From 6a0ae483145159b0c903690c0313dbc03745c412 Mon Sep 17 00:00:00 2001 From: "/C=EU/ST=EU/CN=Jozsef Kadlecsik/emailAddress=kadlec@blackhole.kfki.hu" Date: Sat, 19 Jul 2008 20:48:19 +0000 Subject: Compatibility cleanup release: kernels >= 2.6.16 and 2.4.36.x are supported. --- kernel/Config.in.ipset | 15 +++ kernel/Makefile.export.ipset | 3 + kernel/include/linux/netfilter_ipv4/ip_set.h | 1 + .../include/linux/netfilter_ipv4/ip_set_compat.h | 70 ++++++++++ kernel/include/linux/netfilter_ipv4/ip_set_ipmap.h | 4 +- .../include/linux/netfilter_ipv4/ip_set_malloc.h | 12 +- kernel/ip_set.c | 2 +- kernel/ip_set_iphash.c | 16 +-- kernel/ip_set_ipmap.c | 15 --- kernel/ip_set_ipporthash.c | 43 +----- kernel/ip_set_iptree.c | 58 ++------ kernel/ip_set_iptreemap.c | 60 ++------- kernel/ip_set_macipmap.c | 25 ---- kernel/ip_set_nethash.c | 16 +-- kernel/ip_set_portmap.c | 12 -- kernel/ipt_SET.c | 133 +++++++++++++------ kernel/ipt_set.c | 147 ++++++++++++++------- kernel/patch_kernel | 41 +++++- 18 files changed, 350 insertions(+), 323 deletions(-) create mode 100644 kernel/Config.in.ipset create mode 100644 kernel/Makefile.export.ipset create mode 100644 kernel/include/linux/netfilter_ipv4/ip_set_compat.h (limited to 'kernel') diff --git a/kernel/Config.in.ipset b/kernel/Config.in.ipset new file mode 100644 index 0000000..0758f0a --- /dev/null +++ b/kernel/Config.in.ipset @@ -0,0 +1,15 @@ + dep_tristate ' IP set support' CONFIG_IP_NF_SET $CONFIG_IP_NF_IPTABLES + if [ "$CONFIG_IP_NF_SET" != "n" ]; then + int ' Maximum number of sets' CONFIG_IP_NF_SET_MAX 256 + int ' Hash size for bindings of IP sets' CONFIG_IP_NF_SET_HASHSIZE 1024 + dep_tristate ' set match support' CONFIG_IP_NF_MATCH_SET $CONFIG_IP_NF_SET + dep_tristate ' SET target support' CONFIG_IP_NF_TARGET_SET $CONFIG_IP_NF_SET + dep_tristate ' ipmap set type support' CONFIG_IP_NF_SET_IPMAP $CONFIG_IP_NF_SET + dep_tristate ' macipmap set type support' CONFIG_IP_NF_SET_MACIPMAP $CONFIG_IP_NF_SET + dep_tristate ' portmap set type support' CONFIG_IP_NF_SET_PORTMAP $CONFIG_IP_NF_SET + dep_tristate ' iphash set type support' CONFIG_IP_NF_SET_IPHASH $CONFIG_IP_NF_SET + dep_tristate ' nethash set type support' CONFIG_IP_NF_SET_NETHASH $CONFIG_IP_NF_SET + dep_tristate ' ipporthash set type support' CONFIG_IP_NF_SET_IPPORTHASH $CONFIG_IP_NF_SET + dep_tristate ' iptree set type support' CONFIG_IP_NF_SET_IPTREE $CONFIG_IP_NF_SET + dep_tristate ' iptreemap set type support' CONFIG_IP_NF_SET_IPTREEMAP $CONFIG_IP_NF_SET + fi diff --git a/kernel/Makefile.export.ipset b/kernel/Makefile.export.ipset new file mode 100644 index 0000000..1a971df --- /dev/null +++ b/kernel/Makefile.export.ipset @@ -0,0 +1,3 @@ +ifdef CONFIG_IP_NF_SET + export-objs += ip_set.o +endif diff --git a/kernel/include/linux/netfilter_ipv4/ip_set.h b/kernel/include/linux/netfilter_ipv4/ip_set.h index 92a746e..b8c7202 100644 --- a/kernel/include/linux/netfilter_ipv4/ip_set.h +++ b/kernel/include/linux/netfilter_ipv4/ip_set.h @@ -297,6 +297,7 @@ static inline int bitmap_bytes(ip_set_ip_t a, ip_set_ip_t b) } #ifdef __KERNEL__ +#include #define ip_set_printk(format, args...) \ do { \ diff --git a/kernel/include/linux/netfilter_ipv4/ip_set_compat.h b/kernel/include/linux/netfilter_ipv4/ip_set_compat.h new file mode 100644 index 0000000..8803d4f --- /dev/null +++ b/kernel/include/linux/netfilter_ipv4/ip_set_compat.h @@ -0,0 +1,70 @@ +#ifndef _IP_SET_COMPAT_H +#define _IP_SET_COMPAT_H + +#ifdef __KERNEL__ +#include + +/* Arrgh */ +#ifdef MODULE +#define __MOD_INC(foo) __MOD_INC_USE_COUNT(foo) +#define __MOD_DEC(foo) __MOD_DEC_USE_COUNT(foo) +#else +#define __MOD_INC(foo) +#define __MOD_DEC(foo) +#endif + +/* Backward compatibility */ +#ifndef __nocast +#define __nocast +#endif +#ifndef __bitwise__ +#define __bitwise__ +#endif + +/* Compatibility glue code */ +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) +#include +#define DEFINE_RWLOCK(x) rwlock_t x = RW_LOCK_UNLOCKED +#define try_module_get(x) (__MOD_INC(x), 1) +#define module_put(x) __MOD_DEC(x) +#define __clear_bit(nr, addr) clear_bit(nr, addr) +#define __set_bit(nr, addr) set_bit(nr, addr) +#define __test_and_set_bit(nr, addr) test_and_set_bit(nr, addr) +#define __test_and_clear_bit(nr, addr) test_and_clear_bit(nr, addr) + +typedef unsigned __bitwise__ gfp_t; + +static inline void *kzalloc(size_t size, gfp_t flags) +{ + void *data = kmalloc(size, flags); + + if (data) + memset(data, 0, size); + + return data; +} +#endif + +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,20) +#define __KMEM_CACHE_T__ kmem_cache_t +#else +#define __KMEM_CACHE_T__ struct kmem_cache +#endif + +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,22) +#define