer4_proto(const struct sk_buff *skb, unsigned int *offset, bool *hotdrop) } static bool -length2_mt6(const struct sk_buff *skb, const struct xt_match_param *par) +length2_mt6(const struct sk_buff *skb, const struct xt_action_param *par) { const struct xt_length_mtinfo2 *info = par->matchinfo; const struct ipv6hdr *iph = ipv6_hdr(skb); diff --git a/extensions/xt_lscan.c b/extensions/xt_lscan.c index 1f51f82..3af8621 100644 --- a/extensions/xt_lscan.c +++ b/extensions/xt_lscan.c @@ -171,7 +171,7 @@ static inline unsigned int lscan_mt_full(int mark, } static bool -lscan_mt(const struct sk_buff *skb, const struct xt_match_param *par) +lscan_mt(const struct sk_buff *skb, const struct xt_action_param *par) { const struct xt_lscan_mtinfo *info = par->matchinfo; enum ip_conntrack_info ctstate; diff --git a/extensions/xt_psd.c b/extensions/xt_psd.c index a86a73c..4be8b4e 100644 --- a/extensions/xt_psd.c +++ b/extensions/xt_psd.c @@ -100,7 +100,7 @@ static inline int hashfunc(struct in_addr addr) } static bool -xt_psd_match(const struct sk_buff *pskb, const struct xt_match_param *match) +xt_psd_match(const struct sk_buff *pskb, const struct xt_action_param *match) { const struct iphdr *iph; const struct tcphdr *tcph; diff --git a/extensions/xt_quota2.c b/extensions/xt_quota2.c index 73531d8..62f1274 100644 --- a/extensions/xt_quota2.c +++ b/extensions/xt_quota2.c @@ -189,7 +189,7 @@ static void quota_mt2_destroy(const struct xt_mtdtor_param *par) } static bool -quota_mt2(const struct sk_buff *skb, const struct xt_match_param *par) +quota_mt2(const struct sk_buff *skb, const struct xt_action_param *par) { struct xt_quota_mtinfo2 *q = (void *)par->matchinfo; struct xt_quota_counter *e = q->master; From 9a18a05d02dc4506afe7832c5894c13bef111a2f Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Thu, 13 May 2010 19:45:52 +0200 Subject: [PATCH 3/5] compat_xtables: move to 2.6.35 xt_action_param (2/3) --- extensions/compat_xtnu.h | 2 +- extensions/ipset/ipt_set.c | 2 +- extensions/pknock/xt_pknock.c | 2 +- extensions/xt_DHCPMAC.c | 2 +- extensions/xt_condition.c | 2 +- extensions/xt_fuzzy.c | 2 +- extensions/xt_geoip.c | 2 +- extensions/xt_iface.c | 2 +- extensions/xt_ipp2p.c | 2 +- extensions/xt_ipv4options.c | 2 +- extensions/xt_length2.c | 4 ++-- extensions/xt_lscan.c | 2 +- extensions/xt_psd.c | 2 +- extensions/xt_quota2.c | 2 +- 14 files changed, 15 insertions(+), 15 deletions(-) diff --git a/extensions/compat_xtnu.h b/extensions/compat_xtnu.h index 5af3958..4ff8adb 100644 --- a/extensions/compat_xtnu.h +++ b/extensions/compat_xtnu.h @@ -95,7 +95,7 @@ struct xtnu_match { */ char name[sizeof(((struct xt_match *)NULL)->name) - 1 - sizeof(void *)]; uint8_t revision; - bool (*match)(const struct sk_buff *, const struct xt_action_param *); + bool (*match)(const struct sk_buff *, struct xt_action_param *); int (*checkentry)(const struct xt_mtchk_param *); void (*destroy)(const struct xt_mtdtor_param *); struct module *me; diff --git a/extensions/ipset/ipt_set.c b/extensions/ipset/ipt_set.c index 30cc264..d620573 100644 --- a/extensions/ipset/ipt_set.c +++ b/extensions/ipset/ipt_set.c @@ -38,7 +38,7 @@ match_set(const struct ipt_set_info *info, } static bool -match(const struct sk_buff *skb, const struct xt_action_param *par) +match(const struct sk_buff *skb, struct xt_action_param *par) { const struct ipt_set_info_match *info = par->matchinfo; diff --git a/extensions/pknock/xt_pknock.c