From cffe9a53f6bacb0c72d83efa19b1a9764d44dc72 Mon Sep 17 00:00:00 2001 From: Jozsef Kadlecsik Date: Tue, 21 Dec 2010 20:47:08 +0100 Subject: Kernel version compatibility: support from 2.6.34 The basic kernel compatibility issues are verified back to 2.6.24. The minimal supported kernel version had to be bumped from 2.6.31 to 2.6.34. --- kernel/Kbuild | 4 +- .../include/linux/netfilter/ipset/ip_set_ahash.h | 8 ++-- kernel/ip_set.c | 52 +++++++++++----------- kernel/xt_set.c | 16 ++++--- 4 files changed, 42 insertions(+), 38 deletions(-) (limited to 'kernel') diff --git a/kernel/Kbuild b/kernel/Kbuild index 3124569..dca009a 100644 --- a/kernel/Kbuild +++ b/kernel/Kbuild @@ -1,7 +1,5 @@ EXTRA_CFLAGS := -I$(M)/include \ - -DCONFIG_IP_SET_MAX=$(IP_SET_MAX) \ - -DNETLINK_DUMP_CONST=$(NETLINK_DUMP_CONST) \ - -DNFNL_CB_CONST=$(NFNL_CB_CONST) + -DCONFIG_IP_SET_MAX=$(IP_SET_MAX) obj-m += ip_set.o xt_set.o obj-m += ip_set_bitmap_ip.o ip_set_bitmap_ipmac.o ip_set_bitmap_port.o diff --git a/kernel/include/linux/netfilter/ipset/ip_set_ahash.h b/kernel/include/linux/netfilter/ipset/ip_set_ahash.h index 7e0af3d..b7029e1 100644 --- a/kernel/include/linux/netfilter/ipset/ip_set_ahash.h +++ b/kernel/include/linux/netfilter/ipset/ip_set_ahash.h @@ -578,8 +578,8 @@ nla_put_failure: nlmsg_trim(skb, incomplete); ipset_nest_end(skb, atd); if (unlikely(first == cb->args[2])) { - pr_warn("Can't list set %s: one bucket does not fit into " - "a message. Please report it!\n", set->name); + pr_warning("Can't list set %s: one bucket does not fit into " + "a message. Please report it!\n", set->name); cb->args[2] = 0; } return 0; @@ -979,8 +979,8 @@ nla_put_failure: nlmsg_trim(skb, incomplete); ipset_nest_end(skb, atd); if (unlikely(first == cb->args[2])) { - pr_warn("Can't list set %s: one bucket does not fit into " - "a message. Please report it!\n", set->name); + pr_warning("Can't list set %s: one bucket does not fit into " + "a message. Please report it!\n", set->name); cb->args[2] = 0; } return 0; diff --git a/kernel/ip_set.c b/kernel/ip_set.c index e890bf8..6d353d9 100644 --- a/kernel/ip_set.c +++ b/kernel/ip_set.c @@ -707,7 +707,7 @@ EXPORT_SYMBOL_GPL(ip_set_nfnl_put); */ static inline bool -protocol_failed(NFNL_CB_CONST struct nlattr * NFNL_CB_CONST tb[]) +protocol_failed(const struct nlattr * const tb[]) { return !tb[IPSET_ATTR_PROTOCOL] || nla_get_u8(tb[IPSET_ATTR_PROTOCOL]) != IPSET_PROTOCOL; @@ -811,8 +811,8 @@ load_type_module(const char *typename) static int ip_set_create(struct sock *ctnl, struct sk_buff *skb, - NFNL_CB_CONST struct nlmsghdr *nlh, - NFNL_CB_CONST struct nlattr * NFNL_CB_CONST attr[]) + const struct nlmsghdr *nlh, + const struct nlattr * const attr[]) { struct ip_set *set, *clash; ip_set_id_t index = IPSET_INVALID_ID; @@ -950,8 +950,8 @@ ip_set_destroy_set(ip_set_id_t index) static int ip_set_destroy(struct sock *ctnl, struct sk_buff *skb, - NFNL_CB_CONST struct nlmsghdr *nlh, - NFNL_CB_CONST struct nlattr * NFNL_CB_CONST attr[]) + const struct nlmsghdr *nlh, + const struct nlattr * const attr[]) { ip_set_id_t i; @@ -995,8 +995,8 @@ ip_set_flush_set(struct ip_set *set) static int ip_set_flush(struct sock *ctnl, struct sk_buff *skb, - NFNL_CB_CONST struct nlmsghdr *nlh, - NFNL_CB_CONST struct nlattr * NFNL_CB_CONST attr[]) + const struct nlmsghdr *nlh, + const struct nlattr * const attr[]) { ip_set_id_t i; @@ -1031,8 +1031,8 @@ ip_set_setname2_policy[IPSET_ATTR_CMD_MAX + 1] = { static int ip_set_rename(struct sock *ctnl, struct sk_buff *skb, - NFNL_CB_CONST struct nlmsghdr *nlh, - NFNL_CB_CONST struct nlattr * NFNL_CB_CONST attr[]) + const struct nlmsghdr *nlh, + const struct nlattr * const attr[]) { struct ip_set *set; const char *name2; @@ -1071,8 +1071,8 @@ ip_set_rename(struct sock *ctnl, struct sk_buff *skb, static int ip_set_swap(struct sock *ctnl, struct sk_buff *skb, - NFNL_CB_CONST struct nlmsghdr *nlh, - NFNL_CB_CONST struct nlattr * NFNL_CB_CONST attr[]) + const struct nlmsghdr *nlh, + const struct nlattr * const attr[]) { struct ip_set *from, *to; ip_set_id_t from_id, to_id; @@ -1292,8 +1292,8 @@ out: static int ip_set_dump(struct sock *ctnl, struct sk_buff *skb, - NFNL_CB_CONST