summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSerhey Popovych <serhe.popovych@gmail.com>2019-11-29 11:21:32 +0200
committerJozsef Kadlecsik <kadlec@netfilter.org>2019-12-09 11:07:02 +0100
commita065f8ed355f08131c39787b4c7a41543ff643b3 (patch)
tree5bc04778f2d526dd57b783dc5bc570fa34659a76
parent4eda9fd68157c444f70541bd10fde3c36e09f0f1 (diff)
em_ipset: Build on old kernels
Make sure TCF_EM_IPSET defined and corresponds to current upstream value if not defined in target kernel. You need iproute2 version that supports em_ipset to communicate correctly. Include ip_set_compat.h after pkt_cls.h to prevent TCF_EM_IPSET redefine error. Detect skb->iif => skb->skb_iif rename after commit 8964be4a9a5c ("net: rename skb->iif to skb->skb_iif"). Add dev_get_by_index_rcu() define pointing to __dev_get_by_index() to build on RHEL6 kernels with explicit note that this may not work on all architectures. Always build em_ipset regardless of CONFIG_NET_EMATCH_IPSET option. Signed-off-by: Serhey Popovych <serhe.popovych@gmail.com> Signed-off-by: Jozsef Kadlecsik <kadlec@netfilter.org>
-rw-r--r--configure.ac11
-rw-r--r--kernel/include/linux/netfilter/ipset/ip_set_compat.h.in17
-rw-r--r--kernel/net/sched/Kbuild2
-rw-r--r--kernel/net/sched/em_ipset.c2
4 files changed, 30 insertions, 2 deletions
diff --git a/configure.ac b/configure.ac
index 17ba184..e3ddcce 100644
--- a/configure.ac
+++ b/configure.ac
@@ -554,6 +554,17 @@ else
fi
fi
+AC_MSG_CHECKING([kernel source for iif to skb_iif rename in struct sk_buff])
+if test -f $ksourcedir/include/linux/skbuff.h && \
+ $AWK '/^struct sk_buff {/,/^};$/' $ksourcedir/include/linux/skbuff.h | \
+ $GREP -q 'skb_iif'; then
+ AC_MSG_RESULT(yes)
+ AC_SUBST(HAVE_SKB_IIF, define)
+else
+ AC_MSG_RESULT(no)
+ AC_SUBST(HAVE_SKB_IIF, undef)
+fi
+
AC_MSG_CHECKING([kernel source for struct net in struct xt_action_param])
if test -f $ksourcedir/include/linux/netfilter/x_tables.h && \
$AWK '/^struct xt_action_param /,/^}/' $ksourcedir/include/linux/netfilter/x_tables.h | \
diff --git a/kernel/include/linux/netfilter/ipset/ip_set_compat.h.in b/kernel/include/linux/netfilter/ipset/ip_set_compat.h.in
index 92d815e..d71c3fd 100644
--- a/kernel/include/linux/netfilter/ipset/ip_set_compat.h.in
+++ b/kernel/include/linux/netfilter/ipset/ip_set_compat.h.in
@@ -51,6 +51,7 @@
#@HAVE_SYNCHRONIZE_RCU_BH@ HAVE_SYNCHRONIZE_RCU_BH
#@HAVE_LOCKDEP_NFNL_IS_HELD@ HAVE_LOCKDEP_NFNL_IS_HELD
#@HAVE_COND_RESCHED_RCU@ HAVE_COND_RESCHED_RCU
+#@HAVE_SKB_IIF@ HAVE_SKB_IIF
#ifdef HAVE_EXPORT_SYMBOL_GPL_IN_MODULE_H
#include <linux/module.h>
@@ -430,5 +431,21 @@ static inline u16 nfnl_msg_type(u8 subsys, u8 msg_type)
#define SIZE_MAX (~(size_t)0)
#endif
+#ifndef TCF_EM_IPSET
+#define TCF_EM_IPSET 8
+#endif
+
+#ifndef HAVE_SKB_IIF
+#define skb_iif iif
+#endif
+
+#ifndef HAVE_DEV_GET_BY_INDEX_RCU
+/* This should not be considered RCU-safe on all architectures.
+ * You probably should consider upgrading your kernel in case of
+ * kernel crashes including em_ipset and this function call.
+ */
+#define dev_get_by_index_rcu __dev_get_by_index
+#endif
+
#endif /* IP_SET_COMPAT_HEADERS */
#endif /* __IP_SET_COMPAT_H */
diff --git a/kernel/net/sched/Kbuild b/kernel/net/sched/Kbuild
index 6d8e8d6..e93476c 100644
--- a/kernel/net/sched/Kbuild
+++ b/kernel/net/sched/Kbuild
@@ -1,4 +1,4 @@
NOSTDINC_FLAGS += -I$(KDIR)/include
EXTRA_CFLAGS := -DCONFIG_IP_SET_MAX=$(IP_SET_MAX)
-obj-$(CONFIG_NET_EMATCH_IPSET) += em_ipset.o
+obj-m += em_ipset.o
diff --git a/kernel/net/sched/em_ipset.c b/kernel/net/sched/em_ipset.c
index bd9566f..96fd4a3 100644
--- a/kernel/net/sched/em_ipset.c
+++ b/kernel/net/sched/em_ipset.c
@@ -15,10 +15,10 @@
#include <linux/string.h>
#include <linux/skbuff.h>
#include <linux/netfilter/xt_set.h>
-#include <linux/netfilter/ipset/ip_set_compat.h>
#include <linux/ipv6.h>
#include <net/ip.h>
#include <net/pkt_cls.h>
+#include <linux/netfilter/ipset/ip_set_compat.h>
#ifdef HAVE_TCF_EMATCH_OPS_CHANGE_ARG_NET
static int em_ipset_change(struct net *net, void *data, int data_len,