b/extensions/pknock/xt_pknock.c index 8ddbd5a..c62df39 100644 --- a/extensions/pknock/xt_pknock.c +++ b/extensions/pknock/xt_pknock.c @@ -958,7 +958,7 @@ is_close_knock(const struct peer *peer, const struct xt_pknock_mtinfo *info, } static bool pknock_mt(const struct sk_buff *skb, - const struct xt_action_param *par) + struct xt_action_param *par) { const struct xt_pknock_mtinfo *info = par->matchinfo; struct xt_pknock_rule *rule; diff --git a/extensions/xt_DHCPMAC.c b/extensions/xt_DHCPMAC.c index 42b9197..d59babf 100644 --- a/extensions/xt_DHCPMAC.c +++ b/extensions/xt_DHCPMAC.c @@ -69,7 +69,7 @@ static bool ether_cmp(const unsigned char *lh, const unsigned char *rh, } static bool -dhcpmac_mt(const struct sk_buff *skb, const struct xt_action_param *par) +dhcpmac_mt(const struct sk_buff *skb, struct xt_action_param *par) { const struct dhcpmac_info *info = par->matchinfo; const struct dhcp_message *dh; diff --git a/extensions/xt_condition.c b/extensions/xt_condition.c index c1f082d..24f43c9 100644 --- a/extensions/xt_condition.c +++ b/extensions/xt_condition.c @@ -96,7 +96,7 @@ static int condition_proc_write(struct file *file, const char __user *buffer, } static bool -condition_mt(const struct sk_buff *skb, const struct xt_action_param *par) +condition_mt(const struct sk_buff *skb, struct xt_action_param *par) { const struct xt_condition_mtinfo *info = par->matchinfo; const struct condition_variable *var = info->condvar; diff --git a/extensions/xt_fuzzy.c b/extensions/xt_fuzzy.c index 4d066bf..b715751 100644 --- a/extensions/xt_fuzzy.c +++ b/extensions/xt_fuzzy.c @@ -60,7 +60,7 @@ static uint8_t mf_low(uint32_t tx, uint32_t mini, uint32_t maxi) } static bool -fuzzy_mt(const struct sk_buff *skb, const struct xt_action_param *par) +fuzzy_mt(const struct sk_buff *skb, struct xt_action_param *par) { struct xt_fuzzy_mtinfo *info = (void *)par->matchinfo; unsigned long amount; diff --git a/extensions/xt_geoip.c b/extensions/xt_geoip.c index 92d2915..4c6b29f 100644 --- a/extensions/xt_geoip.c +++ b/extensions/xt_geoip.c @@ -141,7 +141,7 @@ static bool geoip_bsearch(const struct geoip_subnet *range, } static bool -xt_geoip_mt(const struct sk_buff *skb, const struct xt_action_param *par) +xt_geoip_mt(const struct sk_buff *skb, struct xt_action_param *par) { const struct xt_geoip_match_info *info = par->matchinfo; const struct geoip_country_kernel *node; diff --git a/extensions/xt_iface.c b/extensions/xt_iface.c index e61dc9d..4bf5486 100644 --- a/extensions/xt_iface.c +++ b/extensions/xt_iface.c @@ -41,7 +41,7 @@ static const struct xt_iface_flag_pairs xt_iface_lookup[] = }; static bool xt_iface_mt(const struct sk_buff *skb, - const struct xt_action_param *par) + struct xt_action_param *par) { const struct xt_iface_mtinfo *info = par->matchinfo; struct net_device *dev; diff --git a/extensions/xt_ipp2p.c b/extensions/xt_ipp2p.c index 0886fb1..25cdc61 100644 --- a/extensions/xt_ipp2p.c +++ b/extensions/xt_ipp2p.c @@ -808,7 +808,7 @@ static const struct { }; static bool -ipp2p_mt(const struct sk_buff *skb, const struct xt_action_param *par) +ipp2p_mt(const struct sk_buff *skb, struct xt_action_param *par) { const struct ipt_p2p_info *info = par->matchinfo; const unsigned char *haystack; diff --git a/extensions/xt_ipv4options.c b/extensions/xt_ipv4options.c index a887821..f7e8f95 100644 --- a/extensions/xt_ipv4options.c +++ b/extensions/xt_ipv4options.c @@ -29,7 +29,7 @@ static uint32_t ipv4options_rd(const uint8_t *data, int len) } static bool ipv4options_mt(const struct sk_buff *skb, - const struct xt_action_param *par) + struct xt_action_param *par) { const struct xt_ipv4options_mtinfo1 *info = par->matchinfo; const struct iphdr *iph = ip_hdr(skb); diff --git a/extensions/xt_length2.c b/extensions/xt_length2.c index ca495df..9ba3739 100644 --- a/extensions/xt_length2.c +++ b/extensions/xt_length2.c @@ -137,7 +137,7 @@ static bool xtlength_layer7(unsigned int *length, const struct sk_buff *skb, } static bool -length2_mt(const struct sk_buff *skb, const struct xt_action_param *par) +length2_mt(const struct sk_buff *skb, struct xt_action_param *par) { const struct xt_length_mtinfo2 *info = par->matchinfo; const struct iphdr *iph = ip_hdr(skb); @@ -198,7 +198,7 @@ llayer4_proto(const struct sk_buff *skb, unsigned int *offset, bool *hotdrop) } static bool -length2_mt6(const struct sk_buff *skb, const struct xt_action_param *par) +length2_mt6(const struct sk_buff *skb, struct xt_action_param *par) { const struct xt_length_mtinfo2 *info = par->matchinfo; const struct ipv6hdr *iph = ipv6_hdr(skb); diff --git a/extensions/xt_lscan.c b/extensions/xt_lscan.c index 3af8621..88161c8 100644 --- a/extensions/xt_lscan.c +++ b/extensions/xt_lscan.c @@ -171,7 +171,7 @@ static inline unsigned int lscan_mt_full(int mark, } static bool -lscan_mt(const struct sk_buff *skb, const struct xt_action_param *par) +lscan_mt(const struct sk_buff *skb, struct xt_action_param *par) { const struct xt_lscan_mtinfo *info = par->matchinfo; enum ip_conntrack_info ctstate; diff --git a/extensions/xt_psd.c b/extensions/xt_psd.c index 4be8b4e..59e3780 100644 --- a/extensions/xt_psd.c +++ b/extensions/xt_psd.c @@ -100,7 +100,7 @@ static inline int hashfunc(struct in_addr addr) } static bool -xt_psd_match(const struct sk_buff *pskb, const struct xt_action_param *match) +xt_psd_match(const struct sk_buff *pskb, struct xt_action_param *match) { const struct iphdr *iph; const struct tcphdr *tcph; diff --git a/extensions/xt_quota2.c b/extensions/xt_quota2.c index 62f1274..4857008 100644 --- a/extensions/xt_quota2.c +++ b/extensions/xt_quota2.c @@ -189,7 +189,7 @@ static void quota_mt2_destroy(const struct xt_mtdtor_param *par) } static bool -quota_mt2(const struct sk_buff *skb, const struct xt_action_param *par) +quota_mt2(const struct sk_buff *skb, struct xt_action_param *par) { struct xt_quota_mtinfo2 *q = (void *)par->matchinfo; struct xt_quota_counter *e = q->master; From 43921c5834549c239cc2a5fa7a28d8404f7d3275 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Thu, 13 May 2010 19:34:36 +0200 Subject: [PATCH 4/5] compat_xtables: move to 2.6.35 xt_action_param (3/3) Since the last merge of the "api35" branch, further changes were included into nf-next. This set of three commits updates the xtables-addons API to match that. --- extensions/compat_xtables.c | 13 ++++++++----- extensions/compat_xtnu.h | 2 +- extensions/pknock/xt_pknock.c | 2 +- extensions/xt_length2.c | 2 +- 4 files changed, 11 insertions(+), 8 deletions(-) diff --git a/extensions/compat_xtables.c b/extensions/compat_xtables.c index 69fd607..9ee4dfb 100644 --- a/extensions/compat_xtables.c +++ b/extensions/compat_xtables.c @@ -34,7 +34,7 @@ static bool xtnu_match_run(const struct sk_buff *skb, #if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 27) { struct xtnu_match *nm = xtcompat_numatch(cm); - bool lo_drop = false, lo_ret; + bool lo_ret; struct xt_action_param local_par; local_par.in = in; local_par.out = out; @@ -42,13 +42,13 @@ static bool xtnu_match_run(const struct sk_buff *skb, local_par.matchinfo = matchinfo; local_par.fragoff = offset; local_par.thoff = protoff; - local_par.hotdrop = &lo_drop; + local_par.hotdrop = false; local_par.family = NFPROTO_UNSPEC; /* don't have that info */ if (nm == NULL || nm->match == NULL) return false; lo_ret = nm->match(skb, &local_par); - *hotdrop = lo_drop; + *hotdrop = local_par.hotdrop; return lo_ret; } #endif @@ -59,6 +59,7 @@ static bool xtnu_match_run(const struct sk_buff *skb, { struct xtnu_match *nm = xtcompat_numatch(par->match); struct xt_action_param local_par; + bool ret; local_par.in = par->in; local_par.out = par->out; @@ -66,12 +67,14 @@ static bool xtnu_match_run(const struct sk_buff *skb, local_par.matchinfo = par->matchinfo; local_par.fragoff = par->fragoff; local_par.thoff = par->thoff; - local_par.hotdrop = par->hotdrop; + local_par.hotdrop = false; local_par.family = par->family; if (nm == NULL || nm->match == NULL) return false; - return nm->match(skb, &local_par); + ret = nm->match(skb, &local_par); + *par->hotdrop = local_par.hotdrop; + return ret; } #endif diff --git a/extensions/compat_xtnu.h b/extensions/compat_xtnu.h index 4ff8adb..02b6575 100644 --- a/extensions/compat_xtnu.h +++ b/extensions/compat_xtnu.h @@ -84,7 +84,7 @@ struct xt_action_param { int fragoff; unsigned int thoff, hooknum; u_int8_t family; - bool *hotdrop; + bool hotdrop; }; #endif diff --git a/extensions/pknock/xt_pknock.c b/extensions/pknock/xt_pknock.c index c62df39..979a1da 100644 --- a/extensions/pknock/xt_pknock.c +++ b/extensions/pknock/xt_pknock.c @@ -975,7 +975,7 @@ static bool pknock_mt(const struct sk_buff *skb, /* We've been asked to examine this packet, and we * can't. Hence, no choice but to drop. */ - *par->hotdrop = true; + par->hotdrop = true; return false; } diff --git a/extensions/xt_length2.c b/extensions/xt_length2.c index 9ba3739..08e5519 100644 --- a/extensions/xt_length2.c +++ b/extensions/xt_length2.c @@ -209,7 +209,7 @@ length2_mt6(const struct sk_buff *skb, struct xt_action_param *par) if (info->flags & XT_LENGTH_LAYER3) { len = sizeof(struct ipv6hdr) + ntohs(iph->payload_len); } else { - l4proto = llayer4_proto(skb, &thoff, par->hotdrop); + l4proto = llayer4_proto(skb, &thoff, &par->hotdrop); if (l4proto == NEXTHDR_MAX) return false; if (info->flags & XT_LENGTH_LAYER4) From 54d80a73b42bd1d9c606e0bb4ae0b98e0162cb26 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Fri, 14 May 2010 11:51:34 +0200 Subject: [PATCH 5/5] compat_xtables: more 2.6.35 support --- configure.ac | 2 +- extensions/compat_xtables.c | 9 +++++++++ extensions/xt_CHAOS.c | 38 ++++++++++++++++++++++++++++++++++--- 3 files changed, 45 insertions(+), 4 deletions(-) diff --git a/configure.ac b/configure.ac index 4533454..07cc421 100644 --- a/configure.ac +++ b/configure.ac @@ -62,7 +62,7 @@ else fi; fi; echo "Found kernel version $kmajor.$kminor.$kmicro.