ip_hdr(skb) ((skb)->nh.iph) +#define skb_mac_header(skb) ((skb)->mac.raw) +#define eth_hdr(skb) ((struct ethhdr *)skb_mac_header(skb)) +#endif + +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,23) +#define KMEM_CACHE_CREATE(name, size) \ + kmem_cache_create(name, size, 0, 0, NULL, NULL) +#else +#define KMEM_CACHE_CREATE(name, size) \ + kmem_cache_create(name, size, 0, 0, NULL) +#endif + + +#endif /* __KERNEL__ */ +#endif /* _IP_SET_COMPAT_H */ diff --git a/kernel/include/linux/netfilter_ipv4/ip_set_ipmap.h b/kernel/include/linux/netfilter_ipv4/ip_set_ipmap.h index 2435102..e3390be 100644 --- a/kernel/include/linux/netfilter_ipv4/ip_set_ipmap.h +++ b/kernel/include/linux/netfilter_ipv4/ip_set_ipmap.h @@ -25,7 +25,7 @@ struct ip_set_req_ipmap { ip_set_ip_t ip; }; -unsigned int +static unsigned int mask_to_bits(ip_set_ip_t mask) { unsigned int bits = 32; @@ -41,7 +41,7 @@ mask_to_bits(ip_set_ip_t mask) return bits; } -ip_set_ip_t +static ip_set_ip_t range_to_mask(ip_set_ip_t from, ip_set_ip_t to, unsigned int *bits) { ip_set_ip_t mask = 0xFFFFFFFE; diff --git a/kernel/include/linux/netfilter_ipv4/ip_set_malloc.h b/kernel/include/linux/netfilter_ipv4/ip_set_malloc.h index 30701f4..d22bed7 100644 --- a/kernel/include/linux/netfilter_ipv4/ip_set_malloc.h +++ b/kernel/include/linux/netfilter_ipv4/ip_set_malloc.h @@ -5,10 +5,17 @@ static size_t max_malloc_size = 0, max_page_size = 0; -static inline bool init_max_page_size(void) +static inline int init_max_page_size(void) { +/* Compatibility glues to support 2.4.36 */ +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) +#define __GFP_NOWARN 0 + + /* Guaranteed: slab.c */ + max_malloc_size = max_page_size = 131072; +#else size_t page_size = 0; - + #define CACHE(x) if (max_page_size == 0 || x < max_page_size) \ page_size = x; #include @@ -21,6 +28,7 @@ static inline bool init_max_page_size(void) return 1; } +#endif return 0; } diff --git a/kernel/ip_set.c b/kernel/ip_set.c index 52741b1..8badef4 100644 --- a/kernel/ip_set.c +++ b/kernel/ip_set.c @@ -133,7 +133,7 @@ ip_set_hash_del(ip_set_id_t id, ip_set_ip_t ip) if (set_hash != NULL) __set_hash_del(set_hash); - write_unlock_bh(&ip_set_lock); + write_unlock_bh(&ip_set_lock); return 0; } diff --git a/kernel/ip_set_iphash.c b/kernel/ip_set_iphash.c index f91f88f..2ac6066 100644 --- a/kernel/ip_set_iphash.c +++ b/kernel/ip_set_iphash.c @@ -8,6 +8,7 @@ /* Kernel module implementing an ip hash set */ #include +#include #include #include #include @@ -88,13 +89,8 @@ testip_kernel(struct ip_set *set, { return __testip(set, ntohl(flags[index] & IPSET_SRC -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22) ? ip_hdr(skb)->saddr : ip_hdr(skb)->daddr), -#else - ? skb->nh.iph->saddr - : skb->nh.iph->daddr), -#endif hash_ip); } @@ -149,13 +145,8 @@ addip_kernel(struct ip_set *set, { return __addip((struct ip_set_iphash *) set->data, ntohl(flags[index] & IPSET_SRC -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22) ? ip_hdr(skb)->saddr : ip_hdr(skb)->daddr), -#else - ? skb->nh.iph->saddr - : skb->nh.iph->daddr), -#endif hash_ip); } @@ -276,13 +267,8 @@ delip_kernel(struct ip_set *set, { return __delip(set, ntohl(flags[index] & IPSET_SRC -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22) ? ip_hdr(skb)->saddr : ip_hdr(skb)->daddr), -#else - ? skb->nh.iph->saddr - : skb->nh.iph->daddr), -#endif hash_ip); } diff --git a/kernel/ip_set_ipmap.c b/kernel/ip_set_ipmap.c index 948c202..aeead3b 100644 --- a/kernel/ip_set_ipmap.c +++ b/kernel/ip_set_ipmap.c @@ -66,13 +66,8 @@ testip_kernel(struct ip_set *set, { int res = __testip(set, ntohl(flags[index] & IPSET_SRC -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22) ? ip_hdr(skb)->saddr : ip_hdr(skb)->daddr), -#else - ? skb->nh.iph->saddr - : skb->nh.iph->daddr), -#endif hash_ip); return (res < 0 ? 0 : res); } @@ -118,13 +113,8 @@ addip_kernel(struct ip_set *set, { return __addip(set, ntohl(flags[index] & IPSET_SRC -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22) ? ip_hdr(skb)->saddr : ip_hdr(skb)->daddr), -#else - ? skb->nh.iph->saddr - : skb->nh.iph->daddr), -#endif hash_ip); } @@ -168,13 +158,8 @@ delip_kernel(struct ip_set *set, { return __delip(set, ntohl(flags[index] & IPSET_SRC -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22) ? ip_hdr(skb)->saddr : ip_hdr(skb)->daddr), -#else - ? skb->nh.iph->saddr - : skb->nh.iph->daddr), -#endif hash_ip); } diff --git a/kernel/ip_set_ipporthash.c b/kernel/ip_set_ipporthash.c index adb6c7b..4e656cd 100644 --- a/kernel/ip_set_ipporthash.c +++ b/kernel/ip_set_ipporthash.c @@ -8,6 +8,7 @@ /* Kernel module implementing an ip+port hash