From 6a0ae483145159b0c903690c0313dbc03745c412 Mon Sep 17 00:00:00 2001 From: "/C=EU/ST=EU/CN=Jozsef Kadlecsik/emailAddress=kadlec@blackhole.kfki.hu" Date: Sat, 19 Jul 2008 20:48:19 +0000 Subject: Compatibility cleanup release: kernels >= 2.6.16 and 2.4.36.x are supported. --- ChangeLog | 5 + Makefile | 11 +- README | 8 +- ipset.c | 72 +++++----- ipset.h | 4 +- ipset_iphash.c | 43 +++--- ipset_ipmap.c | 41 +++--- ipset_ipporthash.c | 48 ++++--- ipset_iptree.c | 35 +++-- ipset_iptreemap.c | 26 ++-- ipset_macipmap.c | 47 ++++--- ipset_nethash.c | 48 ++++--- ipset_portmap.c | 40 +++--- kernel/Config.in.ipset | 15 +++ kernel/Makefile.export.ipset | 3 + kernel/include/linux/netfilter_ipv4/ip_set.h | 1 + .../include/linux/netfilter_ipv4/ip_set_compat.h | 70 ++++++++++ kernel/include/linux/netfilter_ipv4/ip_set_ipmap.h | 4 +- .../include/linux/netfilter_ipv4/ip_set_malloc.h | 12 +- kernel/ip_set.c | 2 +- kernel/ip_set_iphash.c | 16 +-- kernel/ip_set_ipmap.c | 15 --- kernel/ip_set_ipporthash.c | 43 +----- kernel/ip_set_iptree.c | 58 ++------ kernel/ip_set_iptreemap.c | 60 ++------- kernel/ip_set_macipmap.c | 25 ---- kernel/ip_set_nethash.c | 16 +-- kernel/ip_set_portmap.c | 12 -- kernel/ipt_SET.c | 133 +++++++++++++------ kernel/ipt_set.c | 147 ++++++++++++++------- kernel/patch_kernel | 41 +++++- tests/ipmap.t | 2 +- tests/ipporthash.t | 2 +- tests/iptree.t | 2 +- tests/iptreemap.t | 2 +- tests/macipmap.t | 2 +- tests/portmap.t | 2 +- 37 files changed, 608 insertions(+), 505 deletions(-) create mode 100644 kernel/Config.in.ipset create mode 100644 kernel/Makefile.export.ipset create mode 100644 kernel/include/linux/netfilter_ipv4/ip_set_compat.h diff --git a/ChangeLog b/ChangeLog index 77c8c22..3ae9066 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +[2.3.3] + - compatibility for the 2.6.x kernel tree improved and compiler warnings + fixed (Jan Engelhardt) + - compatibility fixes for the 2.4.36.x kernel tree added + [2.3.2] - including limits.h for UINT_MAX is required with glibc-2.8 (pud) - needless cast from and to void pointers cleanups in iptreemap (Sven Wegener) diff --git a/Makefile b/Makefile index 4381422..80f6ec1 100644 --- a/Makefile +++ b/Makefile @@ -14,7 +14,7 @@ ifndef IP_NF_SET_HASHSIZE IP_NF_SET_HASHSIZE=1024 endif -IPSET_VERSION:=2.3.2 +IPSET_VERSION:=2.3.3 PREFIX:=/usr/local LIBDIR:=$(PREFIX)/lib @@ -51,9 +51,10 @@ patch_kernel: cd kernel; ./patch_kernel $(KERNEL_DIR) modules: - @[ -f $(KERNEL_DIR)/net/ipv4/netfilter/Kconfig ] || (echo "Error: the directory '$(KERNEL_DIR)' doesn't look like a Linux 2.6.x kernel source tree." && exit 1) - @[ -f $(KERNEL_DIR)/.config ] || (echo "Error: the kernel source in '$(KERNEL_DIR)' must be configured" && exit 1) - @[ -f $(KERNEL_DIR)/Module.symvers ] || echo "Warning: you should run 'make modules' in '$(KERNEL_DIR)' beforehand" + @[ ! -f $(KERNEL_DIR)/net/ipv4/netfilter/Config.in ] || (echo "Error: The directory '$(KERNEL_DIR)' looks like a Linux 2.4.x kernel source tree, you have to patch it by 'make patch_kernel'." && exit 1) + @[ -f $(KERNEL_DIR)/net/ipv4/netfilter/Kconfig ] || (echo "Error: The directory '$(KERNEL_DIR)' doesn't look like a Linux 2.6.x kernel source tree." && exit 1) + @[ -f $(KERNEL_DIR)/.config ] || (echo "Error: The kernel source in '$(KERNEL_DIR)' must be configured" && exit 1) + @[ -f $(KERNEL_DIR)/Module.symvers ] || echo "Warning: You should run 'make modules' in '$(KERNEL_DIR)' beforehand" cd kernel; make -C $(KERNEL_DIR) M=`pwd` IP_NF_SET_MAX=$(IP_NF_SET_MAX) IP_NF_SET_HASHSIZE=$(IP_NF_SET_HASHSIZE) modules modules_install: modules @@ -63,7 +64,7 @@ install: binaries_install modules_install clean: $(EXTRA_CLEANS) rm -rf $(PROGRAMS) $(SHARED_LIBS) *.o *~ - cd kernel; make -C $(KERNEL_DIR) M=`pwd` clean + [ -f $(KERNEL_DIR)/net/ipv4/netfilter/Config.in ] || (cd kernel; make -C $(KERNEL_DIR) M=`pwd` clean) #The ipset(8) self ipset.o: ipset.c diff --git a/README b/README index a58da3b..a48782d 100644 --- a/README +++ b/README @@ -1,7 +1,7 @@ This is the ipset source tree. Follow these steps to install ipset: -0. You need the source tree of your kernel (version >= 2.6.16) and it have - to be configured, modules compiled. +0. You need the source tree of your kernel (version >= 2.6.16 or 2.4.36.x) + and it have to be configured, modules compiled. 1. Compile ipset and it's kernel modules @@ -27,8 +27,8 @@ That's it! Read the ipset(8) and iptables(8) manpages on how to use ipset and its match and target from iptables. -If you want to build a non-modular kernel, then proceed with the following -steps: +If you want to build a non-modular >= 2.6.16 kernel or has got a 2.4.36.x +kernel tree, then proceed with the following steps: 1. Compile the ipset binaries diff --git a/ipset.c b/ipset.c index 1857180..bd23758 100644 --- a/ipset.c +++ b/ipset.c @@ -50,7 +50,7 @@ void *restore_data = NULL; struct ip_set_restore *restore_set = NULL; size_t restore_offset = 0; socklen_t restore_size; -unsigned line = 0; +unsigned restore_line = 0; #define TEMPFILE_PATTERN "/ipsetXXXXXX" @@ -116,7 +116,7 @@ static struct option opts_long[] = { {"help", 2, 0, 'H'}, /* end */ - {0} + {NULL}, }; static char opts_short[] = @@ -152,7 +152,7 @@ static char commands_v_options[NUMBER_OF_CMD][NUMBER_OF_OPT] = { /* Main parser function */ int parse_commandline(int argc, char *argv[]); -void exit_tryhelp(int status) +static void exit_tryhelp(int status) { fprintf(stderr, "Try `%s -H' or '%s --help' for more information.\n", @@ -160,7 +160,7 @@ void exit_tryhelp(int status) exit(status); } -void exit_error(enum exittype status, char *msg, ...) +void exit_error(enum exittype status, const char *msg, ...) { va_list args; @@ -170,8 +170,8 @@ void exit_error(enum exittype status, char *msg, ...) vfprintf(stderr, msg, args); va_end(args); fprintf(stderr, "\n"); - if (line) - fprintf(stderr, "Restore failed at line %u:\n", line); + if (restore_line) + fprintf(stderr, "Restore failed at line %u:\n", restore_line); if (status == PARAMETER_PROBLEM) exit_tryhelp(status); if (status == VERSION_PROBLEM) @@ -183,7 +183,7 @@ void exit_error(enum exittype status, char *msg, ...) exit(status); } -void ipset_printf(char *msg, ...) +static void ipset_printf(char *msg, ...) { va_list args; @@ -893,12 +893,12 @@ static struct set *set_find_byname(const char *name) static ip_set_id_t set_find_free_index(const char *name) { - ip_set_id_t i, index = IP_SET_INVALID_ID; + ip_set_id_t i, idx = IP_SET_INVALID_ID; for (i = 0; i < max_sets; i++) { - if (index == IP_SET_INVALID_ID + if (idx == IP_SET_INVALID_ID && set_list[i] == NULL) - index = i; + idx = i; if (set_list[i] != NULL && strncmp(set_list[i]->name, name, IP_SET_MAXNAMELEN) == 0) @@ -907,13 +907,13 @@ static ip_set_id_t set_find_free_index(const char *name) name); } - if (index == IP_SET_INVALID_ID) + if (idx == IP_SET_INVALID_ID) exit_error(PARAMETER_PROBLEM, "Set %s cannot be restored, " "max number of set %u reached", name, max_sets); - return index; + return idx; } /* @@ -1032,7 +1032,7 @@ static void set_rename(const char *name, const char *newname, * Send MAX_SETS, LIST_SIZE and/or SAVE_SIZE orders to kernel */ static size_t load_set_list(const char name[IP_SET_MAXNAMELEN], - ip_set_id_t *index, + ip_set_id_t *idx, unsigned op, unsigned cmd) { void *data = NULL; @@ -1069,7 +1069,7 @@ tryagain: max_sets = req_max_sets.max_sets; set_list = ipset_malloc(max_sets * sizeof(struct set *)); memset(set_list, 0, max_sets * sizeof(struct set *)); - *index = req_max_sets.set.index; + *idx = req_max_sets.set.index; if (req_max_sets.sets == 0) /* No sets in kernel */ @@ -1080,7 +1080,7 @@ tryagain: + req_max_sets.sets * sizeof(struct ip_set_name_list); data = ipset_malloc(size); ((struct ip_set_req_setnames *) data)->op = op; - ((struct ip_set_req_setnames *) data)->index = *index; + ((struct ip_set_req_setnames *) data)->index = *idx; res = kernel_getfrom_handleerrno(cmd, data, &size); @@ -1219,12 +1219,12 @@ static int try_save_sets(const char name[IP_SET_MAXNAMELEN]) { void *data = NULL; socklen_t size, req_size = 0; - ip_set_id_t index; + ip_set_id_t idx; int res = 0, bindings = 0; time_t now = time(NULL); /* Load set_list from kernel */ - size = load_set_list(name, &index, + size = load_set_list(name, &idx, IP_SET_OP_SAVE_SIZE, CMD_SAVE); if (size) { @@ -1233,7 +1233,7 @@ static int try_save_sets(const char name[IP_SET_MAXNAMELEN]) req_size = (size += sizeof(struct ip_set_save)); data = ipset_malloc(size); ((struct ip_set_req_list *) data)->op = IP_SET_OP_SAVE; - ((struct ip_set_req_list *) data)->index = index; + ((struct ip_set_req_list *) data)->index = idx; res = kernel_getfrom_handleerrno(CMD_SAVE, data, &size); if (res != 0 || size != req_size) { @@ -1354,10 +1354,10 @@ static void set_restore(char *argv0) char buffer[1024]; char *ptr, *name = NULL; char cmd = ' '; - int line = 0, first_pass, i, bindings = 0; + int restore_line = 0, first_pass, i, bindings = 0; struct settype *settype = NULL; struct ip_set_req_setnames *header; - ip_set_id_t index; + ip_set_id_t idx; FILE *in; int res; @@ -1365,7 +1365,7 @@ static void set_restore(char *argv0) in = create_tempfile(); /* Load existing sets from kernel */ - load_set_list(IPSET_TOKEN_ALL, &index, + load_set_list(IPSET_TOKEN_ALL, &idx, IP_SET_OP_LIST_SIZE, CMD_RESTORE); restore_size = sizeof(struct ip_set_req_setnames)/* header */ @@ -1373,7 +1373,7 @@ static void set_restore(char *argv0) DP("restore_size: %u", restore_size); /* First pass: calculate required amount of data */ while (fgets(buffer, sizeof(buffer), in)) { - line++; + restore_line++; if (buffer[0] == '\n') continue; @@ -1396,7 +1396,7 @@ static void set_restore(char *argv0) || ptr[2] != '\0') { exit_error(PARAMETER_PROBLEM, "Line %u does not start as a valid restore command\n", - line); + restore_line); } cmd = ptr[1]; /* setname */ @@ -1405,7 +1405,7 @@ static void set_restore(char *argv0) if (ptr == NULL) exit_error(PARAMETER_PROBLEM, "Missing set name in line %u\n", - line); + restore_line); DP("cmd %c", cmd); switch (cmd) { case 'N': { @@ -1415,11 +1415,11 @@ static void set_restore(char *argv0) if (ptr == NULL) exit_error(PARAMETER_PROBLEM, "Missing settype in line %u\n", - line); + restore_line); if (bindings) exit_error(PARAMETER_PROBLEM, "Invalid line %u: create must precede bindings\n", - line); + restore_line); settype = check_set_typename(ptr); restore_size += sizeof(struct ip_set_restore) + settype->create_size; @@ -1432,11 +1432,11 @@ static void set_restore(char *argv0) exit_error(PARAMETER_PROBLEM, "Add IP to set %s in line %u without " "preceding corresponding create set line\n", - ptr, line); + ptr, restore_line); if (bindings) exit_error(PARAMETER_PROBLEM, "Invalid line %u: adding entries must precede bindings\n", - line); + restore_line); restore_size += settype->adt_size; DP("restore_size (A): %u", restore_size); break; @@ -1450,7 +1450,7 @@ static void set_restore(char *argv0) default: { exit_error(PARAMETER_PROBLEM, "Unrecognized restore command in line %u\n", - line); + restore_line); } } /* end of switch */ } @@ -1467,15 +1467,15 @@ static void set_restore(char *argv0) /* Rewind to scan the file again */ fseek(in, 0L, SEEK_SET); - first_pass = line; - line = 0; + first_pass = restore_line; + restore_line = 0; /* Initialize newargv/newargc */ newargv[newargc++] = ipset_strdup(argv0); /* Second pass: build up restore request */ while (fgets(buffer, sizeof(buffer), in)) { - line++; + restore_line++; if (buffer[0] == '\n') continue; @@ -1485,7 +1485,7 @@ static void set_restore(char *argv0) goto do_restore; DP("restoring: %s", buffer); /* Build faked argv, argc */ - build_argv(line, buffer); + build_argv(restore_line, buffer); for (i = 0; i < newargc; i++) DP("argv[%u]: %s", i, newargv[i]); @@ -1794,20 +1794,20 @@ static int try_list_sets(const char name[IP_SET_MAXNAMELEN], unsigned options) { void *data = NULL; - ip_set_id_t index; + ip_set_id_t idx; socklen_t size, req_size; int res = 0; DP("%s", name); /* Load set_list from kernel */ - size = req_size = load_set_list(name, &index, + size = req_size = load_set_list(name, &idx, IP_SET_OP_LIST_SIZE, CMD_LIST); if (size) { /* Get sets and print them */ data = ipset_malloc(size); ((struct ip_set_req_list *) data)->op = IP_SET_OP_LIST; - ((struct ip_set_req_list *) data)->index = index; + ((struct ip_set_req_list *) data)->index = idx; res = kernel_getfrom_handleerrno(CMD_LIST, data, &size); DP("get_lists getsockopt() res=%d errno=%d", res, errno); diff --git a/ipset.h b/ipset.h index 4ac2da9..ad43f65 100644 --- a/ipset.h +++ b/ipset.h @@ -108,7 +108,7 @@ struct settype { void (*create_final) (void *data, unsigned int flags); /* Pointer to list of extra command-line options for create */ - struct option *create_opts; + const struct option *create_opts; /* * Add/del/test IP @@ -165,7 +165,7 @@ extern void settype_register(struct settype *settype); /* extern void unregister_settype(set_type_t *set_type); */ -extern void exit_error(enum exittype status, char *msg, ...); +extern void exit_error(enum exittype status, const char *msg, ...); extern char *binding_ip_tostring(struct set *set, ip_set_ip_t ip, unsigned options); diff --git a/ipset_iphash.c b/ipset_iphash.c index 0169666..573ad63 100644 --- a/ipset_iphash.c +++ b/ipset_iphash.c @@ -41,7 +41,8 @@ #define OPT_CREATE_NETMASK 0x08U /* Initialize the create. */ -void create_init(void *data) +static void +create_init(void *data) { struct ip_set_req_iphash_create *mydata = (struct ip_set_req_iphash_create *) data; @@ -57,7 +58,8 @@ void create_init(void *data) } /* Function which parses command options; returns true if it ate an option */ -int create_parse(int c, char *argv[], void *data, unsigned *flags) +static int +create_parse(int c, char *argv[], void *data, unsigned *flags) { struct ip_set_req_iphash_create *mydata = (struct ip_set_req_iphash_create *) data; @@ -125,7 +127,8 @@ int create_parse(int c, char *argv[], void *data, unsigned *flags) } /* Final check; exit if not ok. */ -void create_final(void *data, unsigned int flags) +static void +create_final(void *data, unsigned int flags) { #ifdef IPSET_DEBUG struct ip_set_req_iphash_create *mydata = @@ -137,16 +140,17 @@ void create_final(void *data, unsigned int flags) } /* Create commandline options */ -static struct option create_opts[] = { - {"hashsize", 1, 0, '1'}, - {"probes", 1, 0, '2'}, - {"resize", 1, 0, '3'}, - {"netmask", 1, 0, '4'}, - {0} +static const struct option create_opts[] = { + {.name = "hashsize", .has_arg = required_argument, .val = '1'}, + {.name = "probes", .has_arg = required_argument, .val = '2'}, + {.name = "resize", .has_arg = required_argument, .val = '3'}, + {.name = "netmask", .has_arg = required_argument, .val = '4'}, + {NULL}, }; /* Add, del, test parser */ -ip_set_ip_t adt_parser(unsigned cmd, const char *optarg, void *data) +static ip_set_ip_t +adt_parser(unsigned cmd, const char *optarg, void *data) { struct ip_set_req_iphash *mydata = (struct ip_set_req_iphash *) data; @@ -163,7 +167,8 @@ ip_set_ip_t adt_parser(unsigned cmd, const char *optarg, void *data) * Print and save */ -void initheader(struct set *set, const void *data) +static void +initheader(struct set *set, const void *data) { struct ip_set_req_iphash_create *header = (struct ip_set_req_iphash_create *) data; @@ -177,7 +182,7 @@ void initheader(struct set *set, const void *data) map->netmask = header->netmask; } -unsigned int +static unsigned int mask_to_bits(ip_set_ip_t mask) { unsigned int bits = 32; @@ -193,7 +198,8 @@ mask_to_bits(ip_set_ip_t mask) return bits; } -void printheader(struct set *set, unsigned options) +static void +printheader(struct set *set, unsigned options) { struct ip_set_iphash *mysetdata = (struct ip_set_iphash *) set->settype->header; @@ -207,7 +213,8 @@ void printheader(struct set *set, unsigned options) printf(" netmask: %d\n", mask_to_bits(mysetdata->netmask)); } -void printips(struct set *set, void *data, size_t len, unsigned options) +static void +printips(struct set *set, void *data, size_t len, unsigned options) { size_t offset = 0; ip_set_ip_t *ip; @@ -220,7 +227,8 @@ void printips(struct set *set, void *data, size_t len, unsigned options) } } -void saveheader(struct set *set, unsigned options) +static void +saveheader(struct set *set, unsigned options) { struct ip_set_iphash *mysetdata = (struct ip_set_iphash *) set->settype->header; @@ -235,7 +243,8 @@ void saveheader(struct set *set, unsigned options) } /* Print save for an IP */ -void saveips(struct set *set, void *data, size_t len, unsigned options) +static void +saveips(struct set *set, void *data, size_t len, unsigned options) { size_t offset = 0; ip_set_ip_t *ip; @@ -249,7 +258,7 @@ void saveips(struct set *set, void *data, size_t len, unsigned options) } } -void usage(void) +static void usage(void) { printf ("-N set iphash [--hashsize hashsize] [--probes probes ]\n" diff --git a/ipset_ipmap.c b/ipset_ipmap.c index df8efbf..d628767 100644 --- a/ipset_ipmap.c +++ b/ipset_ipmap.c @@ -37,7 +37,8 @@ #define OPT_ADDDEL_IP 0x01U /* Initialize the create. */ -void create_init(void *data) +static void +create_init(void *data) { struct ip_set_req_ipmap_create *mydata = (struct ip_set_req_ipmap_create *) data; @@ -47,7 +48,8 @@ void create_init(void *data) } /* Function which parses command options; returns true if it ate an option */ -int create_parse(int c, char *argv[], void *data, unsigned *flags) +static int +create_parse(int c, char *argv[], void *data, unsigned *flags) { struct ip_set_req_ipmap_create *mydata = (struct ip_set_req_ipmap_create *) data; @@ -119,7 +121,8 @@ int create_parse(int c, char *argv[], void *data, unsigned *flags) #define ERRSTRLEN 256 /* Final check; exit if not ok. */ -void create_final(void *data, unsigned int flags) +static void +create_final(void *data, unsigned int flags) { struct ip_set_req_ipmap_create *mydata = (struct ip_set_req_ipmap_create *) data; @@ -196,16 +199,17 @@ void create_final(void *data, unsigned int flags) } /* Create commandline options */ -static struct option create_opts[] = { - {"from", 1, 0, '1'}, - {"to", 1, 0, '2'}, - {"network", 1, 0, '3'}, - {"netmask", 1, 0, '4'}, - {0} +static const struct option create_opts[] = { + {.name = "from", .has_arg = required_argument, .val = '1'}, + {.name = "to", .has_arg = required_argument, .val = '2'}, + {.name = "network", .has_arg = required_argument, .val = '3'}, + {.name = "netmask", .has_arg = required_argument, .val = '4'}, + {NULL}, }; /* Add, del, test parser */ -ip_set_ip_t adt_parser(unsigned cmd, const char *optarg, void *data) +static ip_set_ip_t +adt_parser(unsigned cmd, const char *optarg, void *data) { struct ip_set_req_ipmap *mydata = (struct ip_set_req_ipmap *) data; @@ -222,7 +226,8 @@ ip_set_ip_t adt_parser(unsigned cmd, const char *optarg, void *data) * Print and save */ -void initheader(struct set *set, const void *data) +static void +initheader(struct set *set, const void *data) { struct ip_set_req_ipmap_create *header = (struct ip_set_req_ipmap_create *) data; @@ -252,7 +257,8 @@ void initheader(struct set *set, const void *data) DP("%i %i", map->hosts, map->sizeid ); } -void printheader(struct set *set, unsigned options) +static void +printheader(struct set *set, unsigned options) { struct ip_set_ipmap *mysetdata = (struct ip_set_ipmap *) set->settype->header; @@ -265,7 +271,8 @@ void printheader(struct set *set, unsigned options) printf(" netmask: %d\n", mask_to_bits(mysetdata->netmask)); } -void printips_sorted(struct set *set, void *data, size_t len, unsigned options) +static void +printips_sorted(struct set *set, void *data, size_t len, unsigned options) { struct ip_set_ipmap *mysetdata = (struct ip_set_ipmap *) set->settype->header; @@ -279,7 +286,8 @@ void printips_sorted(struct set *set, void *data, size_t len, unsigned options) options)); } -void saveheader(struct set *set, unsigned options) +static void +saveheader(struct set *set, unsigned options) { struct ip_set_ipmap *mysetdata = (struct ip_set_ipmap *) set->settype->header; @@ -296,7 +304,8 @@ void saveheader(struct set *set, unsigned options) mask_to_bits(mysetdata->netmask)); } -void saveips(struct set *set, void *data, size_t len, unsigned options) +static void +saveips(struct set *set, void *data, size_t len, unsigned options) { struct ip_set_ipmap *mysetdata = (struct ip_set_ipmap *) set->settype->header; @@ -312,7 +321,7 @@ void saveips(struct set *set, void *data, size_t len, unsigned options) options)); } -void usage(void) +static void usage(void) { printf ("-N set ipmap --from IP --to IP [--netmask CIDR-netmask]\n" diff --git a/ipset_ipporthash.c b/ipset_ipporthash.c index d81dab6..c090744 100644 --- a/ipset_ipporthash.c +++ b/ipset_ipporthash.c @@ -41,7 +41,8 @@ #define OPT_CREATE_TO 0x20U /* Initialize the create. */ -void create_init(void *data) +static void +create_init(void *data) { struct ip_set_req_ipporthash_create *mydata = (struct ip_set_req_ipporthash_create *) data; @@ -55,7 +56,8 @@ void create_init(void *data) } /* Function which parses command options; returns true if it ate an option */ -int create_parse(int c, char *argv[], void *data, unsigned *flags) +static int +create_parse(int c, char *argv[], void *data, unsigned *flags) { struct ip_set_req_ipporthash_create *mydata = (struct ip_set_req_ipporthash_create *) data; @@ -146,7 +148,8 @@ int create_parse(int c, char *argv[], void *data, unsigned *flags) } /* Final check; exit if not ok. */ -void create_final(void *data, unsigned int flags) +static void +create_final(void *data, unsigned int flags) { struct ip_set_req_ipporthash_create *mydata = (struct ip_set_req_ipporthash_create *) data; @@ -187,18 +190,19 @@ void create_final(void *data, unsigned int flags) } /* Create commandline options */ -static struct option create_opts[] = { - {"hashsize", 1, 0, '1'}, - {"probes", 1, 0, '2'}, - {"resize", 1, 0, '3'}, - {"from", 1, 0, '4'}, - {"to", 1, 0, '5'}, - {"network", 1, 0, '6'}, - {0} +static const struct option create_opts[] = { + {.name = "hashsize", .has_arg = required_argument, .val = '1'}, + {.name = "probes", .has_arg = required_argument, .val = '2'}, + {.name = "resize", .has_arg = required_argument, .val = '3'}, + {.name = "from", .has_arg = required_argument, .val = '4'}, + {.name = "to", .has_arg = required_argument, .val = '5'}, + {.name = "network", .has_arg = required_argument, .val = '6'}, + {NULL}, }; /* Add, del, test parser */ -ip_set_ip_t adt_parser(unsigned cmd, const char *optarg, void *data) +static ip_set_ip_t +adt_parser(unsigned cmd, const char *optarg, void *data) { struct ip_set_req_ipporthash *mydata = (struct ip_set_req_ipporthash *) data; @@ -223,7 +227,8 @@ ip_set_ip_t adt_parser(unsigned cmd, const char *optarg, void *data) * Print and save */ -void initheader(struct set *set, const void *data) +static void +initheader(struct set *set, const void *data) { struct ip_set_req_ipporthash_create *header = (struct ip_set_req_ipporthash_create *) data; @@ -238,7 +243,8 @@ void initheader(struct set *set, const void *data) map->last_ip = header->to; } -void printheader(struct set *set, unsigned options) +static void +printheader(struct set *set, unsigned options) { struct ip_set_ipporthash *mysetdata = (struct ip_set_ipporthash *) set->settype->header; @@ -250,7 +256,8 @@ void printheader(struct set *set, unsigned options) printf(" resize: %u\n", mysetdata->resize); } -void printips(struct set *set, void *data, size_t len, unsigned options) +static void +printips(struct set *set, void *data, size_t len, unsigned options) { struct ip_set_ipporthash *mysetdata = (struct ip_set_ipporthash *) set->settype->header; @@ -271,7 +278,8 @@ void printips(struct set *set, void *data, size_t len, unsigned options) } } -void saveheader(struct set *set, unsigned options) +static void +saveheader(struct set *set, unsigned options) { struct ip_set_ipporthash *mysetdata = (struct ip_set_ipporthash *) set->settype->header; @@ -286,7 +294,8 @@ void saveheader(struct set *set, unsigned options) } /* Print save for an IP */ -void saveips(struct set *set, void *data, size_t len, unsigned options) +static void +saveips(struct set *set, void *data, size_t len, unsigned options) { struct ip_set_ipporthash *mysetdata = (struct ip_set_ipporthash *) set->settype->header; @@ -309,7 +318,8 @@ void saveips(struct set *set, void *data, size_t len, unsigned options) static char buffer[22]; -static char * unpack_ipport_tostring(struct set *set, ip_set_ip_t bip, unsigned options) +static char * +unpack_ipport_tostring(struct set *set, ip_set_ip_t bip, unsigned options) { struct ip_set_ipporthash *mysetdata = (struct ip_set_ipporthash *) set->settype->header; @@ -323,7 +333,7 @@ static char * unpack_ipport_tostring(struct set *set, ip_set_ip_t bip, unsigned return buffer; } -void usage(void) +static void usage(void) { printf ("-N set ipporthash --from IP --to IP\n" diff --git a/ipset_iptree.c b/ipset_iptree.c index f2c9a5c..379c113 100644 --- a/ipset_iptree.c +++ b/ipset_iptree.c @@ -31,7 +31,8 @@ #define OPT_CREATE_TIMEOUT 0x01U /* Initialize the create. */ -void create_init(void *data) +static void +create_init(void *data) { struct ip_set_req_iptree_create *mydata = (struct ip_set_req_iptree_create *) data; @@ -41,7 +42,8 @@ void create_init(void *data) } /* Function which parses command options; returns true if it ate an option */ -int create_parse(int c, char *argv[], void *data, unsigned *flags) +static int +create_parse(int c, char *argv[], void *data, unsigned *flags) { struct ip_set_req_iptree_create *mydata = (struct ip_set_req_iptree_create *) data; @@ -65,18 +67,20 @@ int create_parse(int c, char *argv[], void *data, unsigned *flags) } /* Final check; exit if not ok. */ -void create_final(void *data, unsigned int flags) +static void +create_final(void *data, unsigned int flags) { } /* Create commandline options */ -static struct option create_opts[] = { - {"timeout", 1, 0, '1'}, - {0} +static const struct option create_opts[] = { + {.name = "timeout", .has_arg = required_argument, .val = '1'}, + {NULL}, }; /* Add, del, test parser */ -ip_set_ip_t adt_parser(unsigned cmd, const char *optarg, void *data) +static ip_set_ip_t +adt_parser(unsigned cmd, const char *optarg, void *data) { struct ip_set_req_iptree *mydata = (struct ip_set_req_iptree *) data; @@ -101,7 +105,8 @@ ip_set_ip_t adt_parser(unsigned cmd, const char *optarg, void *data) * Print and save */ -void initheader(struct set *set, const void *data) +static void +initheader(struct set *set, const void *data) { struct ip_set_req_iptree_create *header = (struct ip_set_req_iptree_create *) data; @@ -111,7 +116,8 @@ void initheader(struct set *set, const void *data) map->timeout = header->timeout; } -void printheader(struct set *set, unsigned options) +static void +printheader(struct set *set, unsigned options) { struct ip_set_iptree *mysetdata = (struct ip_set_iptree *) set->settype->header; @@ -121,7 +127,8 @@ void printheader(struct set *set, unsigned options) printf("\n"); } -void printips_sorted(struct set *set, void *data, size_t len, unsigned options) +static void +printips_sorted(struct set *set, void *data, size_t len, unsigned options) { struct ip_set_iptree *mysetdata = (struct ip_set_iptree *) set->settype->header; @@ -139,7 +146,8 @@ void printips_sorted(struct set *set, void *data, size_t len, unsigned options) } } -void saveheader(struct set *set, unsigned options) +static void +saveheader(struct set *set, unsigned options) { struct ip_set_iptree *mysetdata = (struct ip_set_iptree *) set->settype->header; @@ -153,7 +161,8 @@ void saveheader(struct set *set, unsigned options) set->name, set->settype->typename); } -void saveips(struct set *set, void *data, size_t len, unsigned options) +static void +saveips(struct set *set, void *data, size_t len, unsigned options) { struct ip_set_iptree *mysetdata = (struct ip_set_iptree *) set->settype->header; @@ -177,7 +186,7 @@ void saveips(struct set *set, void *data, size_t len, unsigned options) } } -void usage(void) +static void usage(void) { printf ("-N set iptree [--timeout value]\n" diff --git a/ipset_iptreemap.c b/ipset_iptreemap.c index 4588db3..9448339 100644 --- a/ipset_iptreemap.c +++ b/ipset_iptreemap.c @@ -28,7 +28,7 @@ #define OPT_CREATE_GC 0x1 -void +static void create_init(void *data) { struct ip_set_req_iptreemap_create *mydata = data; @@ -36,7 +36,7 @@ create_init(void *data) mydata->gc_interval = 0; } -int +static int create_parse(int c, char *argv[], void *data, unsigned int *flags) { struct ip_set_req_iptreemap_create *mydata = data; @@ -55,17 +55,17 @@ create_parse(int c, char *argv[], void *data, unsigned int *flags) return 1; } -void +static void create_final(void *data, unsigned int flags) { } -static struct option create_opts[] = { - {"gc", 1, 0, 'g'}, - {0} +static const struct option create_opts[] = { + {.name = "gc", .has_arg = required_argument, .val = 'g'}, + {NULL}, }; -ip_set_ip_t +static ip_set_ip_t adt_parser(unsigned int cmd, const char *optarg, void *data) { struct ip_set_req_iptreemap *mydata = data; @@ -91,7 +91,7 @@ adt_parser(unsigned int cmd, const char *optarg, void *data) return 1; } -void +static void initheader(struct set *set, const void *data) { const struct ip_set_req_iptreemap_create *header = data; @@ -100,7 +100,7 @@ initheader(struct set *set, const void *data) map->gc_interval = header->gc_interval; } -void +static void printheader(struct set *set, unsigned int options) { struct ip_set_iptreemap *mysetdata = set->settype->header; @@ -111,7 +111,7 @@ printheader(struct set *set, unsigned int options) printf("\n"); } -void +static void printips_sorted(struct set *set, void *data, size_t len, unsigned int options) { struct ip_set_req_iptreemap *req; @@ -129,7 +129,7 @@ printips_sorted(struct set *set, void *data, size_t len, unsigned int options) } } -void +static void saveheader(struct set *set, unsigned int options) { struct ip_set_iptreemap *mysetdata = set->settype->header; @@ -142,7 +142,7 @@ saveheader(struct set *set, unsigned int options) printf("\n"); } -void +static void saveips(struct set *set, void *data, size_t len, unsigned int options) { struct ip_set_req_iptreemap *req; @@ -162,7 +162,7 @@ saveips(struct set *set, void *data, size_t len, unsigned int options) } } -void +static void usage(void) { printf( diff --git a/ipset_macipmap.c b/ipset_macipmap.c index 3385f19..a243dc4 100644 --- a/ipset_macipmap.c +++ b/ipset_macipmap.c @@ -40,14 +40,16 @@ #define OPT_ADDDEL_MAC 0x02U /* Initialize the create. */ -void create_init(void *data) +static void +create_init(void *data) { DP("create INIT"); /* Nothing */ } /* Function which parses command options; returns true if it ate an option */ -int create_parse(int c, char *argv[], void *data, unsigned *flags) +static int +create_parse(int c, char *argv[], void *data, unsigned *flags) { struct ip_set_req_macipmap_create *mydata = (struct ip_set_req_macipmap_create *) data; @@ -107,7 +109,8 @@ int create_parse(int c, char *argv[], void *data, unsigned *flags) } /* Final check; exit if not ok. */ -void create_final(void *data, unsigned int flags) +static void +create_final(void *data, unsigned int flags) { struct ip_set_req_macipmap_create *mydata = (struct ip_set_req_macipmap_create *) data; @@ -145,15 +148,16 @@ void create_final(void *data, unsigned int flags) } /* Create commandline options */ -static struct option create_opts[] = { - {"from", 1, 0, '1'}, - {"to", 1, 0, '2'}, - {"network", 1, 0, '3'}, - {"matchunset", 0, 0, '4'}, - {0} +static const struct option create_opts[] = { + {.name = "from", .has_arg = required_argument, .val = '1'}, + {.name = "to", .has_arg = required_argument, .val = '2'}, + {.name = "network", .has_arg = required_argument, .val = '3'}, + {.name = "matchunset", .has_arg = no_argument, .val = '4'}, + {NULL}, }; -static void parse_mac(const char *mac, unsigned char *ethernet) +static void +parse_mac(const char *mac, unsigned char *ethernet) { unsigned int i = 0; @@ -175,7 +179,8 @@ static void parse_mac(const char *mac, unsigned char *ethernet) } /* Add, del, test parser */ -ip_set_ip_t adt_parser(unsigned cmd, const char *optarg, void *data) +static ip_set_ip_t +adt_parser(unsigned cmd, const char *optarg, void *data) { struct ip_set_req_macipmap *mydata = (struct ip_set_req_macipmap *) data; @@ -200,7 +205,8 @@ ip_set_ip_t adt_parser(unsigned cmd, const char *optarg, void *data) * Print and save */ -void initheader(struct set *set, const void *data) +static void +initheader(struct set *set, const void *data) { struct ip_set_req_macipmap_create *header = (struct ip_set_req_macipmap_create *) data; @@ -213,7 +219,8 @@ void initheader(struct set *set, const void *data) map->flags = header->flags; } -void printheader(struct set *set, unsigned options) +static void +printheader(struct set *set, unsigned options) { struct ip_set_macipmap *mysetdata = (struct ip_set_macipmap *) set->settype->header; @@ -226,7 +233,8 @@ void printheader(struct set *set, unsigned options) printf("\n"); } -static void print_mac(unsigned char macaddress[ETH_ALEN]) +static void +print_mac(unsigned char macaddress[ETH_ALEN]) { unsigned int i; @@ -235,7 +243,8 @@ static void print_mac(unsigned char macaddress[ETH_ALEN]) printf(":%02X", macaddress[i]); } -void printips_sorted(struct set *set, void *data, size_t len, unsigned options) +static void +printips_sorted(struct set *set, void *data, size_t len, unsigned options) { struct ip_set_macipmap *mysetdata = (struct ip_set_macipmap *) set->settype->header; @@ -255,7 +264,8 @@ void printips_sorted(struct set *set, void *data, size_t len, unsigned options) } } -void saveheader(struct set *set, unsigned options) +static void +saveheader(struct set *set, unsigned options) { struct ip_set_macipmap *mysetdata = (struct ip_set_macipmap *) set->settype->header; @@ -270,7 +280,8 @@ void saveheader(struct set *set, unsigned options) printf("\n"); } -void saveips(struct set *set, void *data, size_t len, unsigned options) +static void +saveips(struct set *set, void *data, size_t len, unsigned options) { struct ip_set_macipmap *mysetdata = (struct ip_set_macipmap *) set->settype->header; @@ -291,7 +302,7 @@ void saveips(struct set *set, void *data, size_t len, unsigned options) } } -void usage(void) +static void usage(void) { printf ("-N set macipmap --from IP --to IP [--matchunset]\n" diff --git a/ipset_nethash.c b/ipset_nethash.c index fda3dbe..1e7aa41 100644 --- a/ipset_nethash.c +++ b/ipset_nethash.c @@ -40,7 +40,8 @@ #define OPT_CREATE_RESIZE 0x04U /* Initialize the create. */ -void create_init(void *data) +static void +create_init(void *data) { struct ip_set_req_nethash_create *mydata = (struct ip_set_req_nethash_create *) data; @@ -54,7 +55,8 @@ void create_init(void *data) } /* Function which parses command options; returns true if it ate an option */ -int create_parse(int c, char *argv[], void *data, unsigned *flags) +static int +create_parse(int c, char *argv[], void *data, unsigned *flags) { struct ip_set_req_nethash_create *mydata = (struct ip_set_req_nethash_create *) data; @@ -106,7 +108,8 @@ int create_parse(int c, char *argv[], void *data, unsigned *flags) } /* Final check; exit if not ok. */ -void create_final(void *data, unsigned int flags) +static void +create_final(void *data, unsigned int flags) { #ifdef IPSET_DEBUG struct ip_set_req_nethash_create *mydata = @@ -118,15 +121,16 @@ void create_final(void *data, unsigned int flags) } /* Create commandline options */ -static struct option create_opts[] = { - {"hashsize", 1, 0, '1'}, - {"probes", 1, 0, '2'}, - {"resize", 1, 0, '3'}, - {0} +static const struct option create_opts[] = { + {.name = "hashsize", .has_arg = required_argument, .val = '1'}, + {.name = "probes", .has_arg = required_argument, .val = '2'}, + {.name = "resize", .has_arg = required_argument, .val = '3'}, + {NULL}, }; /* Add, del, test parser */ -ip_set_ip_t adt_parser(unsigned cmd, const char *optarg, void *data) +static ip_set_ip_t +adt_parser(unsigned cmd, const char *optarg, void *data) { struct ip_set_req_nethash *mydata = (struct ip_set_req_nethash *) data; @@ -161,7 +165,8 @@ ip_set_ip_t adt_parser(unsigned cmd, const char *optarg, void *data) * Print and save */ -void initheader(struct set *set, const void *data) +static void +initheader(struct set *set, const void *data) { struct ip_set_req_nethash_create *header = (struct ip_set_req_nethash_create *) data; @@ -174,7 +179,8 @@ void initheader(struct set *set, const void *data) map->resize = header->resize; } -void printheader(struct set *set, unsigned options) +static void +printheader(struct set *set, unsigned options) { struct ip_set_nethash *mysetdata = (struct ip_set_nethash *) set->settype->header; @@ -186,7 +192,8 @@ void printheader(struct set *set, unsigned options) static char buf[20]; -static char * unpack_ip_tostring(ip_set_ip_t ip, unsigned options) +static char * +unpack_ip_tostring(ip_set_ip_t ip, unsigned options) { int i, j = 3; unsigned char a, b; @@ -237,7 +244,8 @@ static char * unpack_ip_tostring(ip_set_ip_t ip, unsigned options) return buf; } -void printips(struct set *set, void *data, size_t len, unsigned options) +static void +printips(struct set *set, void *data, size_t len, unsigned options) { size_t offset = 0; ip_set_ip_t *ip; @@ -250,7 +258,8 @@ void printips(struct set *set, void *data, size_t len, unsigned options) } } -void saveheader(struct set *set, unsigned options) +static void +saveheader(struct set *set, unsigned options) { struct ip_set_nethash *mysetdata = (struct ip_set_nethash *) set->settype->header; @@ -261,7 +270,8 @@ void saveheader(struct set *set, unsigned options) } /* Print save for an IP */ -void saveips(struct set *set, void *data, size_t len, unsigned options) +static void +saveips(struct set *set, void *data, size_t len, unsigned options) { size_t offset = 0; ip_set_ip_t *ip; @@ -275,12 +285,14 @@ void saveips(struct set *set, void *data, size_t len, unsigned options) } } -static char * net_tostring(struct set *set, ip_set_ip_t ip, unsigned options) +static char * +net_tostring(struct set *set, ip_set_ip_t ip, unsigned options) { return unpack_ip_tostring(ip, options); } -static void parse_net(const char *str, ip_set_ip_t *ip) +static void +parse_net(const char *str, ip_set_ip_t *ip) { char *saved = strdup(str); char *ptr, *tmp = saved; @@ -302,7 +314,7 @@ static void parse_net(const char *str, ip_set_ip_t *ip) *ip = pack(*ip, cidr); } -void usage(void) +static void usage(void) { printf ("-N set nethash [--hashsize hashsize] [--probes probes ]\n" diff --git a/ipset_portmap.c b/ipset_portmap.c index 1d4f807..1237e52 100644 --- a/ipset_portmap.c +++ b/ipset_portmap.c @@ -34,14 +34,16 @@ #define OPT_ADDDEL_PORT 0x01U /* Initialize the create. */ -void create_init(void *data) +static void +create_init(void *data) { DP("create INIT"); /* Nothing */ } /* Function which parses command options; returns true if it ate an option */ -int create_parse(int c, char *argv[], void *data, unsigned *flags) +static int +create_parse(int c, char *argv[], void *data, unsigned *flags) { struct ip_set_req_portmap_create *mydata = (struct ip_set_req_portmap_create *) data; @@ -77,7 +79,8 @@ int create_parse(int c, char *argv[], void *data, unsigned *flags) } /* Final check; exit if not ok. */ -void create_final(void *data, unsigned int flags) +static void +create_final(void *data, unsigned int flags) { struct ip_set_req_portmap_create *mydata = (struct ip_set_req_portmap_create *) data; @@ -107,14 +110,15 @@ void create_final(void *data, unsigned int flags) } /* Create commandline options */ -static struct option create_opts[] = { - {"from", 1, 0, '1'}, - {"to", 1, 0, '2'}, - {0} +static const struct option create_opts[] = { + {.name = "from", .has_arg = required_argument, .val = '1'}, + {.name = "to", .has_arg = required_argument, .val = '2'}, + {NULL}, }; /* Add, del, test parser */ -ip_set_ip_t adt_parser(unsigned cmd, const char *optarg, void *data) +static ip_set_ip_t +adt_parser(unsigned cmd, const char *optarg, void *data) { struct ip_set_req_portmap *mydata = (struct ip_set_req_portmap *) data; @@ -129,7 +133,8 @@ ip_set_ip_t adt_parser(unsigned cmd, const char *optarg, void *data) * Print and save */ -void initheader(struct set *set, const void *data) +static void +initheader(struct set *set, const void *data) { struct ip_set_req_portmap_create *header = (struct ip_set_req_portmap_create *) data; @@ -141,7 +146,8 @@ void initheader(struct set *set, const void *data) map->last_port = header->to; } -void printheader(struct set *set, unsigned options) +static void +printheader(struct set *set, unsigned options) { struct ip_set_portmap *mysetdata = (struct ip_set_portmap *) set->settype->header; @@ -150,7 +156,8 @@ void printheader(struct set *set, unsigned options) printf(" to: %s\n", port_tostring(mysetdata->last_port, options)); } -void printports_sorted(struct set *set, void *data, size_t len, unsigned options) +static void +printports_sorted(struct set *set, void *data, size_t len, unsigned options) { struct ip_set_portmap *mysetdata = (struct ip_set_portmap *) set->settype->header; @@ -164,12 +171,14 @@ void printports_sorted(struct set *set, void *data, size_t len, unsigned options } } -char * binding_port_tostring(struct set *set, ip_set_ip_t ip, unsigned options) +static char * +binding_port_tostring(struct set *set, ip_set_ip_t ip, unsigned options) { return port_tostring(ip, options); } -void saveheader(struct set *set, unsigned options) +static void +saveheader(struct set *set, unsigned options) { struct ip_set_portmap *mysetdata = (struct ip_set_portmap *) set->settype->header; @@ -182,7 +191,8 @@ void saveheader(struct set *set, unsigned options) port_tostring(mysetdata->last_port, options)); } -void saveports(struct set *set, void *data, size_t len, unsigned options) +static void +saveports(struct set *set, void *data, size_t len, unsigned options) { struct ip_set_portmap *mysetdata = (struct ip_set_portmap *) set->settype->header; @@ -197,7 +207,7 @@ void saveports(struct set *set, void *data, size_t len, unsigned options) } } -void usage(void) +static void usage(void) { printf ("-N set portmap --from PORT --to PORT\n" diff --git a/kernel/Config.in.ipset b/kernel/Config.in.ipset new file mode 100644 index 0000000..0758f0a --- /dev/null +++ b/kernel/Config.in.ipset @@ -0,0 +1,15 @@ + dep_tristate ' IP set support' CONFIG_IP_NF_SET $CONFIG_IP_NF_IPTABLES + if [ "$CONFIG_IP_NF_SET" != "n" ]; then + int ' Maximum number of sets' CONFIG_IP_NF_SET_MAX 256 + int ' Hash size for bindings of IP sets' CONFIG_IP_NF_SET_HASHSIZE 1024 + dep_tristate ' set match support' CONFIG_IP_NF_MATCH_SET $CONFIG_IP_NF_SET + dep_tristate ' SET target support' CONFIG_IP_NF_TARGET_SET $CONFIG_IP_NF_SET + dep_tristate ' ipmap set type support' CONFIG_IP_NF_SET_IPMAP $CONFIG_IP_NF_SET + dep_tristate ' macipmap set type support' CONFIG_IP_NF_SET_MACIPMAP $CONFIG_IP_NF_SET + dep_tristate ' portmap set type support' CONFIG_IP_NF_SET_PORTMAP $CONFIG_IP_NF_SET + dep_tristate ' iphash set type support' CONFIG_IP_NF_SET_IPHASH $CONFIG_IP_NF_SET + dep_tristate ' nethash set type support' CONFIG_IP_NF_SET_NETHASH $CONFIG_IP_NF_SET + dep_tristate ' ipporthash set type support' CONFIG_IP_NF_SET_IPPORTHASH $CONFIG_IP_NF_SET + dep_tristate ' iptree set type support' CONFIG_IP_NF_SET_IPTREE $CONFIG_IP_NF_SET + dep_tristate ' iptreemap set type support' CONFIG_IP_NF_SET_IPTREEMAP $CONFIG_IP_NF_SET + fi diff --git a/kernel/Makefile.export.ipset b/kernel/Makefile.export.ipset new file mode 100644 index 0000000..1a971df --- /dev/null +++ b/kernel/Makefile.export.ipset @@ -0,0 +1,3 @@ +ifdef CONFIG_IP_NF_SET + export-objs += ip_set.o +endif diff --git a/kernel/include/linux/netfilter_ipv4/ip_set.h b/kernel/include/linux/netfilter_ipv4/ip_set.h index 92a746e..b8c7202 100644 --- a/kernel/include/linux/netfilter_ipv4/ip_set.h +++ b/kernel/include/linux/netfilter_ipv4/ip_set.h @@ -297,6 +297,7 @@ static inline int bitmap_bytes(ip_set_ip_t a, ip_set_ip_t b) } #ifdef __KERNEL__ +#include #define ip_set_printk(format, args...) \ do { \ diff --git a/kernel/include/linux/netfilter_ipv4/ip_set_compat.h b/kernel/include/linux/netfilter_ipv4/ip_set_compat.h new file mode 100644 index 0000000..8803d4f --- /dev/null +++ b/kernel/include/linux/netfilter_ipv4/ip_set_compat.h @@ -0,0 +1,70 @@ +#ifndef _IP_SET_COMPAT_H +#define _IP_SET_COMPAT_H + +#ifdef __KERNEL__ +#include + +/* Arrgh */ +#ifdef MODULE +#define __MOD_INC(foo) __MOD_INC_USE_COUNT(foo) +#define __MOD_DEC(foo) __MOD_DEC_USE_COUNT(foo) +#else +#define __MOD_INC(foo) +#define __MOD_DEC(foo) +#endif + +/* Backward compatibility */ +#ifndef __nocast +#define __nocast +#endif +#ifndef __bitwise__ +#define __bitwise__ +#endif + +/* Compatibility glue code */ +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) +#include +#define DEFINE_RWLOCK(x) rwlock_t x = RW_LOCK_UNLOCKED +#define try_module_get(x) (__MOD_INC(x), 1) +#define module_put(x) __MOD_DEC(x) +#define __clear_bit(nr, addr) clear_bit(nr, addr) +#define __set_bit(nr, addr) set_bit(nr, addr) +#define __test_and_set_bit(nr, addr) test_and_set_bit(nr, addr) +#define __test_and_clear_bit(nr, addr) test_and_clear_bit(nr, addr) + +typedef unsigned __bitwise__ gfp_t; + +static inline void *kzalloc(size_t size, gfp_t flags) +{ + void *data = kmalloc(size, flags); + + if (data) + memset(data, 0, size); + + return data; +} +#endif + +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,20) +#define __KMEM_CACHE_T__ kmem_cache_t +#else +#define __KMEM_CACHE_T__ struct kmem_cache +#endif + +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,22) +#define ip_hdr(skb) ((skb)->nh.iph) +#define skb_mac_header(skb) ((skb)->mac.raw) +#define eth_hdr(skb) ((struct ethhdr *)skb_mac_header(skb)) +#endif + +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,23) +#define KMEM_CACHE_CREATE(name, size) \ + kmem_cache_create(name, size, 0, 0, NULL, NULL) +#else +#define KMEM_CACHE_CREATE(name, size) \ + kmem_cache_create(name, size, 0, 0, NULL) +#endif + + +#endif /* __KERNEL__ */ +#endif /* _IP_SET_COMPAT_H */ diff --git a/kernel/include/linux/netfilter_ipv4/ip_set_ipmap.h b/kernel/include/linux/netfilter_ipv4/ip_set_ipmap.h index 2435102..e3390be 100644 --- a/kernel/include/linux/netfilter_ipv4/ip_set_ipmap.h +++ b/kernel/include/linux/netfilter_ipv4/ip_set_ipmap.h @@ -25,7 +25,7 @@ struct ip_set_req_ipmap { ip_set_ip_t ip; }; -unsigned int +static unsigned int mask_to_bits(ip_set_ip_t mask) { unsigned int bits = 32; @@ -41,7 +41,7 @@ mask_to_bits(ip_set_ip_t mask) return bits; } -ip_set_ip_t +static ip_set_ip_t range_to_mask(ip_set_ip_t from, ip_set_ip_t to, unsigned int *bits) { ip_set_ip_t mask = 0xFFFFFFFE; diff --git a/kernel/include/linux/netfilter_ipv4/ip_set_malloc.h b/kernel/include/linux/netfilter_ipv4/ip_set_malloc.h index 30701f4..d22bed7 100644 --- a/kernel/include/linux/netfilter_ipv4/ip_set_malloc.h +++ b/kernel/include/linux/netfilter_ipv4/ip_set_malloc.h @@ -5,10 +5,17 @@ static size_t max_malloc_size = 0, max_page_size = 0; -static inline bool init_max_page_size(void) +static inline int init_max_page_size(void) { +/* Compatibility glues to support 2.4.36 */ +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) +#define __GFP_NOWARN 0 + + /* Guaranteed: slab.c */ + max_malloc_size = max_page_size = 131072; +#else size_t page_size = 0; - + #define CACHE(x) if (max_page_size == 0 || x < max_page_size) \ page_size = x; #include @@ -21,6 +28,7 @@ static inline bool init_max_page_size(void) return 1; } +#endif return 0; } diff --git a/kernel/ip_set.c b/kernel/ip_set.c index 52741b1..8badef4 100644 --- a/kernel/ip_set.c +++ b/kernel/ip_set.c @@ -133,7 +133,7 @@ ip_set_hash_del(ip_set_id_t id, ip_set_ip_t ip) if (set_hash != NULL) __set_hash_del(set_hash); - write_unlock_bh(&ip_set_lock); + write_unlock_bh(&ip_set_lock); return 0; } diff --git a/kernel/ip_set_iphash.c b/kernel/ip_set_iphash.c index f91f88f..2ac6066 100644 --- a/kernel/ip_set_iphash.c +++ b/kernel/ip_set_iphash.c @@ -8,6 +8,7 @@ /* Kernel module implementing an ip hash set */ #include +#include #include #include #include @@ -88,13 +89,8 @@ testip_kernel(struct ip_set *set, { return __testip(set, ntohl(flags[index] & IPSET_SRC -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22) ? ip_hdr(skb)->saddr : ip_hdr(skb)->daddr), -#else - ? skb->nh.iph->saddr - : skb->nh.iph->daddr), -#endif hash_ip); } @@ -149,13 +145,8 @@ addip_kernel(struct ip_set *set, { return __addip((struct ip_set_iphash *) set->data, ntohl(flags[index] & IPSET_SRC -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22) ? ip_hdr(skb)->saddr : ip_hdr(skb)->daddr), -#else - ? skb->nh.iph->saddr - : skb->nh.iph->daddr), -#endif hash_ip); } @@ -276,13 +267,8 @@ delip_kernel(struct ip_set *set, { return __delip(set, ntohl(flags[index] & IPSET_SRC -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22) ? ip_hdr(skb)->saddr : ip_hdr(skb)->daddr), -#else - ? skb->nh.iph->saddr - : skb->nh.iph->daddr), -#endif hash_ip); } diff --git a/kernel/ip_set_ipmap.c b/kernel/ip_set_ipmap.c index 948c202..aeead3b 100644 --- a/kernel/ip_set_ipmap.c +++ b/kernel/ip_set_ipmap.c @@ -66,13 +66,8 @@ testip_kernel(struct ip_set *set, { int res = __testip(set, ntohl(flags[index] & IPSET_SRC -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22) ? ip_hdr(skb)->saddr : ip_hdr(skb)->daddr), -#else - ? skb->nh.iph->saddr - : skb->nh.iph->daddr), -#endif hash_ip); return (res < 0 ? 