struct nlmsghdr *nlh, - NFNL_CB_CONST struct nlattr * NFNL_CB_CONST attr[]) + const struct nlmsghdr *nlh, + const struct nlattr * const attr[]) { if (unlikely(protocol_failed(attr))) return -IPSET_ERR_PROTOCOL; @@ -1316,7 +1316,7 @@ static const struct nla_policy ip_set_adt_policy[IPSET_ATTR_CMD_MAX + 1] = { static int call_ad(struct sock *ctnl, struct sk_buff *skb, - NFNL_CB_CONST struct nlattr * NFNL_CB_CONST attr[], + const struct nlattr * const attr[], struct ip_set *set, const struct nlattr *nla, enum ipset_adt adt, u32 flags) { @@ -1348,8 +1348,8 @@ call_ad(struct sock *ctnl, struct sk_buff *skb, static int ip_set_uadd(struct sock *ctnl, struct sk_buff *skb, - NFNL_CB_CONST struct nlmsghdr *nlh, - NFNL_CB_CONST struct nlattr * NFNL_CB_CONST attr[]) + const struct nlmsghdr *nlh, + const struct nlattr * const attr[]) { struct ip_set *set; const struct nlattr *nla; @@ -1392,8 +1392,8 @@ ip_set_uadd(struct sock *ctnl, struct sk_buff *skb, static int ip_set_udel(struct sock *ctnl, struct sk_buff *skb, - NFNL_CB_CONST struct nlmsghdr *nlh, - NFNL_CB_CONST struct nlattr * NFNL_CB_CONST attr[]) + const struct nlmsghdr *nlh, + const struct nlattr * const attr[]) { struct ip_set *set; const struct nlattr *nla; @@ -1436,8 +1436,8 @@ ip_set_udel(struct sock *ctnl, struct sk_buff *skb, static int ip_set_utest(struct sock *ctnl, struct sk_buff *skb, - NFNL_CB_CONST struct nlmsghdr *nlh, - NFNL_CB_CONST struct nlattr * NFNL_CB_CONST attr[]) + const struct nlmsghdr *nlh, + const struct nlattr * const attr[]) { struct ip_set *set; int ret = 0; @@ -1469,8 +1469,8 @@ ip_set_utest(struct sock *ctnl, struct sk_buff *skb, static int ip_set_header(struct sock *ctnl, struct sk_buff *skb, - NFNL_CB_CONST struct nlmsghdr *nlh, - NFNL_CB_CONST struct nlattr * NFNL_CB_CONST attr[]) + const struct nlmsghdr *nlh, + const struct nlattr * const attr[]) { const struct ip_set *set; struct sk_buff *skb2; @@ -1526,8 +1526,8 @@ static const struct nla_policy ip_set_type_policy[IPSET_ATTR_CMD_MAX + 1] = { static int ip_set_type(struct sock *ctnl, struct sk_buff *skb, - NFNL_CB_CONST struct nlmsghdr *nlh, - NFNL_CB_CONST struct nlattr * NFNL_CB_CONST attr[]) + const struct nlmsghdr *nlh, + const struct nlattr * const attr[]) { struct sk_buff *skb2; struct nlmsghdr *nlh2; @@ -1590,8 +1590,8 @@ ip_set_protocol_policy[IPSET_ATTR_CMD_MAX + 1] = { static int ip_set_protocol(struct sock *ctnl, struct sk_buff *skb, - NFNL_CB_CONST struct nlmsghdr *nlh, - NFNL_CB_CONST struct nlattr * NFNL_CB_CONST attr[]) + const struct nlmsghdr *nlh, + const struct nlattr * const attr[]) { struct sk_buff *skb2; struct nlmsghdr *nlh2; diff --git a/kernel/xt_set.c b/kernel/xt_set.c index 7484919..e95cae0 100644 --- a/kernel/xt_set.c +++ b/kernel/xt_set.c @@ -38,14 +38,20 @@ match_set(ip_set_id_t index, const struct sk_buff *skb, /* Revision 0 interface: backward compatible with netfilter/iptables */ -/* Backward compatibility constrains: +/* Backward compatibility constrains (incomplete): * 2.6.24: [NETLINK]: Introduce nested and byteorder flag to netlink attribute + * 2.6.25: is_vmalloc_addr(): Check if an address is within the vmalloc + * boundaries + * 2.6.27: rcu: split list.h and move rcu-protected lists into rculist.h + * 2.6.28: netfilter: ctnetlink: remove bogus module dependency between + * ctnetlink and nf_nat (nfnl_lock/nfnl_unlock) + * 2.6.29: generic swap(): introduce global macro swap(a, b) * 2.6.31: netfilter: passive OS fingerprint xtables match + * 2.6.34: rcu: Add lockdep-enabled variants of rcu_dereference() */ - -#if LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 31) -#error "Linux kernel version too old: must be >= 2.6.31" +#if LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 35) +#error "Linux kernel version too old: must be >= 2.6.35" #endif #if LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 35) @@ -120,7 +126,7 @@ set_match_v0_checkentry(const struct xt_mtchk_param *par) static void set_match_v0_destroy(const struct xt_mtdtor_param *par) { - struct xt_set_info_match *info = par->matchinfo; + struct xt_set_info_match_v0 *info = par->matchinfo; ip_set_nfnl_put(info->match_set.index); } -- cgit v1.2.3