$kstable in $kbuilddir"; -if test "$kmajor" -gt 2 -o "$kminor" -gt 6 -o "$kmicro" -gt 34; then +if test "$kmajor" -gt 2 -o "$kminor" -gt 6 -o "$kmicro" -gt 35; then echo "WARNING: You are trying a newer kernel. Results may vary. :-)"; elif test \( "$kmajor" -lt 2 -o "$kminor" -lt 6 -o "$kmicro" -lt 17 \) -o \ \( "$kmajor" -eq 2 -a "$kminor" -eq 6 -a "$kmicro" -eq 18 -a \ diff --git a/extensions/compat_xtables.c b/extensions/compat_xtables.c index 9ee4dfb..8514af8 100644 --- a/extensions/compat_xtables.c +++ b/extensions/compat_xtables.c @@ -275,6 +275,15 @@ xtnu_target_run(struct sk_buff *skb, const struct xt_target_param *par) return nt->target(&skb, &local_par); } #endif +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 35) +static unsigned int +xtnu_target_run(struct sk_buff *skb, const struct xt_action_param *par) +{ + struct xtnu_target *nt = xtcompat_nutarget(par->target); + + return nt->target(&skb, par); +} +#endif #if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 18) static int xtnu_target_check(const char *table, const void *entry, diff --git a/extensions/xt_CHAOS.c b/extensions/xt_CHAOS.c index 44492df..d98af4d 100644 --- a/extensions/xt_CHAOS.c +++ b/extensions/xt_CHAOS.c @@ -62,7 +62,7 @@ xt_chaos_total(struct sk_buff *skb, const struct xt_action_param *par) #if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 27) ret = xm_tcp->match(skb, par->in, par->out, xm_tcp, &tcp_params, fragoff, thoff, &hotdrop); -#else +#elif LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 34) { struct xt_match_param local_par = { .in = par->in, @@ -75,6 +75,19 @@ xt_chaos_total(struct sk_buff *skb, const struct xt_action_param *par) }; ret = xm_tcp->match(skb, &local_par); } +#else + { + struct xt_action_param local_par; + local_par.in = par->in, + local_par.out = par->out, + local_par.match = xm_tcp; + local_par.matchinfo = &tcp_params; + local_par.fragoff = fragoff; + local_par.thoff = thoff; + local_par.hotdrop = false; + ret = xm_tcp->match(skb, &local_par); + hotdrop = local_par.hotdrop; + } #endif if (!ret || hotdrop || (unsigned int)net_random() > delude_percentage) return; @@ -86,7 +99,7 @@ xt_chaos_total(struct sk_buff *skb, const struct xt_action_param *par) destiny->target(&skb, par->in, par->out, par->hooknum, destiny, NULL); #elif LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 27) destiny->target(skb, par->in, par->out, par->hooknum, destiny, NULL); -#else +#elif LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 34) { struct xt_target_param local_par = { .in = par->in, @@ -98,6 +111,17 @@ xt_chaos_total(struct sk_buff *skb, const struct xt_action_param *par) }; destiny->target(skb, &local_par); } +#else + { + struct xt_action_param local_par; + local_par.in = par->in; + local_par.out = par->out; + local_par.hooknum = par->hooknum; + local_par.target = destiny; + local_par.targinfo = par->targinfo; + local_par.family = par->family; + destiny->target(skb, &local_par); + } #endif } @@ -126,7 +150,7 @@ chaos_tg(struct sk_buff **pskb, const struct xt_action_param *par) #elif LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 27) return xt_reject->target(skb, par->in, par->out, par->hooknum, xt_reject, &reject_params); -#else +#elif LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 34) struct xt_target_param local_par = { .in = par->in, .out = par->out, @@ -135,6 +159,14 @@ chaos_tg(struct sk_buff **pskb, const struct xt_action_param *par) .targinfo = &reject_params, }; return xt_reject->target(skb, &local_par); +#else + struct xt_action_param local_par; + local_par.in = par->in; + local_par.out = par->out; + local_par.hooknum = par->hooknum; + local_par.target = xt_reject; + local_par.targinfo = &reject_params; + return xt_reject->target(skb, &local_par); #endif }