0 : res); } @@ -118,13 +113,8 @@ addip_kernel(struct ip_set *set, { return __addip(set, ntohl(flags[index] & IPSET_SRC -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22) ? ip_hdr(skb)->saddr : ip_hdr(skb)->daddr), -#else - ? skb->nh.iph->saddr - : skb->nh.iph->daddr), -#endif hash_ip); } @@ -168,13 +158,8 @@ delip_kernel(struct ip_set *set, { return __delip(set, ntohl(flags[index] & IPSET_SRC -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22) ? ip_hdr(skb)->saddr : ip_hdr(skb)->daddr), -#else - ? skb->nh.iph->saddr - : skb->nh.iph->daddr), -#endif hash_ip); } diff --git a/kernel/ip_set_ipporthash.c b/kernel/ip_set_ipporthash.c index adb6c7b..4e656cd 100644 --- a/kernel/ip_set_ipporthash.c +++ b/kernel/ip_set_ipporthash.c @@ -8,6 +8,7 @@ /* Kernel module implementing an ip+port hash set */ #include +#include #include #include #include @@ -34,11 +35,7 @@ static int limit = MAX_RANGE; static inline ip_set_ip_t get_port(const struct sk_buff *skb, u_int32_t flags) { -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22) struct iphdr *iph = ip_hdr(skb); -#else - struct iphdr *iph = skb->nh.iph; -#endif u_int16_t offset = ntohs(iph->frag_off) & IP_OFFSET; switch (iph->protocol) { @@ -49,11 +46,7 @@ get_port(const struct sk_buff *skb, u_int32_t flags) if (offset) return INVALID_PORT; -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22) if (skb_copy_bits(skb, ip_hdr(skb)->ihl*4, &tcph, sizeof(tcph)) < 0) -#else - if (skb_copy_bits(skb, skb->nh.iph->ihl*4, &tcph, sizeof(tcph)) < 0) -#endif /* No choice either */ return INVALID_PORT; @@ -66,11 +59,7 @@ get_port(const struct sk_buff *skb, u_int32_t flags) if (offset) return INVALID_PORT; -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22) if (skb_copy_bits(skb, ip_hdr(skb)->ihl*4, &udph, sizeof(udph)) < 0) -#else - if (skb_copy_bits(skb, skb->nh.iph->ihl*4, &udph, sizeof(udph)) < 0) -#endif /* No choice either */ return INVALID_PORT; @@ -159,13 +148,8 @@ testip_kernel(struct ip_set *set, DP("flag: %s src: %u.%u.%u.%u dst: %u.%u.%u.%u", flags[index] & IPSET_SRC ? "SRC" : "DST", -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22) NIPQUAD(ip_hdr(skb)->saddr), NIPQUAD(ip_hdr(skb)->daddr)); -#else - NIPQUAD(skb->nh.iph->saddr), - NIPQUAD(skb->nh.iph->daddr)); -#endif DP("flag %s port %u", flags[index+1] & IPSET_SRC ? "SRC" : "DST", port); @@ -174,13 +158,8 @@ testip_kernel(struct ip_set *set, res = __testip(set, ntohl(flags[index] & IPSET_SRC -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22) ? ip_hdr(skb)->saddr : ip_hdr(skb)->daddr), -#else - ? skb->nh.iph->saddr - : skb->nh.iph->daddr), -#endif port, hash_ip); return (res < 0 ? 0 : res); @@ -254,13 +233,8 @@ addip_kernel(struct ip_set *set, DP("flag: %s src: %u.%u.%u.%u dst: %u.%u.%u.%u", flags[index] & IPSET_SRC ? "SRC" : "DST", -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22) NIPQUAD(ip_hdr(skb)->saddr), NIPQUAD(ip_hdr(skb)->daddr)); -#else - NIPQUAD(skb->nh.iph->saddr), - NIPQUAD(skb->nh.iph->daddr)); -#endif DP("flag %s port %u", flags[index+1] & IPSET_SRC ? "SRC" : "DST", port); @@ -269,13 +243,8 @@ addip_kernel(struct ip_set *set, return __addip(set->data, ntohl(flags[index] & IPSET_SRC -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22) ? ip_hdr(skb)->saddr : ip_hdr(skb)->daddr), -#else - ? skb->nh.iph->saddr - : skb->nh.iph->daddr), -#endif port, hash_ip); } @@ -408,13 +377,8 @@ delip_kernel(struct ip_set *set, DP("flag: %s src: %u.%u.%u.%u dst: %u.%u.%u.%u", flags[index] & IPSET_SRC ? "SRC" : "DST", -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22) NIPQUAD(ip_hdr(skb)->saddr), NIPQUAD(ip_hdr(skb)->daddr)); -#else - NIPQUAD(skb->nh.iph->saddr), - NIPQUAD(skb->nh.iph->daddr)); -#endif DP("flag %s port %u", flags[index+1] & IPSET_SRC ? "SRC" : "DST", port); @@ -423,13 +387,8 @@ delip_kernel(struct ip_set *set, return __delip(set, ntohl(flags[index] & IPSET_SRC -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22) ? ip_hdr(skb)->saddr : ip_hdr(skb)->daddr), -#else - ? skb->nh.iph->saddr - : skb->nh.iph->daddr), -#endif port, hash_ip); } diff --git a/kernel/ip_set_iptree.c b/kernel/ip_set_iptree.c index 1a5c32a..2e0a406 100644 --- a/kernel/ip_set_iptree.c +++ b/kernel/ip_set_iptree.c @@ -9,6 +9,7 @@ #include #include +#include #include #include #include @@ -20,11 +21,6 @@ #include #include -/* Backward compatibility */ -#ifndef __nocast -#define __nocast -#endif - #include static int limit = MAX_RANGE; @@ -35,13 +31,9 @@ static int limit = MAX_RANGE; * to delete the gc timer at destroying/flushing a set */ #define IPTREE_DESTROY_SLEEP 100 -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,21) -static struct kmem_cache *branch_cachep; -static struct kmem_cache *leaf_cachep; -#else -static kmem_cache_t *branch_cachep; -static kmem_cache_t *leaf_cachep; -#endif +static __KMEM_CACHE_T__ *branch_cachep; +static __KMEM_CACHE_T__ *leaf_cachep; + #if defined(__LITTLE_ENDIAN) #define ABCD(a,b,c,d,addrp) do { \ @@ -118,23 +110,13 @@ testip_kernel(struct ip_set *set, DP("flag: %s src: %u.%u.%u.%u dst: %u.%u.%u.%u", flags[index] & IPSET_SRC ? "SRC" : "DST", -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22) NIPQUAD(ip_hdr(skb)->saddr), NIPQUAD(ip_hdr(skb)->daddr)); -#else - NIPQUAD(skb->nh.iph->saddr), - NIPQUAD(skb->nh.iph->daddr)); -#endif res = __testip(set, ntohl(flags[index] & IPSET_SRC -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22) ? ip_hdr(skb)->saddr : ip_hdr(skb)->daddr), -#else - ? skb->nh.iph->saddr - : skb->nh.iph->daddr), -#endif hash_ip); return (res < 0 ? 0 : res); } @@ -219,13 +201,8 @@ addip_kernel(struct ip_set *set, return __addip(set, ntohl(flags[index] & IPSET_SRC -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22) ? ip_hdr(skb)->saddr : ip_hdr(skb)->daddr), -#else - ? skb->nh.iph->saddr - : skb->nh.iph->daddr), -#endif map->timeout, hash_ip); } @@ -287,13 +264,8 @@ delip_kernel(struct ip_set *set, { return __delip(set, ntohl(flags[index] & IPSET_SRC -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22) ? ip_hdr(skb)->saddr : ip_hdr(skb)->daddr), -#else - ? skb->nh.iph->saddr - : skb->nh.iph->daddr), -#endif hash_ip); } @@ -556,29 +528,15 @@ static int __init ip_set_iptree_init(void) { int ret; -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23) - branch_cachep = kmem_cache_create("ip_set_iptreeb", - sizeof(struct ip_set_iptreeb), - 0, 0, NULL); -#else - branch_cachep = kmem_cache_create("ip_set_iptreeb", - sizeof(struct ip_set_iptreeb), - 0, 0, NULL, NULL); -#endif + branch_cachep = KMEM_CACHE_CREATE("ip_set_iptreeb", + sizeof(struct ip_set_iptreeb)); if (!branch_cachep) { printk(KERN_ERR "Unable to create ip_set_iptreeb slab cache\n"); ret = -ENOMEM; goto out; } -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23) - leaf_cachep = kmem_cache_create("ip_set_iptreed", - sizeof(struct ip_set_iptreed), - 0, 0, NULL); -#else - leaf_cachep = kmem_cache_create("ip_set_iptreed", - sizeof(struct ip_set_iptreed), - 0, 0, NULL, NULL); -#endif + leaf_cachep = KMEM_CACHE_CREATE("ip_set_iptreed", + sizeof(struct ip_set_iptreed)); if (!leaf_cachep) { printk(KERN_ERR "Unable to create ip_set_iptreed slab cache\n"); ret = -ENOMEM; diff --git a/kernel/ip_set_iptreemap.c b/kernel/ip_set_iptreemap.c index 62fcf7b..dedf8a4 100644 --- a/kernel/ip_set_iptreemap.c +++ b/kernel/ip_set_iptreemap.c @@ -30,15 +30,9 @@ #define IPTREEMAP_DEFAULT_GC_TIME (5 * 60) #define IPTREEMAP_DESTROY_SLEEP (100) -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,21) -static struct kmem_cache *cachep_b; -static struct kmem_cache *cachep_c; -static struct kmem_cache *cachep_d; -#else -static kmem_cache_t *cachep_b; -static kmem_cache_t *cachep_c; -static kmem_cache_t *cachep_d; -#endif +static __KMEM_CACHE_T__ *cachep_b; +static __KMEM_CACHE_T__ *cachep_c; +static __KMEM_CACHE_T__ *cachep_d; static struct ip_set_iptreemap_d *fullbitmap_d; static struct ip_set_iptreemap_c *fullbitmap_c; @@ -295,13 +289,8 @@ testip_kernel(struct ip_set *set, const struct sk_buff *skb, ip_set_ip_t *hash_i res = __testip(set, ntohl(flags[index] & IPSET_SRC -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22) ? ip_hdr(skb)->saddr : ip_hdr(skb)->daddr), -#else - ? skb->nh.iph->saddr - : skb->nh.iph->daddr), -#endif hash_ip); return (res < 0 ? 0 : res); @@ -384,13 +373,8 @@ addip_kernel(struct ip_set *set, const struct sk_buff *skb, ip_set_ip_t *hash_ip return __addip_single(set, ntohl(flags[index] & IPSET_SRC -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22) ? ip_hdr(skb)->saddr : ip_hdr(skb)->daddr), -#else - ? skb->nh.iph->saddr - : skb->nh.iph->daddr), -#endif hash_ip); } @@ -470,13 +454,8 @@ delip_kernel(struct ip_set *set, const struct sk_buff *skb, ip_set_ip_t *hash_ip { return __delip_single(set, ntohl(flags[index] & IPSET_SRC -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22) ? ip_hdr(skb)->saddr : ip_hdr(skb)->daddr), -#else - ? skb->nh.iph->saddr - : skb->nh.iph->daddr), -#endif hash_ip, GFP_ATOMIC); } @@ -725,43 +704,22 @@ static int __init ip_set_iptreemap_init(void) int ret = -ENOMEM; int a; -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23) - cachep_b = kmem_cache_create("ip_set_iptreemap_b", - sizeof(struct ip_set_iptreemap_b), - 0, 0, NULL); -#else - cachep_b = kmem_cache_create("ip_set_iptreemap_b", - sizeof(struct ip_set_iptreemap_b), - 0, 0, NULL, NULL); -#endif + cachep_b = KMEM_CACHE_CREATE("ip_set_iptreemap_b", + sizeof(struct ip_set_iptreemap_b)); if (!cachep_b) { ip_set_printk("Unable to create ip_set_iptreemap_b slab cache"); goto out; } -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23) - cachep_c = kmem_cache_create("ip_set_iptreemap_c", - sizeof(struct ip_set_iptreemap_c), - 0, 0, NULL); -#else - cachep_c = kmem_cache_create("ip_set_iptreemap_c", - sizeof(struct ip_set_iptreemap_c), - 0, 0, NULL, NULL); -#endif + cachep_c = KMEM_CACHE_CREATE("ip_set_iptreemap_c", + sizeof(struct ip_set_iptreemap_c)); if (!cachep_c) { ip_set_printk("Unable to create ip_set_iptreemap_c slab cache"); goto outb; } -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23) - cachep_d = kmem_cache_create("ip_set_iptreemap_d", - sizeof(struct ip_set_iptreemap_d), - 0, 0, NULL); -#else - cachep_d = kmem_cache_create("ip_set_iptreemap_d", - sizeof(struct ip_set_iptreemap_d), - 0, 0, NULL, NULL); -#endif + cachep_d = KMEM_CACHE_CREATE("ip_set_iptreemap_d", + sizeof(struct ip_set_iptreemap_d)); if (!cachep_d) { ip_set_printk("Unable to create ip_set_iptreemap_d slab cache"); goto outc; diff --git a/kernel/ip_set_macipmap.c b/kernel/ip_set_macipmap.c index e29c99d..33e2808 100644 --- a/kernel/ip_set_macipmap.c +++ b/kernel/ip_set_macipmap.c @@ -68,13 +68,8 @@ testip_kernel(struct ip_set *set, ip_set_ip_t ip; ip = ntohl(flags[index] & IPSET_SRC -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22) ? ip_hdr(skb)->saddr : ip_hdr(skb)->daddr); -#else - ? skb->nh.iph->saddr - : skb->nh.iph->daddr); -#endif if (ip < map->first_ip || ip > map->last_ip) return 0; @@ -86,13 +81,8 @@ testip_kernel(struct ip_set *set, (void *) &table[ip - map->first_ip].flags)) { /* Is mac pointer valid? * If so, compare... */ -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22) return (skb_mac_header(skb) >= skb->head && (skb_mac_header(skb) + ETH_HLEN) <= skb->data -#else - return (skb->mac.raw >= skb->head - && (skb->mac.raw + ETH_HLEN) <= skb->data -#endif && (memcmp(eth_hdr(skb)->h_source, &table[ip - map->first_ip].ethernet, ETH_ALEN) == 0)); @@ -146,21 +136,11 @@ addip_kernel(struct ip_set *set, ip_set_ip_t ip; ip = ntohl(flags[index] & IPSET_SRC -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22) ? ip_hdr(skb)->saddr : ip_hdr(skb)->daddr); -#else - ? skb->nh.iph->saddr - : skb->nh.iph->daddr); -#endif -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22) if (!