set */ #include +#include #include #include #include @@ -34,11 +35,7 @@ static int limit = MAX_RANGE; static inline ip_set_ip_t get_port(const struct sk_buff *skb, u_int32_t flags) { -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22) struct iphdr *iph = ip_hdr(skb); -#else - struct iphdr *iph = skb->nh.iph; -#endif u_int16_t offset = ntohs(iph->frag_off) & IP_OFFSET; switch (iph->protocol) { @@ -49,11 +46,7 @@ get_port(const struct sk_buff *skb, u_int32_t flags) if (offset) return INVALID_PORT; -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22) if (skb_copy_bits(skb, ip_hdr(skb)->ihl*4, &tcph, sizeof(tcph)) < 0) -#else - if (skb_copy_bits(skb, skb->nh.iph->ihl*4, &tcph, sizeof(tcph)) < 0) -#endif /* No choice either */ return INVALID_PORT; @@ -66,11 +59,7 @@ get_port(const struct sk_buff *skb, u_int32_t flags) if (offset) return INVALID_PORT; -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22) if (skb_copy_bits(skb, ip_hdr(skb)->ihl*4, &udph, sizeof(udph)) < 0) -#else - if (skb_copy_bits(skb, skb->nh.iph->ihl*4, &udph, sizeof(udph)) < 0) -#endif /* No choice either */ return INVALID_PORT; @@ -159,13 +148,8 @@ testip_kernel(struct ip_set *set, DP("flag: %s src: %u.%u.%u.%u dst: %u.%u.%u.%u", flags[index] & IPSET_SRC ? "SRC" : "DST", -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22) NIPQUAD(ip_hdr(skb)->saddr), NIPQUAD(ip_hdr(skb)->daddr)); -#else - NIPQUAD(skb->nh.iph->saddr), - NIPQUAD(skb->nh.iph->daddr)); -#endif DP("flag %s port %u", flags[index+1] & IPSET_SRC ? "SRC" : "DST", port); @@ -174,13 +158,8 @@ testip_kernel(struct ip_set *set, res = __testip(set, ntohl(flags[index] & IPSET_SRC -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22) ? ip_hdr(skb)->saddr : ip_hdr(skb)->daddr), -#else - ? skb->nh.iph->saddr - : skb->nh.iph->daddr), -#endif port, hash_ip); return (res < 0 ? 0 : res); @@ -254,13 +233,8 @@ addip_kernel(struct ip_set *set, DP("flag: %s src: %u.%u.%u.%u dst: %u.%u.%u.%u", flags[index] & IPSET_SRC ? "SRC" : "DST", -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22) NIPQUAD(ip_hdr(skb)->saddr), NIPQUAD(ip_hdr(skb)->daddr)); -#else - NIPQUAD(skb->nh.iph->saddr), - NIPQUAD(skb->nh.iph->daddr)); -#endif DP("flag %s port %u", flags[index+1] & IPSET_SRC ? "SRC" : "DST", port); @@ -269,13 +243,8 @@ addip_kernel(struct ip_set *set, return __addip(set->data, ntohl(flags[index] & IPSET_SRC -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22) ? ip_hdr(skb)->saddr : ip_hdr(skb)->daddr), -#else - ? skb->nh.iph->saddr - : skb->nh.iph->daddr), -#endif port, hash_ip); } @@ -408,13 +377,8 @@ delip_kernel(struct ip_set *set, DP("flag: %s src: %u.%u.%u.%u dst: %u.%u.%u.%u", flags[index] & IPSET_SRC ? "SRC" : "DST", -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22) NIPQUAD(ip_hdr(skb)->saddr), NIPQUAD(ip_hdr(skb)->daddr)); -#else - NIPQUAD(skb->nh.iph->saddr), - NIPQUAD(skb->nh.iph->daddr)); -#endif DP("flag %s port %u", flags[index+1] & IPSET_SRC ? "SRC" : "DST", port); @@ -423,13 +387,8 @@ delip_kernel(struct ip_set *set, return __delip(set, ntohl(flags[index] & IPSET_SRC -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22) ? ip_hdr(skb)->saddr : ip_hdr(skb)->daddr), -#else - ? skb->nh.iph->saddr - : skb->nh.iph->daddr), -#endif port, hash_ip); } diff --git a/kernel/ip_set_iptree.c b/kernel/ip_set_iptree.c index 1a5c32a..2e0a406 100644 --- a/kernel/ip_set_iptree.c +++ b/kernel/ip_set_iptree.c @@ -9,6 +9,7 @@ #include #include +#include #include #include #include @@ -20,11 +21,6 @@ #include #include -/* Backward compatibility */ -#ifndef __nocast -#define __nocast -#endif - #include static int limit = MAX_RANGE; @@ -35,13 +31,9 @@ static int limit = MAX_RANGE; * to delete the gc timer at destroying/flushing a set */ #define IPTREE_DESTROY_SLEEP 100 -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,21) -static struct kmem_cache *branch_cachep; -static struct kmem_cache *leaf_cachep; -#else -static kmem_cache_t *branch_cachep; -static kmem_cache_t *leaf_cachep; -#endif +static __KMEM_CACHE_T__ *branch_cachep; +static __KMEM_CACHE_T__ *leaf_cachep; + #if defined(__LITTLE_ENDIAN) #define ABCD(a,b,c,d,addrp) do { \ @@ -118,23 +110,13 @@ testip_kernel(struct ip_set *set, DP("flag: %s src: %u.%u.%u.%u dst: %u.%u.%u.%u", flags[index] & IPSET_SRC ? "SRC" : "DST", -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22) NIPQUAD(ip_hdr(skb)->saddr), NIPQUAD(ip_hdr(skb)->daddr)); -#else - NIPQUAD(skb->nh.iph->saddr), - NIPQUAD(skb->nh.iph->daddr)); -#endif res = __testip(set, ntohl(flags[index] & IPSET_SRC -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22) ? ip_hdr(skb)->saddr : ip_hdr(skb)->daddr), -#else - ? skb->nh.iph->saddr - : skb->nh.iph->daddr), -#endif hash_ip); return (res < 0 ? 