summaryrefslogtreecommitdiffstats
path: root/kernel
diff options
context:
space:
mode:
Diffstat (limited to 'kernel')
-rw-r--r--kernel/Config.in.ipset15
-rw-r--r--kernel/Makefile.export.ipset3
-rw-r--r--kernel/include/linux/netfilter_ipv4/ip_set.h1
-rw-r--r--kernel/include/linux/netfilter_ipv4/ip_set_compat.h70
-rw-r--r--kernel/include/linux/netfilter_ipv4/ip_set_ipmap.h4
-rw-r--r--kernel/include/linux/netfilter_ipv4/ip_set_malloc.h12
-rw-r--r--kernel/ip_set.c2
-rw-r--r--kernel/ip_set_iphash.c16
-rw-r--r--kernel/ip_set_ipmap.c15
-rw-r--r--kernel/ip_set_ipporthash.c43
-rw-r--r--kernel/ip_set_iptree.c58
-rw-r--r--kernel/ip_set_iptreemap.c60
-rw-r--r--kernel/ip_set_macipmap.c25
-rw-r--r--kernel/ip_set_nethash.c16
-rw-r--r--kernel/ip_set_portmap.c12
-rw-r--r--kernel/ipt_SET.c133
-rw-r--r--kernel/ipt_set.c147
-rwxr-xr-xkernel/patch_kernel41
18 files changed, 350 insertions, 323 deletions
diff --git a/kernel/Config.in.ipset b/kernel/Config.in.ipset
new file mode 100644
index 0000000..0758f0a
--- /dev/null
+++ b/kernel/Config.in.ipset
@@ -0,0 +1,15 @@
+ dep_tristate ' IP set support' CONFIG_IP_NF_SET $CONFIG_IP_NF_IPTABLES
+ if [ "$CONFIG_IP_NF_SET" != "n" ]; then
+ int ' Maximum number of sets' CONFIG_IP_NF_SET_MAX 256
+ int ' Hash size for bindings of IP sets' CONFIG_IP_NF_SET_HASHSIZE 1024
+ dep_tristate ' set match support' CONFIG_IP_NF_MATCH_SET $CONFIG_IP_NF_SET
+ dep_tristate ' SET target support' CONFIG_IP_NF_TARGET_SET $CONFIG_IP_NF_SET
+ dep_tristate ' ipmap set type support' CONFIG_IP_NF_SET_IPMAP $CONFIG_IP_NF_SET
+ dep_tristate ' macipmap set type support' CONFIG_IP_NF_SET_MACIPMAP $CONFIG_IP_NF_SET
+ dep_tristate ' portmap set type support' CONFIG_IP_NF_SET_PORTMAP $CONFIG_IP_NF_SET
+ dep_tristate ' iphash set type support' CONFIG_IP_NF_SET_IPHASH $CONFIG_IP_NF_SET
+ dep_tristate ' nethash set type support' CONFIG_IP_NF_SET_NETHASH $CONFIG_IP_NF_SET
+ dep_tristate ' ipporthash set type support' CONFIG_IP_NF_SET_IPPORTHASH $CONFIG_IP_NF_SET
+ dep_tristate ' iptree set type support' CONFIG_IP_NF_SET_IPTREE $CONFIG_IP_NF_SET
+ dep_tristate ' iptreemap set type support' CONFIG_IP_NF_SET_IPTREEMAP $CONFIG_IP_NF_SET
+ fi
diff --git a/kernel/Makefile.export.ipset b/kernel/Makefile.export.ipset
new file mode 100644
index 0000000..1a971df
--- /dev/null
+++ b/kernel/Makefile.export.ipset
@@ -0,0 +1,3 @@
+ifdef CONFIG_IP_NF_SET
+ export-objs += ip_set.o
+endif
diff --git a/kernel/include/linux/netfilter_ipv4/ip_set.h b/kernel/include/linux/netfilter_ipv4/ip_set.h
index 92a746e..b8c7202 100644
--- a/kernel/include/linux/netfilter_ipv4/ip_set.h
+++ b/kernel/include/linux/netfilter_ipv4/ip_set.h
@@ -297,6 +297,7 @@ static inline int bitmap_bytes(ip_set_ip_t a, ip_set_ip_t b)
}
#ifdef __KERNEL__
+#include <linux/netfilter_ipv4/ip_set_compat.h>
#define ip_set_printk(format, args...) \
do { \
diff --git a/kernel/include/linux/netfilter_ipv4/ip_set_compat.h b/kernel/include/linux/netfilter_ipv4/ip_set_compat.h
new file mode 100644
index 0000000..8803d4f
--- /dev/null
+++ b/kernel/include/linux/netfilter_ipv4/ip_set_compat.h
@@ -0,0 +1,70 @@
+#ifndef _IP_SET_COMPAT_H
+#define _IP_SET_COMPAT_H
+
+#ifdef __KERNEL__
+#include <linux/version.h>
+
+/* Arrgh */
+#ifdef MODULE
+#define __MOD_INC(foo) __MOD_INC_USE_COUNT(foo)
+#define __MOD_DEC(foo) __MOD_DEC_USE_COUNT(foo)
+#else
+#define __MOD_INC(foo)
+#define __MOD_DEC(foo)
+#endif
+
+/* Backward compatibility */
+#ifndef __nocast
+#define __nocast
+#endif
+#ifndef __bitwise__
+#define __bitwise__
+#endif
+
+/* Compatibility glue code */
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
+#include <linux/interrupt.h>
+#define DEFINE_RWLOCK(x) rwlock_t x = RW_LOCK_UNLOCKED
+#define try_module_get(x) (__MOD_INC(x), 1)
+#define module_put(x) __MOD_DEC(x)
+#define __clear_bit(nr, addr) clear_bit(nr, addr)
+#define __set_bit(nr, addr) set_bit(nr, addr)
+#define __test_and_set_bit(nr, addr) test_and_set_bit(nr, addr)