(skb_mac_header(skb) >= skb->head && (skb_mac_header(skb) + ETH_HLEN) <= skb->data)) -#else - if (!(skb->mac.raw >= skb->head - && (skb->mac.raw + ETH_HLEN) <= skb->data)) -#endif return -EINVAL; return __addip(set, ip, eth_hdr(skb)->h_source, hash_ip); @@ -207,13 +187,8 @@ delip_kernel(struct ip_set *set, { return __delip(set, ntohl(flags[index] & IPSET_SRC -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22) ? ip_hdr(skb)->saddr : ip_hdr(skb)->daddr), -#else - ? skb->nh.iph->saddr - : skb->nh.iph->daddr), -#endif hash_ip); } diff --git a/kernel/ip_set_nethash.c b/kernel/ip_set_nethash.c index bb866b5..ecdf369 100644 --- a/kernel/ip_set_nethash.c +++ b/kernel/ip_set_nethash.c @@ -8,6 +8,7 @@ /* Kernel module implementing a cidr nethash set */ #include +#include #include #include #include @@ -111,13 +112,8 @@ testip_kernel(struct ip_set *set, { return __testip(set, ntohl(flags[index] & IPSET_SRC -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22) ? ip_hdr(skb)->saddr : ip_hdr(skb)->daddr), -#else - ? skb->nh.iph->saddr - : skb->nh.iph->daddr), -#endif hash_ip); } @@ -206,13 +202,8 @@ addip_kernel(struct ip_set *set, struct ip_set_nethash *map = set->data; int ret = -ERANGE; ip_set_ip_t ip = ntohl(flags[index] & IPSET_SRC -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22) ? ip_hdr(skb)->saddr : ip_hdr(skb)->daddr); -#else - ? skb->nh.iph->saddr - : skb->nh.iph->daddr); -#endif if (map->cidr[0]) ret = __addip(map, ip, map->cidr[0], hash_ip); @@ -338,13 +329,8 @@ delip_kernel(struct ip_set *set, struct ip_set_nethash *map = set->data; int ret = -ERANGE; ip_set_ip_t ip = ntohl(flags[index] & IPSET_SRC -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22) ? ip_hdr(skb)->saddr : ip_hdr(skb)->daddr); -#else - ? skb->nh.iph->saddr - : skb->nh.iph->daddr); -#endif if (map->cidr[0]) ret = __delip(map, ip, map->cidr[0], hash_ip); diff --git a/kernel/ip_set_portmap.c b/kernel/ip_set_portmap.c index 3e158be..aeaabcd 100644 --- a/kernel/ip_set_portmap.c +++ b/kernel/ip_set_portmap.c @@ -28,11 +28,7 @@ static inline ip_set_ip_t get_port(const struct sk_buff *skb, u_int32_t flags) { -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22) struct iphdr *iph = ip_hdr(skb); -#else - struct iphdr *iph = skb->nh.iph; -#endif u_int16_t offset = ntohs(iph->frag_off) & IP_OFFSET; switch (iph->protocol) { case IPPROTO_TCP: { @@ -42,11 +38,7 @@ get_port(const struct sk_buff *skb, u_int32_t flags) if (offset) return INVALID_PORT; -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22) if (skb_copy_bits(skb, ip_hdr(skb)->ihl*4, &tcph, sizeof(tcph)) < 0) -#else - if (skb_copy_bits(skb, skb->nh.iph->ihl*4, &tcph, sizeof(tcph)) < 0) -#endif /* No choice either */ return INVALID_PORT; @@ -59,11 +51,7 @@ get_port(const struct sk_buff *skb, u_int32_t flags) if (offset) return INVALID_PORT; -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22) if (skb_copy_bits(skb, ip_hdr(skb)->ihl*4, &udph, sizeof(udph)) < 0) -#else - if (skb_copy_bits(skb, skb->nh.iph->ihl*4, &udph, sizeof(udph)) < 0) -#endif /* No choice either */ return INVALID_PORT; diff --git a/kernel/ipt_SET.c b/kernel/ipt_SET.c index 63ada14..f6afafd 100644 --- a/kernel/ipt_SET.c +++ b/kernel/ipt_SET.c @@ -22,25 +22,53 @@ #include #include #include +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,16) #include +#define xt_register_target ipt_register_target +#define xt_unregister_target ipt_unregister_target +#define xt_target ipt_target +#define XT_CONTINUE IPT_CONTINUE +#else +#include +#endif #include static unsigned int -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,24) -target(struct sk_buff *skb, -#else +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) +target(struct sk_buff **pskb, + unsigned int hooknum, + const struct net_device *in, + const struct net_device *out, + const void *targinfo, + void *userinfo) +#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17) +target(struct sk_buff **pskb, + const struct net_device *in, + const struct net_device *out, + unsigned int hooknum, + const void *targinfo, + void *userinfo) +#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19) target(struct sk_buff **pskb, -#endif const struct net_device *in, const struct net_device *out, unsigned int hooknum, -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17) const struct xt_target *target, -#endif -#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19) const void *targinfo, void *userinfo) -#else +#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,24) +target(struct sk_buff **pskb, + const struct net_device *in, + const struct net_device *out, + unsigned int hooknum, + const struct xt_target *target, + const void *targinfo) +#else /* LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,24) */ +target(struct sk_buff *skb, + const struct net_device *in, + const struct net_device *out, + unsigned int hooknum, + const struct xt_target *target, const void *targinfo) #endif { @@ -59,33 +87,51 @@ target(struct sk_buff **pskb, skb, info->del_set.flags); - return IPT_CONTINUE; + return XT_CONTINUE; } -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23) -static bool -#else +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,16) static int -#endif checkentry(const char *tablename, -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,16) - const void *e, -#else const struct ipt_entry *e, -#endif -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17) + void *targinfo, + unsigned int targinfosize, + unsigned int hook_mask) +#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17) +static int +checkentry(const char *tablename, + const void *e, + void *targinfo, + unsigned int targinfosize, + unsigned int hook_mask) +#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19) +static int +checkentry(const char *tablename, + const void *e, const struct xt_target *target, -#endif void *targinfo, -#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19) unsigned int targinfosize, -#endif unsigned int hook_mask) +#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,23) +static int +checkentry(const char *tablename, + const void *e, + const struct xt_target *target, + void *targinfo, + unsigned int hook_mask) +#else /* LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23) */ +static bool +checkentry(const char *tablename, + const void *e, + const struct xt_target *target, + void *targinfo, + unsigned int hook_mask) +#endif { struct ipt_set_info_target *info = targinfo; ip_set_id_t index; -#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19) +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17) if (targinfosize != IPT_ALIGN(sizeof(*info))) { DP("bad target info size %u", targinfosize); return 0; @@ -118,19 +164,21 @@ checkentry(const char *tablename, return 1; } -static void destroy( -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17) - const struct xt_target *target, -#endif -#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19) - void *targetinfo, unsigned int targetsize) -#else +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17) +static void destroy(void *targetinfo, + unsigned int targetsize) +#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19) +static void destroy(const struct xt_target *target, + void *targetinfo, + unsigned int targetsize) +#else /* LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19) */ +static void destroy(const struct xt_target *target, void *targetinfo) #endif { struct ipt_set_info_target *info = targetinfo; -#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19) +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17) if (targetsize != IPT_ALIGN(sizeof(struct ipt_set_info_target))) { ip_set_printk("invalid targetsize %d", targetsize); return; @@ -142,37 +190,38 @@ static void destroy( ip_set_put(info->del_set.index); } -static struct ipt_target SET_target = { +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17) +static struct xt_target SET_target = { + .name = "SET", + .target = target, + .checkentry = checkentry, + .destroy = destroy, + .me = THIS_MODULE +}; +#else /* LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17) */ +static struct xt_target SET_target = { .name = "SET", -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,21) .family = AF_INET, -#endif .target = target, -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17) .targetsize = sizeof(struct ipt_set_info_target), -#endif .checkentry = checkentry, .destroy = destroy, .me = THIS_MODULE }; +#endif MODULE_LICENSE("GPL"); MODULE_AUTHOR("Jozsef Kadlecsik "); MODULE_DESCRIPTION("iptables IP set target module"); -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,21) -#define ipt_register_target xt_register_target -#define ipt_unregister_target xt_unregister_target -#endif - static int __init ipt_SET_init(void) { - return ipt_register_target(&SET_target); + return