0 : res); } @@ -219,13 +201,8 @@ addip_kernel(struct ip_set *set, return __addip(set, ntohl(flags[index] & IPSET_SRC -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22) ? ip_hdr(skb)->saddr : ip_hdr(skb)->daddr), -#else - ? skb->nh.iph->saddr - : skb->nh.iph->daddr), -#endif map->timeout, hash_ip); } @@ -287,13 +264,8 @@ delip_kernel(struct ip_set *set, { return __delip(set, ntohl(flags[index] & IPSET_SRC -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22) ? ip_hdr(skb)->saddr : ip_hdr(skb)->daddr), -#else - ? skb->nh.iph->saddr - : skb->nh.iph->daddr), -#endif hash_ip); } @@ -556,29 +528,15 @@ static int __init ip_set_iptree_init(void) { int ret; -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23) - branch_cachep = kmem_cache_create("ip_set_iptreeb", - sizeof(struct ip_set_iptreeb), - 0, 0, NULL); -#else - branch_cachep = kmem_cache_create("ip_set_iptreeb", - sizeof(struct ip_set_iptreeb), - 0, 0, NULL, NULL); -#endif + branch_cachep = KMEM_CACHE_CREATE("ip_set_iptreeb", + sizeof(struct ip_set_iptreeb)); if (!branch_cachep) { printk(KERN_ERR "Unable to create ip_set_iptreeb slab cache\n"); ret = -ENOMEM; goto out; } -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23) - leaf_cachep = kmem_cache_create("ip_set_iptreed", - sizeof(struct ip_set_iptreed), - 0, 0, NULL); -#else - leaf_cachep = kmem_cache_create("ip_set_iptreed", - sizeof(struct ip_set_iptreed), - 0, 0, NULL, NULL); -#endif + leaf_cachep = KMEM_CACHE_CREATE("ip_set_iptreed", + sizeof(struct ip_set_iptreed)); if (!leaf_cachep) { printk(KERN_ERR "Unable to create ip_set_iptreed slab cache\n"); ret = -ENOMEM; diff --git a/kernel/ip_set_iptreemap.c b/kernel/ip_set_iptreemap.c index 62fcf7b..dedf8a4 100644 --- a/kernel/ip_set_iptreemap.c +++ b/kernel/ip_set_iptreemap.c @@ -30,15 +30,9 @@ #define IPTREEMAP_DEFAULT_GC_TIME (5 * 60) #define IPTREEMAP_DESTROY_SLEEP (100) -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,21) -static struct kmem_cache *cachep_b; -static struct kmem_cache *cachep_c; -static struct kmem_cache *cachep_d; -#else -static kmem_cache_t *cachep_b; -static kmem_cache_t *cachep_c; -static kmem_cache_t *cachep_d; -#endif +static __KMEM_CACHE_T__ *cachep_b; +static __KMEM_CACHE_T__ *cachep_c; +static __KMEM_CACHE_T__ *cachep_d; static struct ip_set_iptreemap_d *fullbitmap_d; static struct ip_set_iptreemap_c *fullbitmap_c; @@ -295,13 +289,8 @@ testip_kernel(struct ip_set *set, const struct sk_buff *skb, ip_set_ip_t *hash_i res = __testip(set, ntohl(flags[index] & IPSET_SRC -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22) ? ip_hdr(skb)->saddr : ip_hdr(skb)->daddr), -#else - ? skb->nh.iph->saddr - : skb->nh.iph->daddr), -#endif hash_ip); return (res < 0 ? 0 : res); @@ -384,13 +373,8 @@ addip_kernel(struct ip_set *set, const struct sk_buff *skb, ip_set_ip_t *hash_ip return __addip_single(set, ntohl(flags[index] & IPSET_SRC -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22) ? ip_hdr(skb)->saddr : ip_hdr(skb)->daddr), -#else - ? skb->nh.iph->saddr - : skb->nh.iph->daddr), -#endif hash_ip); } @@ -470,13 +454,8 @@ delip_kernel(struct ip_set *set, const struct sk_buff *skb, ip_set_ip_t *hash_ip { return __delip_single(set, ntohl(flags[index] & IPSET_SRC -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22) ? ip_hdr(skb)->saddr : ip_hdr(skb)->daddr), -#else - ? skb->nh.iph->saddr - : skb->nh.iph->daddr), -#endif hash_ip, GFP_ATOMIC); } @@ -725,43 +704,22 @@ static int __init ip_set_iptreemap_init(void) int ret = -ENOMEM; int a; -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23) - cachep_b = kmem_cache_create("ip_set_iptreemap_b", - sizeof(struct ip_set_iptreemap_b), - 0, 0, NULL); -#else - cachep_b = kmem_cache_create("ip_set_iptreemap_b", - sizeof(struct ip_set_iptreemap_b), - 0, 0, NULL, NULL); -#endif + cachep_b = KMEM_CACHE_CREATE("ip_set_iptreemap_b", + sizeof(struct ip_set_iptreemap_b)); if (!cachep_b) { ip_set_printk("Unable to create ip_set_iptreemap_b slab cache"); goto out; } -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23) - cachep_c = kmem_cache_create("ip_set_iptreemap_c", - sizeof(struct ip_set_iptreemap_c), - 0, 0, NULL); -#else - cachep_c = kmem_cache_create("ip_set_iptreemap_c", - sizeof(struct ip_set_iptreemap_c), - 0, 0, NULL, NULL); -#endif + cachep_c = KMEM_CACHE_CREATE("ip_set_iptreemap_c", + sizeof(struct ip_set_iptreemap_c)); if (!cachep_c) { ip_set_printk("Unable to create ip_set_iptreemap_c slab cache"); goto outb; } -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23) - cachep_d = kmem_cache_create("ip_set_iptreemap_d", - sizeof(struct