+#define __test_and_clear_bit(nr, addr) test_and_clear_bit(nr, addr)
+
+typedef unsigned __bitwise__ gfp_t;
+
+static inline void *kzalloc(size_t size, gfp_t flags)
+{
+ void *data = kmalloc(size, flags);
+
+ if (data)
+ memset(data, 0, size);
+
+ return data;
+}
+#endif
+
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,20)
+#define __KMEM_CACHE_T__ kmem_cache_t
+#else
+#define __KMEM_CACHE_T__ struct kmem_cache
+#endif
+
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,22)
+#define ip_hdr(skb) ((skb)->nh.iph)
+#define skb_mac_header(skb) ((skb)->mac.raw)
+#define eth_hdr(skb) ((struct ethhdr *)skb_mac_header(skb))
+#endif
+
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,23)
+#define KMEM_CACHE_CREATE(name, size) \
+ kmem_cache_create(name, size, 0, 0, NULL, NULL)
+#else
+#define KMEM_CACHE_CREATE(name, size) \
+ kmem_cache_create(name, size, 0, 0, NULL)
+#endif
+
+
+#endif /* __KERNEL__ */
+#endif /* _IP_SET_COMPAT_H */
diff --git a/kernel/include/linux/netfilter_ipv4/ip_set_ipmap.h b/kernel/include/linux/netfilter_ipv4/ip_set_ipmap.h
index 2435102..e3390be 100644
--- a/kernel/include/linux/netfilter_ipv4/ip_set_ipmap.h
+++ b/kernel/include/linux/netfilter_ipv4/ip_set_ipmap.h
@@ -25,7 +25,7 @@ struct ip_set_req_ipmap {
ip_set_ip_t ip;
};
-unsigned int
+static unsigned int
mask_to_bits(ip_set_ip_t mask)
{
unsigned int bits = 32;
@@ -41,7 +41,7 @@ mask_to_bits(ip_set_ip_t mask)
return bits;
}
-ip_set_ip_t
+static ip_set_ip_t
range_to_mask(ip_set_ip_t from, ip_set_ip_t to, unsigned int *bits)
{
ip_set_ip_t mask = 0xFFFFFFFE;
diff --git a/kernel/include/linux/netfilter_ipv4/ip_set_malloc.h b/kernel/include/linux/netfilter_ipv4/ip_set_malloc.h
index 30701f4..d22bed7 100644
--- a/kernel/include/linux/netfilter_ipv4/ip_set_malloc.h
+++ b/kernel/include/linux/netfilter_ipv4/ip_set_malloc.h
@@ -5,10 +5,17 @@
static size_t max_malloc_size = 0, max_page_size = 0;
-static inline bool init_max_page_size(void)
+static inline int init_max_page_size(void)
{
+/* Compatibility glues to support 2.4.36 */
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
+#define __GFP_NOWARN 0
+
+ /* Guaranteed: slab.c */
+ max_malloc_size = max_page_size = 131072;
+#else
size_t page_size = 0;
-
+
#define CACHE(x) if (max_page_size == 0 || x < max_page_size) \
page_size = x;
#include <linux/kmalloc_sizes.h>
@@ -21,6 +28,7 @@ static inline bool init_max_page_size(void)
return 1;
}
+#endif
return 0;
}
diff --git a/kernel/ip_set.c b/kernel/ip_set.c
index 52741b1..8badef4 100644
--- a/kernel/ip_set.c
+++ b/kernel/ip_set.c
@@ -133,7 +133,7 @@ ip_set_hash_del(ip_set_id_t id, ip_set_ip_t ip)
if (set_hash != NULL)
__set_hash_del(set_hash);
- write_unlock_bh(&ip_set_lock);
+ write_unlock_bh(&ip_set_lock);
return 0;
}
diff --git a/kernel/ip_set_iphash.c b/kernel/ip_set_iphash.c
index f91f88f..2ac6066 100644
--- a/kernel/ip_set_iphash.c
+++ b/kernel/ip_set_iphash.c
@@ -8,6 +8,7 @@
/* Kernel module implementing an ip hash set */
#include <linux/module.h>
+#include <linux/moduleparam.h>
#include <linux/ip.h>
#include <linux/skbuff.h>
#include <linux/version.h>
@@ -88,13 +89,8 @@ testip_kernel(struct ip_set *set,
{
return __testip(set,
ntohl(flags[index] & IPSET_SRC
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22)
? ip_hdr(skb)->saddr
: ip_hdr(skb)->daddr),
-#else
- ? skb->nh.iph->saddr
- : skb->nh.iph->daddr),
-#endif
hash_ip);
}
@@ -149,13 +145,8 @@ addip_kernel(struct ip_set *set,
{
return __addip((struct ip_set_iphash *) set->data,
ntohl(flags[index] & IPSET_SRC
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22)
? ip_hdr(skb)->saddr
: ip_hdr(skb)->daddr),
-#else
- ? skb->nh.iph->saddr
- : skb->nh.iph->daddr),
-#endif
hash_ip);
}
@@ -276,13 +267,8 @@ delip_kernel(struct ip_set *set,
{
return __delip(set,
ntohl(flags[index] & IPSET_SRC
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22)
? ip_hdr(skb)->saddr
: ip_hdr(skb)->daddr),
-#else
- ? skb->nh.iph->saddr