xt_register_target(&SET_target); } static void __exit ipt_SET_fini(void) { - ipt_unregister_target(&SET_target); + xt_unregister_target(&SET_target); } module_init(ipt_SET_init); diff --git a/kernel/ipt_set.c b/kernel/ipt_set.c index eb064fe..b08b3bb 100644 --- a/kernel/ipt_set.c +++ b/kernel/ipt_set.c @@ -15,7 +15,14 @@ #include #include +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,16) #include +#define xt_register_match ipt_register_match +#define xt_unregister_match ipt_unregister_match +#define xt_match ipt_match +#else +#include +#endif #include #include @@ -29,24 +36,53 @@ match_set(const struct ipt_set_info *info, return inv; } -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23) -static bool -#else +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) +static int +match(const struct sk_buff *skb, + const struct net_device *in, + const struct net_device *out, + const void *matchinfo, + int offset, + const void *hdr, + u_int16_t datalen, + int *hotdrop) +#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,16) +static int +match(const struct sk_buff *skb, + const struct net_device *in, + const struct net_device *out, + const void *matchinfo, + int offset, + int *hotdrop) +#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17) +static int +match(const struct sk_buff *skb, + const struct net_device *in, + const struct net_device *out, + const void *matchinfo, + int offset, + unsigned int protoff, + int *hotdrop) +#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,23) static int -#endif match(const struct sk_buff *skb, const struct net_device *in, const struct net_device *out, -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17) const struct xt_match *match, -#endif const void *matchinfo, -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23) - int offset, unsigned int protoff, bool *hotdrop) -#elif LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,16) - int offset, unsigned int protoff, int *hotdrop) -#else - int offset, int *hotdrop) + int offset, + unsigned int protoff, + int *hotdrop) +#else /* LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23) */ +static bool +match(const struct sk_buff *skb, + const struct net_device *in, + const struct net_device *out, + const struct xt_match *match, + const void *matchinfo, + int offset, + unsigned int protoff, + bool *hotdrop) #endif { const struct ipt_set_info_match *info = matchinfo; @@ -56,30 +92,48 @@ match(const struct sk_buff *skb, info->match_set.flags[0] & IPSET_MATCH_INV); } -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23) -static bool -#else +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,16) static int -#endif checkentry(const char *tablename, -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,16) - const void *inf, -#else const struct ipt_ip *ip, -#endif -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17) + void *matchinfo, + unsigned int matchsize, + unsigned int hook_mask) +#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17) +static int +checkentry(const char *tablename, + const void *inf, + void *matchinfo, + unsigned int matchsize, + unsigned int hook_mask) +#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19) +static int +checkentry(const char *tablename, + const void *inf, const struct xt_match *match, -#endif void *matchinfo, -#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19) unsigned int matchsize, -#endif unsigned int hook_mask) +#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,23) +static int +checkentry(const char *tablename, + const void *inf, + const struct xt_match *match, + void *matchinfo, + unsigned int hook_mask) +#else /* LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23) */ +static bool +checkentry(const char *tablename, + const void *inf, + const struct xt_match *match, + void *matchinfo, + unsigned int hook_mask) +#endif { struct ipt_set_info_match *info = matchinfo; ip_set_id_t index; -#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19) +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17) if (matchsize != IPT_ALIGN(sizeof(struct ipt_set_info_match))) { ip_set_printk("invalid matchsize %d", matchsize); return 0; @@ -101,19 +155,21 @@ checkentry(const char *tablename, return 1; } -static void destroy( -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17) - const struct xt_match *match, -#endif -#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19) - void *matchinfo, unsigned int matchsize) -#else +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17) +static void destroy(void *matchinfo, + unsigned int matchsize) +#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19) +static void destroy(const struct xt_match *match, + void *matchinfo, + unsigned int matchsize) +#else /* LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19) */ +static void destroy(const struct xt_match *match, void *matchinfo) #endif { struct ipt_set_info_match *info = matchinfo; -#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19) +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17) if (matchsize != IPT_ALIGN(sizeof(struct ipt_set_info_match))) { ip_set_printk("invalid matchsize %d", matchsize); return; @@ -122,37 +178,38 @@ static void destroy( ip_set_put(info->match_set.index); } -static struct ipt_match set_match = { +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17) +static struct xt_match set_match = { + .name = "set", + .match = &match, + .checkentry = &checkentry, + .destroy = &destroy, + .me = THIS_MODULE +}; +#else /* LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17) */ +static struct xt_match set_match = { .name = "set", -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,21) .family = AF_INET, -#endif .match = &match, -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17) .matchsize = sizeof(struct ipt_set_info_match), -#endif .checkentry = &checkentry, .destroy = &destroy, .me = THIS_MODULE }; +#endif MODULE_LICENSE("GPL"); MODULE_AUTHOR("Jozsef Kadlecsik "); MODULE_DESCRIPTION("iptables IP set match module"); -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,21) -#define ipt_register_match xt_register_match -#define ipt_unregister_match xt_unregister_match -#endif - static int __init ipt_ipset_init(void) { - return ipt_register_match(&set_match); + return xt_register_match(&set_match); } static void __exit ipt_ipset_fini(void) { - ipt_unregister_match(&set_match); + xt_unregister_match(&set_match); } module_init(ipt_ipset_init); diff --git a/kernel/patch_kernel b/kernel/patch_kernel index f5b800b..a3f96f0 100755 --- a/kernel/patch_kernel +++ b/kernel/patch_kernel @@ -13,6 +13,17 @@ kconfig() { echo "endmenu" >> $file } +config() { + file=$1/net/ipv4/netfilter/Config.in + if [ "`grep 'CONFIG_IP_NF_SET' $file`" ]; then + return + fi + mv $file $file.orig + grep -v endmenu $file.orig > $file + cat Config.in.ipset >> $file + echo "endmenu" >> $file +} + makefile() { file=$1/net/ipv4/netfilter/Makefile if [ "`grep CONFIG_IP_NF_SET $file`" ]; then @@ -22,6 +33,20 @@ makefile() { cat Makefile.ipset >> $file } +oldmakefile() { + file=$1/net/ipv4/netfilter/Makefile + if [ "`grep CONFIG_IP_NF_SET $file`" ]; then + return + fi + lineno=`grep -n Rules.make $file | cut -f1 -d:` + lineno=$((lineno-1)) + head -n $lineno $file > $file.head + lineno=$((lineno+1)) + tail +$lineno $file > $file.tail + cp $file $file.orig + cat $file.head Makefile.ipset Makefile.export.ipset $file.tail > $file +} + tree() { cp include/linux/netfilter_ipv4/* $1/include/linux/netfilter_ipv4/ cp *.c $1/net/ipv4/netfilter/ @@ -31,11 +56,15 @@ if [ -z "$1" ]; then echo "Error: missing kernel directory parameter." exit 1 fi -if [ ! -f $1/net/ipv4/netfilter/Kconfig ]; then - echo "Error: the directory $1 doesn't look like a Linux 2.6.x kernel source tree." +if [ -f $1/net/ipv4/netfilter/Kconfig ]; then + tree $1 + kconfig $1 + makefile $1 +elif [ -f $1/net/ipv4/netfilter/Config.in ]; then + tree $1 + config $1 + oldmakefile $1 +else + echo "Error: The directory $1 doesn't look like a Linux 2.4/2.6 kernel source tree." exit 1 fi - -tree $1 -kconfig $1 -makefile $1 diff --git a/tests/ipmap.t b/tests/ipmap.t index 81c4240..fea8389 100644 --- a/tests/ipmap.t +++ b/tests/ipmap.t @@ -80,6 +80,6 @@ 0 ipset -T test 255.255.255.255 # Full: Test value not added to the set 1 ipset -T test 0.1.0.0 -# Full: Delete test test +# Full: Delete test set 0 ipset -X test # eof diff --git a/tests/ipporthash.t b/tests/ipporthash.t index 5cbeee8..fc0a7d5 100644 --- a/tests/ipporthash.t +++ b/tests/ipporthash.t @@ -48,6 +48,6 @@ 1 ipset -A test 1.255.255.255:5 # Network: Try to add value after upper boundary 1 ipset -A test 2.1.0.0:128 -# Network: Delete test test +# Network: Delete test set 0 ipset -X test # eof diff --git a/tests/iptree.t b/tests/iptree.t index 33b021b..76cac54 100644 --- a/tests/iptree.t +++ b/tests/iptree.t @@ -38,6 +38,6 @@ 1 ipset -T test 2.0.0.2 # Timeout: Test value not added to the set 1 ipset -T test 192.168.68.70 -# Timeout: Delete test test +# Timeout: Delete test set 0 ipset -X test # eof diff --git a/tests/iptreemap.t b/tests/iptreemap.t index f0cb2c5..b8aeef2 100644 --- a/tests/iptreemap.t +++ b/tests/iptreemap.t @@ -40,6 +40,6 @@ 0 ipset -D test 192.168.68.70/30 # Test element from the middle 1 ipset -T test 192.168.68.71 -# Delete test test +# Delete test set 0 ipset -X test # eof diff --git a/tests/macipmap.t b/tests/macipmap.t index 72d9b4d..035160a 100644 --- a/tests/macipmap.t +++ b/tests/macipmap.t @@ -44,6 +44,6 @@ 1 ipset -A test 1.255.255.255 # Network: Try to add value after upper boundary 1 ipset -A test 2.1.0.0 -# Network: Delete test test +# Network: Delete test set 0 ipset -X test # eof diff --git a/tests/portmap.t b/tests/portmap.t index 53cf3ad..e616f15 100644 --- a/tests/portmap.t +++ b/tests/portmap.t @@ -32,6 +32,6 @@ 0 ipset -T test 65535 # Full: Test value not added to the set 1 ipset -T test 1 -# Full: Delete test test +# Full: Delete test set 0 ipset -X test # eof -- cgit v1.2.3