ip_set_iptreemap_d), - 0, 0, NULL); -#else - cachep_d = kmem_cache_create("ip_set_iptreemap_d", - sizeof(struct ip_set_iptreemap_d), - 0, 0, NULL, NULL); -#endif + cachep_d = KMEM_CACHE_CREATE("ip_set_iptreemap_d", + sizeof(struct ip_set_iptreemap_d)); if (!cachep_d) { ip_set_printk("Unable to create ip_set_iptreemap_d slab cache"); goto outc; diff --git a/kernel/ip_set_macipmap.c b/kernel/ip_set_macipmap.c index e29c99d..33e2808 100644 --- a/kernel/ip_set_macipmap.c +++ b/kernel/ip_set_macipmap.c @@ -68,13 +68,8 @@ testip_kernel(struct ip_set *set, ip_set_ip_t ip; ip = ntohl(flags[index] & IPSET_SRC -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22) ? ip_hdr(skb)->saddr : ip_hdr(skb)->daddr); -#else - ? skb->nh.iph->saddr - : skb->nh.iph->daddr); -#endif if (ip < map->first_ip || ip > map->last_ip) return 0; @@ -86,13 +81,8 @@ testip_kernel(struct ip_set *set, (void *) &table[ip - map->first_ip].flags)) { /* Is mac pointer valid? * If so, compare... */ -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22) return (skb_mac_header(skb) >= skb->head && (skb_mac_header(skb) + ETH_HLEN) <= skb->data -#else - return (skb->mac.raw >= skb->head - && (skb->mac.raw + ETH_HLEN) <= skb->data -#endif && (memcmp(eth_hdr(skb)->h_source, &table[ip - map->first_ip].ethernet, ETH_ALEN) == 0)); @@ -146,21 +136,11 @@ addip_kernel(struct ip_set *set, ip_set_ip_t ip; ip = ntohl(flags[index] & IPSET_SRC -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22) ? ip_hdr(skb)->saddr : ip_hdr(skb)->daddr); -#else - ? skb->nh.iph->saddr - : skb->nh.iph->daddr); -#endif -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22) if (!(skb_mac_header(skb) >= skb->head && (skb_mac_header(skb) + ETH_HLEN) <= skb->data)) -#else - if (!(skb->mac.raw >= skb->head - && (skb->mac.raw + ETH_HLEN) <= skb->data)) -#endif return -EINVAL; return __addip(set, ip, eth_hdr(skb)->h_source, hash_ip); @@ -207,13 +187,8 @@ delip_kernel(struct ip_set *set, { return __delip(set, ntohl(flags[index] & IPSET_SRC -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22) ? ip_hdr(skb)->saddr : ip_hdr(skb)->daddr), -#else - ? skb->nh.iph->saddr - : skb->nh.iph->daddr), -#endif hash_ip); } diff --git a/kernel/ip_set_nethash.c b/kernel/ip_set_nethash.c index bb866b5..ecdf369 100644 --- a/kernel/ip_set_nethash.c +++ b/kernel/ip_set_nethash.c @@ -8,6 +8,7 @@ /* Kernel module implementing a cidr nethash set */ #include +#include #include #include #include @@ -111,13 +112,8 @@ testip_kernel(struct ip_set *set, { return __testip(set, ntohl(flags[index] & IPSET_SRC -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22) ? ip_hdr(skb)->saddr : ip_hdr(skb)->daddr), -#else - ? skb->nh.iph->saddr - : skb->nh.iph->daddr), -#endif hash_ip); } @@ -206,13 +202,8 @@ addip_kernel(struct ip_set *set, struct ip_set_nethash *map = set->data; int ret = -ERANGE; ip_set_ip_t ip = ntohl(flags[index] & IPSET_SRC -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22) ? ip_hdr(skb)->saddr : ip_hdr(skb)->daddr); -#else - ? skb->nh.iph->saddr - : skb->nh.iph->daddr); -#endif if (map->cidr[0]) ret = __addip(map, ip, map->cidr[0], hash_ip); @@ -338,13 +329,8 @@ delip_kernel(struct ip_set *set, struct ip_set_nethash *map = set->data; int ret = -ERANGE; ip_set_ip_t ip = ntohl(flags[index] & IPSET_SRC -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22) ? ip_hdr(skb)->saddr : ip_hdr(skb)->daddr); -#else - ? skb->nh.iph->saddr - : skb->nh.iph->daddr); -#endif if (map->cidr[0]) ret = __delip(map, ip, map->cidr[0], hash_ip); diff --git a/kernel/ip_set_portmap.c b/kernel/ip_set_portmap.c index 3e158be..aeaabcd 100644 --- a/kernel/ip_set_portmap.c +++ b/kernel/ip_set_portmap.c @@ -28,11 +28,7 @@ static inline ip_set_ip_t get_port(const struct sk_buff *skb, u_int32_t flags) { -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22) struct iphdr *iph = ip_hdr(skb); -#else - struct iphdr *iph = skb->nh.iph; -#endif u_int16_t offset = ntohs(iph->frag_off) & IP_OFFSET; switch (iph->protocol) { case IPPROTO_TCP: { @@ -42,11 +38,7 @@ get_port(const struct sk_buff *skb, u_int32_t flags) if (offset) return INVALID_PORT; -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22) if (skb_copy_bits(skb, ip_hdr(skb)->ihl*4, &tcph, sizeof(tcph)) < 0) -#else - if (skb_copy_bits(skb, skb->nh.iph->ihl*4, &tcph, sizeof(tcph)) < 0) -#endif /* No choice either */ return INVALID_PORT; @@ -59,11 +51,7 @@ get_port(const struct sk_buff *skb, u_int32_t flags) if (offset) return INVALID_PORT; -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22) if (skb_copy_bits(skb, ip_hdr(skb)->ihl*4, &udph, sizeof(udph)) < 0) -#else - if (skb_copy_bits(skb, skb->nh.iph->ihl*4, &udph, sizeof(udph)) < 