- : skb->nh.iph->daddr),
-#endif
hash_ip);
}
diff --git a/kernel/ip_set_ipmap.c b/kernel/ip_set_ipmap.c
index 948c202..aeead3b 100644
--- a/kernel/ip_set_ipmap.c
+++ b/kernel/ip_set_ipmap.c
@@ -66,13 +66,8 @@ testip_kernel(struct ip_set *set,
{
int res = __testip(set,
ntohl(flags[index] & IPSET_SRC
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22)
? ip_hdr(skb)->saddr
: ip_hdr(skb)->daddr),
-#else
- ? skb->nh.iph->saddr
- : skb->nh.iph->daddr),
-#endif
hash_ip);
return (res < 0 ? 0 : res);
}
@@ -118,13 +113,8 @@ addip_kernel(struct ip_set *set,
{
return __addip(set,
ntohl(flags[index] & IPSET_SRC
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22)
? ip_hdr(skb)->saddr
: ip_hdr(skb)->daddr),
-#else
- ? skb->nh.iph->saddr
- : skb->nh.iph->daddr),
-#endif
hash_ip);
}
@@ -168,13 +158,8 @@ delip_kernel(struct ip_set *set,
{
return __delip(set,
ntohl(flags[index] & IPSET_SRC
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22)
? ip_hdr(skb)->saddr
: ip_hdr(skb)->daddr),
-#else
- ? skb->nh.iph->saddr
- : skb->nh.iph->daddr),
-#endif
hash_ip);
}
diff --git a/kernel/ip_set_ipporthash.c b/kernel/ip_set_ipporthash.c
index adb6c7b..4e656cd 100644
--- a/kernel/ip_set_ipporthash.c
+++ b/kernel/ip_set_ipporthash.c
@@ -8,6 +8,7 @@
/* Kernel module implementing an ip+port hash set */
#include <linux/module.h>
+#include <linux/moduleparam.h>
#include <linux/ip.h>
#include <linux/tcp.h>
#include <linux/udp.h>
@@ -34,11 +35,7 @@ static int limit = MAX_RANGE;
static inline ip_set_ip_t
get_port(const struct sk_buff *skb, u_int32_t flags)
{
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22)
struct iphdr *iph = ip_hdr(skb);
-#else
- struct iphdr *iph = skb->nh.iph;
-#endif
u_int16_t offset = ntohs(iph->frag_off) & IP_OFFSET;
switch (iph->protocol) {
@@ -49,11 +46,7 @@ get_port(const struct sk_buff *skb, u_int32_t flags)
if (offset)
return INVALID_PORT;
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22)
if (skb_copy_bits(skb, ip_hdr(skb)->ihl*4, &tcph, sizeof(tcph)) < 0)
-#else
- if (skb_copy_bits(skb, skb->nh.iph->ihl*4, &tcph, sizeof(tcph)) < 0)
-#endif
/* No choice either */
return INVALID_PORT;
@@ -66,11 +59,7 @@ get_port(const struct sk_buff *skb, u_int32_t flags)
if (offset)
return INVALID_PORT;
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22)
if (skb_copy_bits(skb, ip_hdr(skb)->ihl*4, &udph, sizeof(udph)) < 0)
-#else
- if (skb_copy_bits(skb, skb->nh.iph->ihl*4, &udph, sizeof(udph)) < 0)
-#endif
/* No choice either */
return INVALID_PORT;
@@ -159,13 +148,8 @@ testip_kernel(struct ip_set *set,
DP("flag: %s src: %u.%u.%u.%u dst: %u.%u.%u.%u",
flags[index] & IPSET_SRC ? "SRC" : "DST",
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22)
NIPQUAD(ip_hdr(skb)->saddr),
NIPQUAD(ip_hdr(skb)->daddr));
-#else
- NIPQUAD(skb->nh.iph->saddr),
- NIPQUAD(skb->nh.iph->daddr));
-#endif
DP("flag %s port %u",
flags[index+1] & IPSET_SRC ? "SRC" : "DST",
port);
@@ -174,13 +158,8 @@ testip_kernel(struct ip_set *set,
res = __testip(set,
ntohl(flags[index] & IPSET_SRC
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22)
? ip_hdr(skb)->saddr
: ip_hdr(skb)->daddr),
-#else
- ? skb->nh.iph->saddr
- : skb->nh.iph->daddr),
-#endif
port,
hash_ip);
return (res < 0 ? 0 : res);
@@ -254,13 +233,8 @@ addip_kernel(struct ip_set *set,
DP("flag: %s src: %u.%u.%u.%u dst: %u.%u.%u.%u",
flags[index] & IPSET_SRC ? "SRC" : "DST",
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22)
NIPQUAD(ip_hdr(skb)->saddr),
NIPQUAD(ip_hdr(skb)->daddr));
-#else
- NIPQUAD(skb->nh.iph->saddr),
- NIPQUAD(skb->nh.iph->daddr));
-#endif
DP("flag %s port %u",
flags[index+1] & IPSET_SRC ? "SRC" : "DST",
port);
@@ -269,13 +243,8 @@ addip_kernel(struct ip_set *set,
return __addip(set->data,
ntohl(flags[index] & IPSET_SRC
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22)
? ip_hdr(skb)->saddr
: ip_hdr(skb)->daddr),
-#else
- ? skb->nh.iph->saddr
- : skb->nh.iph->daddr),
-#endif
port,
hash_ip);
}
