The LT library name is libxt_ACCOUNT_cl.la, so the variable should be
`libxt_ACCOUNT_cl_la_LDFLAGS`.
Fixes: 81ab0b9586 ("libxt_ACCOUNT_cl: drop padding holes from struct ipt_ACCOUNT_context")
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
./arch/arm/include/asm/div64.h:24:45: note: expected "uint64_t *"
{aka "long long unsigned int *"} but argument is of type
"long unsigned int *"
24 | static inline uint32_t __div64_32(uint64_t *n, uint32_t base)
The original patch for long division on x86 didn't take into account
the use of short circuit logic for checking if peer is NULL before
testing it. Here is a revised patch to v3.16.
get_seconds is removed in 5.11; its replacement ktime_get_real_seconds
is available since 3.19. The timestamps should not be affected by clock
resets, so will be switched to ktime_get_seconds.
The DEBUG definition in xt_pknock.h causes a compiler warning if one
adds a DEBUG define to xt_pknock.c to enable pr_debug. Since it only
controls some debugging output in libxt_pknock.c, it would make sense to
move the definition there, but let's just disable the debugging instead.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Replace some instances of `printk(KERN_ERR PKNOCK ...)`. We define
`pr_fmt`, so `pr_err` is equivalent.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
The group ID used by xt_pknock is configurable, but pknlusr hard-codes
it. Modify pknlusr to accept an optional ID from the command line.
Group IDs range from 1 to 32 and each ID appears in the group bitmask
at position `group_id - 1`.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
A return-value of zero is not an error, so there is no point calling
perror, but since we have not requested and do not expect a zero-length
datagram, we treat it as EOF and exit.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Use struct initialization and drop memset. We do not need to set the port
ID, since the kernel will do it for us.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
We only need to specify the address at our end, and given that we are
receiving messages, not sending them, calling it `src_addr` is
misleading.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
In 5.9, the `void __user` parameter has been replaced by a `sockptr`.
Update `ipt_acc_set_ctl` appropriately.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
In roff, lines beginning with a single quote are control lines. In the
libxt_DNETMAP man-page there is a single-quoted string at the beginning
of a line, which troff tries and fails to interpret as a macro:
troff: <standard input>:49: warning: macro 'S'' not defined
This means that the line is not output.
Replace the single quotes with the appropriate escape-sequences.
Fixes: v2.3~9 ("doc: spelling and grammar corrections to DNETMAP")
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
The Perl script that builds the GeoIP DBs uses inet_pton(3) to convert
the addresses to network byte order. This converts
"1234:5678::90ab:cdef"
to:
0x12 0x34 0x56 0x78 .. 0xcd 0xef, interpreted by an LE machine
accessing this in uint32_t-sized chunks as
8765:4321::fedc:ba09
The kernel module compares the addresses in packets with the ranges from
the DB in host byte order using binary search. It uses 32-bit swaps
when converting the addresses.
libxt_geoip, however, which the module uses to load the ranges from the
DB and convert them from NBO to HBO, uses 16-bit swaps to do so, and
this means that:
1234:5678::90ab:cdef
becomes:
4321:8765::ba09:fedc
Obviously, this is inconsistent with the kernel module and DB build
script and breaks the binary search.
Fixes: b91dbd03c7 ("geoip: store database in network byte order")
Reported-by: "Thomas B. Clark" <kernel@clark.bz>
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