0) -#endif /* No choice either */ return INVALID_PORT; diff --git a/kernel/ipt_SET.c b/kernel/ipt_SET.c index 63ada14..f6afafd 100644 --- a/kernel/ipt_SET.c +++ b/kernel/ipt_SET.c @@ -22,25 +22,53 @@ #include #include #include +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,16) #include +#define xt_register_target ipt_register_target +#define xt_unregister_target ipt_unregister_target +#define xt_target ipt_target +#define XT_CONTINUE IPT_CONTINUE +#else +#include +#endif #include static unsigned int -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,24) -target(struct sk_buff *skb, -#else +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) +target(struct sk_buff **pskb, + unsigned int hooknum, + const struct net_device *in, + const struct net_device *out, + const void *targinfo, + void *userinfo) +#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17) +target(struct sk_buff **pskb, + const struct net_device *in, + const struct net_device *out, + unsigned int hooknum, + const void *targinfo, + void *userinfo) +#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19) target(struct sk_buff **pskb, -#endif const struct net_device *in, const struct net_device *out, unsigned int hooknum, -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17) const struct xt_target *target, -#endif -#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19) const void *targinfo, void *userinfo) -#else +#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,24) +target(struct sk_buff **pskb, + const struct net_device *in, + const struct net_device *out, + unsigned int hooknum, + const struct xt_target *target, + const void *targinfo) +#else /* LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,24) */ +target(struct sk_buff *skb, + const struct net_device *in, + const struct net_device *out, + unsigned int hooknum, + const struct xt_target *target, const void *targinfo) #endif { @@ -59,33 +87,51 @@ target(struct sk_buff **pskb, skb, info->del_set.flags); - return IPT_CONTINUE; + return XT_CONTINUE; } -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23) -static bool -#else +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,16) static int -#endif checkentry(const char *tablename, -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,16) - const void *e, -#else const struct ipt_entry *e, -#endif -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17) + void *targinfo, + unsigned int targinfosize, + unsigned int hook_mask) +#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17) +static int +checkentry(const char *tablename, + const void *e, + void *targinfo, + unsigned int targinfosize, + unsigned int hook_mask) +#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19) +static int +checkentry(const char *tablename, + const void *e, const struct xt_target *target, -#endif void *targinfo, -#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19) unsigned int targinfosize, -#endif unsigned int hook_mask) +#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,23) +static int +checkentry(const char *tablename, + const void *e, + const struct xt_target *target, + void *targinfo, + unsigned int hook_mask) +#else /* LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23) */ +static bool +checkentry(const char *tablename, + const void *e, + const struct xt_target *target, + void *targinfo, + unsigned int hook_mask) +#endif { struct ipt_set_info_target *info = targinfo; ip_set_id_t index; -#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19) +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17) if (targinfosize != IPT_ALIGN(sizeof(*info))) { DP("bad target info size %u", targinfosize); return 0; @@ -118,19 +164,21 @@ checkentry(const char *tablename, return 1; } -static void destroy( -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17) - const struct xt_target *target, -#endif -#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19) - void *targetinfo, unsigned int targetsize) -#else +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17) +static void destroy(void *targetinfo, + unsigned int targetsize) +#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19) +static void destroy(const struct xt_target *target, + void *targetinfo, + unsigned int targetsize) +#else /* LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19) */ +static void destroy(const struct xt_target *target, void *targetinfo) #endif { struct ipt_set_info_target *info = targetinfo; -#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19) +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17) if (targetsize != IPT_ALIGN(sizeof(struct