@@ -408,13 +377,8 @@ delip_kernel(struct ip_set *set,
DP("flag: %s src: %u.%u.%u.%u dst: %u.%u.%u.%u",
flags[index] & IPSET_SRC ? "SRC" : "DST",
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22)
NIPQUAD(ip_hdr(skb)->saddr),
NIPQUAD(ip_hdr(skb)->daddr));
-#else
- NIPQUAD(skb->nh.iph->saddr),
- NIPQUAD(skb->nh.iph->daddr));
-#endif
DP("flag %s port %u",
flags[index+1] & IPSET_SRC ? "SRC" : "DST",
port);
@@ -423,13 +387,8 @@ delip_kernel(struct ip_set *set,
return __delip(set,
ntohl(flags[index] & IPSET_SRC
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22)
? ip_hdr(skb)->saddr
: ip_hdr(skb)->daddr),
-#else
- ? skb->nh.iph->saddr
- : skb->nh.iph->daddr),
-#endif
port,
hash_ip);
}
diff --git a/kernel/ip_set_iptree.c b/kernel/ip_set_iptree.c
index 1a5c32a..2e0a406 100644
--- a/kernel/ip_set_iptree.c
+++ b/kernel/ip_set_iptree.c
@@ -9,6 +9,7 @@
#include <linux/version.h>
#include <linux/module.h>
+#include <linux/moduleparam.h>
#include <linux/ip.h>
#include <linux/skbuff.h>
#include <linux/slab.h>
@@ -20,11 +21,6 @@
#include <asm/bitops.h>
#include <linux/spinlock.h>
-/* Backward compatibility */
-#ifndef __nocast
-#define __nocast
-#endif
-
#include <linux/netfilter_ipv4/ip_set_iptree.h>
static int limit = MAX_RANGE;
@@ -35,13 +31,9 @@ static int limit = MAX_RANGE;
* to delete the gc timer at destroying/flushing a set */
#define IPTREE_DESTROY_SLEEP 100
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,21)
-static struct kmem_cache *branch_cachep;
-static struct kmem_cache *leaf_cachep;
-#else
-static kmem_cache_t *branch_cachep;
-static kmem_cache_t *leaf_cachep;
-#endif
+static __KMEM_CACHE_T__ *branch_cachep;
+static __KMEM_CACHE_T__ *leaf_cachep;
+
#if defined(__LITTLE_ENDIAN)
#define ABCD(a,b,c,d,addrp) do { \
@@ -118,23 +110,13 @@ testip_kernel(struct ip_set *set,
DP("flag: %s src: %u.%u.%u.%u dst: %u.%u.%u.%u",
flags[index] & IPSET_SRC ? "SRC" : "DST",
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22)
NIPQUAD(ip_hdr(skb)->saddr),
NIPQUAD(ip_hdr(skb)->daddr));
-#else
- NIPQUAD(skb->nh.iph->saddr),
- NIPQUAD(skb->nh.iph->daddr));
-#endif
res = __testip(set,
ntohl(flags[index] & IPSET_SRC
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22)
? ip_hdr(skb)->saddr
: ip_hdr(skb)->daddr),
-#else
- ? skb->nh.iph->saddr
- : skb->nh.iph->daddr),
-#endif
hash_ip);
return (res < 0 ? 0 : res);
}
@@ -219,13 +201,8 @@ addip_kernel(struct ip_set *set,
return __addip(set,
ntohl(flags[index] & IPSET_SRC
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22)
? ip_hdr(skb)->saddr
: ip_hdr(skb)->daddr),
-#else
- ? skb->nh.iph->saddr
- : skb->nh.iph->daddr),
-#endif
map->timeout,
hash_ip);
}
@@ -287,13 +264,8 @@ delip_kernel(struct ip_set *set,
{
return __delip(set,
ntohl(flags[index] & IPSET_SRC
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22)
? ip_hdr(skb)->saddr
: ip_hdr(skb)->daddr),
-#else
- ? skb->nh.iph->saddr
- : skb->nh.iph->daddr),
-#endif
hash_ip);
}
@@ -556,29 +528,15 @@ static int __init ip_set_iptree_init(void)
{
int ret;
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23)
- branch_cachep = kmem_cache_create("ip_set_iptreeb",
- sizeof(struct ip_set_iptreeb),
- 0, 0, NULL);
-#else
- branch_cachep = kmem_cache_create("ip_set_iptreeb",
- sizeof(struct ip_set_iptreeb),
- 0, 0, NULL, NULL);
-#endif
+ branch_cachep = KMEM_CACHE_CREATE("ip_set_iptreeb",
+ sizeof(struct ip_set_iptreeb));
if (!branch_cachep) {
printk(KERN_ERR "Unable to create ip_set_iptreeb slab cache\n");
ret = -ENOMEM;
goto out;
}
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23)
- leaf_cachep = kmem_cache_create("ip_set_iptreed",
- sizeof(struct ip_set_iptreed),
- 0, 0, NULL);
-#else
- leaf_cachep = kmem_cache_create("ip_set_iptreed",
- sizeof(struct ip_set_iptreed),
- 0, 0, NULL, NULL);
-#endif
+ leaf_cachep = KMEM_CACHE_CREATE("ip_set_iptreed",
+ sizeof(struct ip_set_iptreed));
if (!leaf_cachep) {
printk(KERN_ERR "Unable to create ip_set_iptreed slab cache\n");
