From 8dd10256cb24ceade8b40bd1604f03ddac8589e2 Mon Sep 17 00:00:00 2001 From: Jozsef Kadlecsik Date: Tue, 29 Jun 2010 21:14:40 +0200 Subject: ipset 5: Sparc related and compatibility fixes ipset 5 is tested on Sparc, which revealed some compatibility issues and those are fixed. Kernels from 2.6.31 onward are supported. The testsuite checkings are completed to run match/target checks. The README file is updated to reflect the requirements to install and run ipset 5. --- kernel/xt_set.c | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) (limited to 'kernel/xt_set.c') diff --git a/kernel/xt_set.c b/kernel/xt_set.c index 344d003..3ed8a6a 100644 --- a/kernel/xt_set.c +++ b/kernel/xt_set.c @@ -13,6 +13,7 @@ #include #include +#include #include #include @@ -37,6 +38,16 @@ match_set(ip_set_id_t index, const struct sk_buff *skb, /* Revision 0 interface: backward compatible with netfilter/iptables */ +/* Backward compatibility constrains: + * 2.6.24: [NETLINK]: Introduce nested and byteorder flag to netlink attribute + * 2.6.31: netfilter: passive OS fingerprint xtables match + */ + + +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,31) +#error "Linux kernel version too old: must be >= 2.6.31" +#endif + static bool set_match_v0(const struct sk_buff *skb, const struct xt_match_param *par) { @@ -93,7 +104,6 @@ set_match_v0_destroy(const struct xt_mtdtor_param *par) { struct xt_set_info_match *info = par->matchinfo; - ip_set_nfnl_put(info->match_set.index); } @@ -200,12 +210,9 @@ set_match_destroy(const struct xt_mtdtor_param *par) { struct xt_set_info_match *info = par->matchinfo; - ip_set_nfnl_put(info->match_set.index); } -/* Set target */ - static unsigned int set_target(struct sk_buff *skb, const struct xt_target_param *par) { -- cgit v1.2.3