ipt_set_info_target))) { ip_set_printk("invalid targetsize %d", targetsize); return; @@ -142,37 +190,38 @@ static void destroy( ip_set_put(info->del_set.index); } -static struct ipt_target SET_target = { +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17) +static struct xt_target SET_target = { + .name = "SET", + .target = target, + .checkentry = checkentry, + .destroy = destroy, + .me = THIS_MODULE +}; +#else /* LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17) */ +static struct xt_target SET_target = { .name = "SET", -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,21) .family = AF_INET, -#endif .target = target, -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17) .targetsize = sizeof(struct ipt_set_info_target), -#endif .checkentry = checkentry, .destroy = destroy, .me = THIS_MODULE }; +#endif MODULE_LICENSE("GPL"); MODULE_AUTHOR("Jozsef Kadlecsik "); MODULE_DESCRIPTION("iptables IP set target module"); -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,21) -#define ipt_register_target xt_register_target -#define ipt_unregister_target xt_unregister_target -#endif - static int __init ipt_SET_init(void) { - return ipt_register_target(&SET_target); + return xt_register_target(&SET_target); } static void __exit ipt_SET_fini(void) { - ipt_unregister_target(&SET_target); + xt_unregister_target(&SET_target); } module_init(ipt_SET_init); diff --git a/kernel/ipt_set.c b/kernel/ipt_set.c index eb064fe..b08b3bb 100644 --- a/kernel/ipt_set.c +++ b/kernel/ipt_set.c @@ -15,7 +15,14 @@ #include #include +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,16) #include +#define xt_register_match ipt_register_match +#define xt_unregister_match ipt_unregister_match +#define xt_match ipt_match +#else +#include +#endif #include #include @@ -29,24 +36,53 @@ match_set(const struct ipt_set_info *info, return inv; } -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23) -static bool -#else +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) +static int +match(const struct sk_buff *skb, + const struct net_device *in, + const struct net_device *out, + const void *matchinfo, + int offset, + const void *hdr, + u_int16_t datalen, + int *hotdrop) +#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,16) +static int +match(const struct sk_buff *skb, + const struct net_device *in, + const struct net_device *out, + const void *matchinfo, + int offset, + int *hotdrop) +#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17) +static int +match(const struct sk_buff *skb, + const struct net_device *in, + const struct net_device *out, + const void *matchinfo, + int offset, + unsigned int protoff, + int *hotdrop) +#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,23) static int -#endif match(const struct sk_buff *skb, const struct net_device *in, const struct net_device *out, -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17) const struct xt_match *match, -#endif const void *matchinfo, -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23) - int offset, unsigned int protoff, bool *hotdrop) -#elif LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,16) - int offset, unsigned int protoff, int *hotdrop) -#else - int offset, int *hotdrop) + int offset, + unsigned int protoff, + int *hotdrop) +#else /* LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23) */ +static bool +match(const struct sk_buff *skb, + const struct net_device *in, + const struct net_device *out, + const struct xt_match *match, + const void *matchinfo, + int offset, + unsigned int protoff, + bool *hotdrop) #endif { const struct ipt_set_info_match *info = matchinfo; @@ -56,30 +92,48 @@ match(const struct sk_buff *skb, info->match_set.flags[0] & IPSET_MATCH_INV); } -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23) -static bool -#else +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,16) static int -#endif checkentry(const char *tablename, -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,16) - const void *inf, -#else const struct ipt_ip *ip, -#endif -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17) + void *matchinfo, + unsigned int matchsize, + unsigned int hook_mask) +#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17) +static int +checkentry(const char *tablename, + const void *inf, + void *matchinfo, + unsigned int matchsize, + unsigned int hook_mask) +#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19) +static int +checkentry(const char *tablename, + const void *inf, const struct xt_match *match, -#endif void *matchinfo, -#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19) unsigned int matchsize, -#endif unsigned int