ret = -ENOMEM;
diff --git a/kernel/ip_set_iptreemap.c b/kernel/ip_set_iptreemap.c
index 62fcf7b..dedf8a4 100644
--- a/kernel/ip_set_iptreemap.c
+++ b/kernel/ip_set_iptreemap.c
@@ -30,15 +30,9 @@
#define IPTREEMAP_DEFAULT_GC_TIME (5 * 60)
#define IPTREEMAP_DESTROY_SLEEP (100)
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,21)
-static struct kmem_cache *cachep_b;
-static struct kmem_cache *cachep_c;
-static struct kmem_cache *cachep_d;
-#else
-static kmem_cache_t *cachep_b;
-static kmem_cache_t *cachep_c;
-static kmem_cache_t *cachep_d;
-#endif
+static __KMEM_CACHE_T__ *cachep_b;
+static __KMEM_CACHE_T__ *cachep_c;
+static __KMEM_CACHE_T__ *cachep_d;
static struct ip_set_iptreemap_d *fullbitmap_d;
static struct ip_set_iptreemap_c *fullbitmap_c;
@@ -295,13 +289,8 @@ testip_kernel(struct ip_set *set, const struct sk_buff *skb, ip_set_ip_t *hash_i
res = __testip(set,
ntohl(flags[index] & IPSET_SRC
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22)
? ip_hdr(skb)->saddr
: ip_hdr(skb)->daddr),
-#else
- ? skb->nh.iph->saddr
- : skb->nh.iph->daddr),
-#endif
hash_ip);
return (res < 0 ? 0 : res);
@@ -384,13 +373,8 @@ addip_kernel(struct ip_set *set, const struct sk_buff *skb, ip_set_ip_t *hash_ip
return __addip_single(set,
ntohl(flags[index] & IPSET_SRC
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22)
? ip_hdr(skb)->saddr
: ip_hdr(skb)->daddr),
-#else
- ? skb->nh.iph->saddr
- : skb->nh.iph->daddr),
-#endif
hash_ip);
}
@@ -470,13 +454,8 @@ delip_kernel(struct ip_set *set, const struct sk_buff *skb, ip_set_ip_t *hash_ip
{
return __delip_single(set,
ntohl(flags[index] & IPSET_SRC
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22)
? ip_hdr(skb)->saddr
: ip_hdr(skb)->daddr),
-#else
- ? skb->nh.iph->saddr
- : skb->nh.iph->daddr),
-#endif
hash_ip,
GFP_ATOMIC);
}
@@ -725,43 +704,22 @@ static int __init ip_set_iptreemap_init(void)
int ret = -ENOMEM;
int a;
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23)
- cachep_b = kmem_cache_create("ip_set_iptreemap_b",
- sizeof(struct ip_set_iptreemap_b),
- 0, 0, NULL);
-#else
- cachep_b = kmem_cache_create("ip_set_iptreemap_b",
- sizeof(struct ip_set_iptreemap_b),
- 0, 0, NULL, NULL);
-#endif
+ cachep_b = KMEM_CACHE_CREATE("ip_set_iptreemap_b",
+ sizeof(struct ip_set_iptreemap_b));
if (!cachep_b) {
ip_set_printk("Unable to create ip_set_iptreemap_b slab cache");
goto out;
}
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23)
- cachep_c = kmem_cache_create("ip_set_iptreemap_c",
- sizeof(struct ip_set_iptreemap_c),
- 0, 0, NULL);
-#else
- cachep_c = kmem_cache_create("ip_set_iptreemap_c",
- sizeof(struct ip_set_iptreemap_c),
- 0, 0, NULL, NULL);
-#endif
+ cachep_c = KMEM_CACHE_CREATE("ip_set_iptreemap_c",
+ sizeof(struct ip_set_iptreemap_c));
if (!cachep_c) {
ip_set_printk("Unable to create ip_set_iptreemap_c slab cache");
goto outb;
}
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23)
- cachep_d = kmem_cache_create("ip_set_iptreemap_d",
- sizeof(struct ip_set_iptreemap_d),
- 0, 0, NULL);
-#else
- cachep_d = kmem_cache_create("ip_set_iptreemap_d",
- sizeof(struct ip_set_iptreemap_d),
- 0, 0, NULL, NULL);
-#endif
+ cachep_d = KMEM_CACHE_CREATE("ip_set_iptreemap_d",
+ sizeof(struct ip_set_iptreemap_d));
if (!cachep_d) {
ip_set_printk("Unable to create ip_set_iptreemap_d slab cache");
goto outc;
diff --git a/kernel/ip_set_macipmap.c b/kernel/ip_set_macipmap.c
index e29c99d..33e2808 100644
--- a/kernel/ip_set_macipmap.c
+++ b/kernel/ip_set_macipmap.c
@@ -68,13 +68,8 @@ testip_kernel(struct ip_set *set,
ip_set_ip_t ip;
ip = ntohl(flags[index] & IPSET_SRC
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22)
? ip_hdr(skb)->saddr
: ip_hdr(skb)->daddr);
-#else
- ? skb->nh.iph->saddr
- : skb->nh.iph->daddr);
-#endif
if (ip < map->first_ip || ip > map->last_ip)
return 0;
@@ -86,13 +81,8 @@ testip_kernel(struct ip_set *set,
(void *) &table[ip - map->first_ip].flags)) {
/* Is mac pointer valid?
* If so, compare... */
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22)
return (skb_mac_header(skb) >= skb->head
&& (skb_mac_header(skb) + ETH_HLEN) <= skb->data
-#else
- return (skb->mac.raw >= skb->head
- && (skb->mac.raw + ETH_HLEN) <= skb->data
-#endif
&& (memcmp(eth_hdr(skb)->h_source,
&table[ip - map->first_ip].ethernet,
ETH_ALEN) == 0));
@@ -146,21 +136,11 @@ addip_kernel(struct ip_set *set,
ip_set_ip_t ip;
ip = ntohl(flags[index] & IPSET_SRC
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22)
? ip_hdr(skb)->saddr
: ip_hdr(skb)->daddr);
-#else
- ? skb->nh.iph->saddr
- : skb->nh.iph->daddr);
-#endif
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22)
if (!(skb_mac_header(skb) >= skb->head
&& (skb_mac_header(skb) + ETH_HLEN) <= skb->data))
-#else
- if (!(skb->mac.raw >= skb->head
- && (skb->mac.raw + ETH_HLEN) <= skb->data))
-#endif
return -EINVAL;
return __addip(set, ip, eth_hdr(skb)->h_source, hash_ip);
@@ -207,13 +187,8 @@ delip_kernel(struct ip_set *set,
{
return __delip(set,
ntohl(flags[index] & IPSET_SRC
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22)
? ip_hdr(skb)->saddr
: ip_hdr(skb)->daddr),
-#else
- ? skb->nh.iph->saddr
- : skb->nh.iph->daddr),
-#endif
hash_ip);
}
diff --git a/kernel/ip_set_nethash.c b/kernel/ip_set_nethash.c
index bb866b5..ecdf369 100644
--- a/kernel/ip_set_nethash.c
+++ b/kernel/ip_set_nethash.c
@@ -8,6 +8,7 @@
/* Kernel module implementing a cidr nethash set */
#include <linux/module.h>
+#include <linux/moduleparam.h>
#include <linux/ip.h>
#include <linux/skbuff.h>
#include <linux/version.h>
@@ -111,13 +112,8 @@ testip_kernel(struct ip_set *set,
{
return __testip(set,
ntohl(flags[index] & IPSET_SRC
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22)
? ip_hdr(skb)->saddr
: ip_hdr(skb)->daddr),
-#else
- ? skb->nh.iph->saddr
- : skb->nh.iph->daddr),
-#endif
hash_ip);
}
@@ -206,13 +202,8 @@ addip_kernel(struct ip_set *set,
struct ip_set_nethash *map = set->data;
int ret = -ERANGE;
ip_set_ip_t ip = ntohl(flags[index] & IPSET_SRC
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22)
? ip_hdr(skb)->saddr
: ip_hdr(skb)->daddr);
-#else
- ? skb->nh.iph->saddr
- : skb->nh.iph->daddr);
-#endif
if (map->cidr[0])
ret = __addip(map, ip, map->cidr[0], hash_ip);
@@ -338,13 +329,8 @@ delip_kernel(struct ip_set *set,
struct ip_set_nethash *map = set->data;
int ret = -ERANGE;
ip_set_ip_t ip = ntohl(flags[index] & IPSET_SRC
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22)
? ip_hdr(skb)->saddr
: ip_hdr(skb)->daddr);
-#else
- ? skb->nh.iph->saddr
- : skb->nh.iph->daddr);
-#endif
if (map->cidr[0])
ret = __delip(map, ip, map->cidr[0], hash_ip);
diff --git a/kernel/ip_set_portmap.c b/kernel/ip_set_portmap.c
index 3e158be..aeaabcd 100644
--- a/kernel/ip_set_portmap.c
+++ b/kernel/ip_set_portmap.c
@@ -28,11 +28,7 @@
static inline ip_set_ip_t
get_port(const struct sk_buff *skb, u_int32_t flags)
{
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22)
struct iphdr *iph = ip_hdr(skb);
-#else
- struct iphdr *iph = skb->nh.iph;
-#endif
u_int16_t offset = ntohs(iph->frag_off) & IP_OFFSET;
switch (iph->protocol) {
case IPPROTO_TCP: {
@@ -42,11 +38,7 @@ get_port(const struct sk_buff *skb, u_int32_t flags)
if (offset)
return INVALID_PORT;
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22)
if (skb_copy_bits(skb, ip_hdr(skb)->ihl*4, &tcph, sizeof(tcph)) < 0)
-#else
- if (skb_copy_bits(skb, skb->nh.iph->ihl*4, &tcph, sizeof(tcph)) < 0)
-#endif
/* No choice either */
return INVALID_PORT;
@@ -59,11 +51,7 @@ get_port(const struct sk_buff *skb, u_int32_t flags)
if (offset)
return INVALID_PORT;
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22)
if (skb_copy_bits(skb, ip_hdr(skb)->ihl*4, &udph, sizeof(udph)) < 0)
-#else
- if (skb_copy_bits(skb, skb->nh.iph->ihl*4, &udph, sizeof(udph)) < 0)
-#endif
/* No choice either */
return INVALID_PORT;
diff --git a/kernel/ipt_SET.c b/kernel/ipt_SET.c
index 63ada14..f6afafd 100644
--- a/kernel/ipt_SET.c
+++ b/kernel/ipt_SET.c
@@ -22,25 +22,53 @@
#include <net/protocol.h>
#include <net/checksum.h>
#include <linux/netfilter_ipv4.h>
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,16)
#include <linux/netfilter_ipv4/ip_tables.h>
+#define xt_register_target ipt_register_target
+#define xt_unregister_target ipt_unregister_target
+#define xt_target ipt_target
+#define XT_CONTINUE IPT_CONTINUE
+#else
+#include <linux/netfilter/x_tables.h>
+#endif
#include <linux/netfilter_ipv4/ipt_set.h>
static unsigned int
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,24)
-target(struct sk_buff *skb,
-#else
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
+target(struct sk_buff **pskb,
+ unsigned int hooknum,
+ const struct net_device *in,
+ const struct net_device *out,
+ const void *targinfo,
+ void *userinfo)
+#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17)
+target(struct sk_buff **pskb,
+ const struct net_device *in,
+ const struct net_device *out,
+ unsigned int hooknum,
+ const void *targinfo,
+ void *userinfo)
+#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19)
target(struct sk_buff **pskb,
-#endif
const struct net_device *in,
const struct net_device *out,
unsigned int hooknum,
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17)
const struct xt_target *target,
-#endif
-#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19)
const void *targinfo,
void *userinfo)
-#else
+#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,24)
+target(struct sk_buff **pskb,
+ const struct net_device *in,
+ const struct net_device *out,
+ unsigned int hooknum,
+ const struct xt_target *target,
+ const void *targinfo)
+#else /* LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,24) */
+target(struct sk_buff *skb,
+ const struct net_device *in,
+ const struct net_device *out,
+ unsigned int hooknum,
+ const struct xt_target *target,
const void *targinfo)
#endif
{
@@ -59,33 +87,51 @@ target(struct sk_buff **pskb,
skb,
info->del_set.flags);
- return IPT_CONTINUE;
+ return XT_CONTINUE;
}