hook_mask) +#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,23) +static int +checkentry(const char *tablename, + const void *inf, + const struct xt_match *match, + void *matchinfo, + unsigned int hook_mask) +#else /* LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23) */ +static bool +checkentry(const char *tablename, + const void *inf, + const struct xt_match *match, + void *matchinfo, + unsigned int hook_mask) +#endif { struct ipt_set_info_match *info = matchinfo; ip_set_id_t index; -#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19) +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17) if (matchsize != IPT_ALIGN(sizeof(struct ipt_set_info_match))) { ip_set_printk("invalid matchsize %d", matchsize); return 0; @@ -101,19 +155,21 @@ checkentry(const char *tablename, return 1; } -static void destroy( -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17) - const struct xt_match *match, -#endif -#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19) - void *matchinfo, unsigned int matchsize) -#else +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17) +static void destroy(void *matchinfo, + unsigned int matchsize) +#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19) +static void destroy(const struct xt_match *match, + void *matchinfo, + unsigned int matchsize) +#else /* LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19) */ +static void destroy(const struct xt_match *match, void *matchinfo) #endif { struct ipt_set_info_match *info = matchinfo; -#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19) +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17) if (matchsize != IPT_ALIGN(sizeof(struct ipt_set_info_match))) { ip_set_printk("invalid matchsize %d", matchsize); return; @@ -122,37 +178,38 @@ static void destroy( ip_set_put(info->match_set.index); } -static struct ipt_match set_match = { +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17) +static struct xt_match set_match = { + .name = "set", + .match = &match, + .checkentry = &checkentry, + .destroy = &destroy, + .me = THIS_MODULE +}; +#else /* LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17) */ +static struct xt_match set_match = { .name = "set", -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,21) .family = AF_INET, -#endif .match = &match, -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17) .matchsize = sizeof(struct ipt_set_info_match), -#endif .checkentry = &checkentry, .destroy = &destroy, .me = THIS_MODULE }; +#endif MODULE_LICENSE("GPL"); MODULE_AUTHOR("Jozsef Kadlecsik "); MODULE_DESCRIPTION("iptables IP set match module"); -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,21) -#define ipt_register_match xt_register_match -#define ipt_unregister_match xt_unregister_match -#endif - static int __init ipt_ipset_init(void) { - return ipt_register_match(&set_match); + return xt_register_match(&set_match); } static void __exit ipt_ipset_fini(void) { - ipt_unregister_match(&set_match); + xt_unregister_match(&set_match); } module_init(ipt_ipset_init); diff --git a/kernel/patch_kernel b/kernel/patch_kernel index f5b800b..a3f96f0 100755 --- a/kernel/patch_kernel +++ b/kernel/patch_kernel @@ -13,6 +13,17 @@ kconfig() { echo "endmenu" >> $file } +config() { + file=$1/net/ipv4/netfilter/Config.in + if [ "`grep 'CONFIG_IP_NF_SET' $file`" ]; then + return + fi + mv $file $file.orig + grep -v endmenu $file.orig > $file + cat Config.in.ipset >> $file + echo "endmenu" >> $file +} + makefile() { file=$1/net/ipv4/netfilter/Makefile if [ "`grep CONFIG_IP_NF_SET $file`" ]; then @@ -22,6 +33,20 @@ makefile() { cat Makefile.ipset >> $file } +oldmakefile() { + file=$1/net/ipv4/netfilter/Makefile + if [ "`grep CONFIG_IP_NF_SET $file`" ]; then + return + fi + lineno=`grep -n Rules.make $file | cut -f1 -d:` + lineno=$((lineno-1)) + head -n $lineno $file > $file.head + lineno=$((lineno+1)) + tail +$lineno $file > $file.tail + cp $file $file.orig + cat $file.head Makefile.ipset Makefile.export.ipset $file.tail > $file +} + tree() { cp include/linux/netfilter_ipv4/* $1/include/linux/netfilter_ipv4/ cp *.c $1/net/ipv4/netfilter/ @@ -31,11 +56,15 @@ if [ -z "$1" ]; then echo "Error: missing kernel directory parameter." exit 1 fi -if [ ! -f $1/net/ipv4/netfilter/Kconfig ]; then - echo "Error: the directory $1 doesn't look like a Linux 2.6.x kernel source tree." +if [ -f $1/net/ipv4/netfilter/Kconfig ]; then + tree $1 + kconfig $1 + makefile $1 +elif [ -f $1/net/ipv4/netfilter/Config.in ]; then + tree $1 + config $1 + oldmakefile $1 +else + echo "Error: The directory $1 doesn't look like a Linux 2.4/2.6 kernel source tree." exit 1 fi - -tree $1 -kconfig $1 -makefile $1 -- cgit v1.2.3