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23)
-static bool
-#else
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,16)
static int
-#endif
checkentry(const char *tablename,
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,16)
- const void *e,
-#else
const struct ipt_entry *e,
-#endif
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17)
+ void *targinfo,
+ unsigned int targinfosize,
+ unsigned int hook_mask)
+#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17)
+static int
+checkentry(const char *tablename,
+ const void *e,
+ void *targinfo,
+ unsigned int targinfosize,
+ unsigned int hook_mask)
+#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19)
+static int
+checkentry(const char *tablename,
+ const void *e,
const struct xt_target *target,
-#endif
void *targinfo,
-#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19)
unsigned int targinfosize,
-#endif
unsigned int hook_mask)
+#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,23)
+static int
+checkentry(const char *tablename,
+ const void *e,
+ const struct xt_target *target,
+ void *targinfo,
+ unsigned int hook_mask)
+#else /* LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23) */
+static bool
+checkentry(const char *tablename,
+ const void *e,
+ const struct xt_target *target,
+ void *targinfo,
+ unsigned int hook_mask)
+#endif
{
struct ipt_set_info_target *info = targinfo;
ip_set_id_t index;
-#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19)
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17)
if (targinfosize != IPT_ALIGN(sizeof(*info))) {
DP("bad target info size %u", targinfosize);
return 0;
@@ -118,19 +164,21 @@ checkentry(const char *tablename,
return 1;
}
-static void destroy(
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17)
- const struct xt_target *target,
-#endif
-#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19)
- void *targetinfo, unsigned int targetsize)
-#else
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17)
+static void destroy(void *targetinfo,
+ unsigned int targetsize)
+#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19)
+static void destroy(const struct xt_target *target,
+ void *targetinfo,
+ unsigned int targetsize)
+#else /* LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19) */
+static void destroy(const struct xt_target *target,
void *targetinfo)
#endif
{
struct ipt_set_info_target *info = targetinfo;
-#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19)
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17)
if (targetsize != IPT_ALIGN(sizeof(struct ipt_set_info_target))) {
ip_set_printk("invalid targetsize %d", targetsize);
return;
@@ -142,37 +190,38 @@ static void destroy(
ip_set_put(info->del_set.index);
}
-static struct ipt_target SET_target = {
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17)
+static struct xt_target SET_target = {
+ .name = "SET",
+ .target = target,
+ .checkentry = checkentry,
+ .destroy = destroy,
+ .me = THIS_MODULE
+};
+#else /* LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17) */
+static struct xt_target SET_target = {
.name = "SET",
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,21)
.family = AF_INET,
-#endif
.target = target,
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17)
.targetsize = sizeof(struct ipt_set_info_target),
-#endif
.checkentry = checkentry,
.destroy = destroy,
.me = THIS_MODULE
};
+#endif
MODULE_LICENSE("GPL");
MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>");
MODULE_DESCRIPTION("iptables IP set target module");
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,21)
-#define ipt_register_target xt_register_target
-#define ipt_unregister_target xt_unregister_target
-#endif
-
static int __init ipt_SET_init(void)
{
- return ipt_register_target(&SET_target);
+ return xt_register_target(&SET_target);
}
static void __exit ipt_SET_fini(void)
{
- ipt_unregister_target(&SET_target);
+ xt_unregister_target(&SET_target);
}
module_init(ipt_SET_init);
diff --git a/kernel/ipt_set.c b/kernel/ipt_set.c
index eb064fe..b08b3bb 100644
--- a/kernel/ipt_set.c
+++ b/kernel/ipt_set.c
@@ -15,7 +15,14 @@
#include <linux/skbuff.h>
#include <linux/version.h>
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,16)
#include <linux/netfilter_ipv4/ip_tables.h>
+#define xt_register_match ipt_register_match
+#define xt_unregister_match ipt_unregister_match
+#define xt_match ipt_match
+#else
+#include <linux/netfilter/x_tables.h>
+#endif
#include <linux/netfilter_ipv4/ip_set.h>
#include <linux/netfilter_ipv4/ipt_set.h>
@@ -29,24 +36,53 @@ match_set(const struct ipt_set_info *info,
return inv;
}
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23)
-static bool
-#else
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
+static int
+match(const struct sk_buff *skb,
+ const struct net_device *in,
+ const struct net_device *out,
+ const void *matchinfo,
+ int offset,
+ const void *hdr,
+ u_int16_t datalen,
+ int *hotdrop)
+#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,16)
+static int
+match(const struct sk_buff *skb,
+ const struct net_device *in,
+ const struct net_device *out,
+ const void *matchinfo,
+ int offset,
+ int *hotdrop)
+#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17)
+static int
+match(const struct sk_buff *skb,
+ const struct net_device *in,
+ const struct net_device *out,
+ const void *matchinfo,
+ int offset,
+ unsigned int protoff,
+ int *hotdrop)
+#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,23)
static int
-#endif
match(const struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17)
const struct xt_match *match,
-#endif
const void *matchinfo,
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23)
- int offset, unsigned int protoff, bool *hotdrop)
-#elif LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,16)
- int offset, unsigned int protoff, int *hotdrop)
-#else
- int offset, int *hotdrop)
+ int offset,
+ unsigned int protoff,
+ int *hotdrop)
+#else /* LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23) */
+static bool
+match(const struct sk_buff *skb,
+ const struct net_device *in,
+ const struct net_device *out,
+ const struct xt_match *match,
+ const void *matchinfo,
+ int offset,
+ unsigned int protoff,
+ bool *hotdrop)
#endif
{
const struct ipt_set_info_match *info = matchinfo;
@@ -56,30 +92,48 @@ match(const struct sk_buff *skb,
info->match_set.flags[0] & IPSET_MATCH_INV);
}
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23)
-static bool
-#else
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,16)
static int
-#endif
checkentry(const char *tablename,
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,16)
- const void *inf,
-#else
const struct ipt_ip *ip,
-#endif
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17)
+ void *matchinfo,
+ unsigned int matchsize,
+ unsigned int hook_mask)
+#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17)
+static int
+checkentry(const char *tablename,
+ const void *inf,
+ void *matchinfo,
+ unsigned int matchsize,
+ unsigned int hook_mask)
+#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19)
+static int
+checkentry(const char *tablename,
+ const void *inf,
const struct xt_match *match,
-#endif
void *matchinfo,
-#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19)
unsigned int matchsize,
-#endif
unsigned int hook_mask)
+#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,23)
+static int
+checkentry(const char *tablename,
+ const void *inf,
+ const struct xt_match *match,
+ void *matchinfo,
+ unsigned int hook_mask)
+#else /* LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23) */
+static bool
+checkentry(const char *tablename,
+ const void *inf,
+ const struct xt_match *match,
+ void *matchinfo,
+ unsigned int hook_mask)
+#endif
{
struct ipt_set_info_match *info = matchinfo;
ip_set_id_t index;
-#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19)
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17)
if (matchsize != IPT_ALIGN(sizeof(struct ipt_set_info_match))) {
ip_set_printk("invalid matchsize %d", matchsize);
return 0;
@@ -101,19 +155,21 @@ checkentry(const char *tablename,
return 1;
}
-static void destroy(
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17)
- const struct xt_match *match,
-#endif
-#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19)
- void *matchinfo, unsigned int matchsize)
-#else
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17)
+static void destroy(void *matchinfo,
+ unsigned int matchsize)
+#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19)
+static void destroy(const struct xt_match *match,
+ void *matchinfo,
+ unsigned int matchsize)
+#else /* LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19) */
+static void destroy(const struct xt_match *match,
void *matchinfo)
#endif
{
struct ipt_set_info_match *info = matchinfo;
-#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19)
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17)
if (matchsize != IPT_ALIGN(sizeof(struct ipt_set_info_match))) {
ip_set_printk("invalid matchsize %d", matchsize);
return;
@@ -122,37 +178,38 @@ static void destroy(
ip_set_put(info->match_set.index);
}
-static struct ipt_match set_match = {
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17)
+static struct xt_match set_match = {
+ .name = "set",
+ .match = &match,
+ .checkentry = &checkentry,
+ .destroy = &destroy,
+ .me = THIS_MODULE
+};
+#else /* LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17) */
+static struct xt_match set_match = {
.name = "set",
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,21)
.family = AF_INET,
-#endif
.match = &match,
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17)
.matchsize = sizeof(struct ipt_set_info_match),
-#endif
.checkentry = &checkentry,
.destroy = &destroy,
.me = THIS_MODULE
};
+#endif
MODULE_LICENSE("GPL");
MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>");
MODULE_DESCRIPTION("iptables IP set match module");
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,21)
-#define ipt_register_match xt_register_match
-#define ipt_unregister_match xt_unregister_match
-#endif
-
static int __init ipt_ipset_init(void)
{
- return ipt_register_match(&set_match);
+ return xt_register_match(&set_match);
}
static void __exit ipt_ipset_fini(void)
{
- ipt_unregister_match(&set_match);
+ xt_unregister_match(&set_match);
}
module_init(ipt_ipset_init);
diff --git a/kernel/patch_kernel b/kernel/patch_kernel
index f5b800b..a3f96f0 100755
--- a/kernel/patch_kernel
+++ b/kernel/patch_kernel
@@ -13,6 +13,17 @@ kconfig() {
echo "endmenu" >> $file
}
+config() {
+ file=$1/net/ipv4/netfilter/Config.in
+ if [ "`grep 'CONFIG_IP_NF_SET' $file`" ]; then
+ return
+ fi
+ mv $file $file.orig
+ grep -v endmenu $file.orig > $file
+ cat Config.in.ipset >> $file
+ echo "endmenu" >> $file
+}
+
makefile() {
file=$1/net/ipv4/netfilter/Makefile
if [ "`grep CONFIG_IP_NF_SET $file`" ]; then
@@ -22,6 +33,20 @@ makefile() {
cat Makefile.ipset >> $file
}
+oldmakefile() {
+ file=$1/net/ipv4/netfilter/Makefile
+ if [ "`grep CONFIG_IP_NF_SET $file`" ]; then
+ return
+ fi
+ lineno=`grep -n Rules.make $file | cut -f1 -d:`
+ lineno=$((lineno-1))
+ head -n $lineno $file > $file.head
+ lineno=$((lineno+1))
+ tail +$lineno $file > $file.tail
+ cp $file $file.orig
+ cat $file.head Makefile.ipset Makefile.export.ipset $file.tail > $file
+}
+
tree() {
cp include/linux/netfilter_ipv4/* $1/include/linux/netfilter_ipv4/
cp *.c $1/net/ipv4/netfilter/
@@ -31,11 +56,15 @@ if [ -z "$1" ]; then
echo "Error: missing kernel directory parameter."
exit 1
fi
-if [ ! -f $1/net/ipv4/netfilter/Kconfig ]; then
- echo "Error: the directory $1 doesn't look like a Linux 2.6.x kernel source tree."
+if [ -f $1/net/ipv4/netfilter/Kconfig ]; then
+ tree $1
+ kconfig $1
+ makefile $1
+elif [ -f $1/net/ipv4/netfilter/Config.in ]; then
+ tree $1
+ config $1
+ oldmakefile $1
+else
+ echo "Error: The directory $1 doesn't look like a Linux 2.4/2.6 kernel source tree."
exit 1
fi
-
-tree $1
-kconfig $1
-makefile $1