.tmp_versions
Module.symvers
modules.order
+kernel/include/linux/netfilter/ipset/ip_set_compat.h
/aclocal.m4
/autom4te.cache/
fi
AC_PROG_GREP
+AC_PROG_AWK
if ! $GREP -q "NFNL_SUBSYS_IPSET" "$ksourcedir/include/linux/netfilter/nfnetlink.h" && \
! $GREP -q "NFNL_SUBSYS_IPSET" "$ksourcedir/include/uapi/linux/netfilter/nfnetlink.h";
dnl Checks for functions
AC_CHECK_FUNCS(gethostbyname2)
-dnl Checks for compiler characteristics.
+dnl Check kernel incompatibilities... Ugly like hell
+AC_MSG_CHECKING([kernel source for struct xt_action_param])
+if test -f $ksourcedir/include/linux/netfilter/x_tables.h && \
+ $GREP -q 'struct xt_action_param' $ksourcedir/include/linux/netfilter/x_tables.h; then
+ AC_MSG_RESULT(yes)
+ AC_SUBST(HAVE_STRUCT_XT_ACTION_PARAM, define)
+else
+ AC_MSG_RESULT(no)
+ AC_SUBST(HAVE_STRUCT_XT_ACTION_PARAM, undef)
+fi
+
+AC_MSG_CHECKING([kernel source for vzalloc])
+if test -f $ksourcedir/include/linux/vmalloc.h && \
+ $GREP -q 'vzalloc' $ksourcedir/include/linux/vmalloc.h; then
+ AC_MSG_RESULT(yes)
+ AC_SUBST(HAVE_VZALLOC, define)
+else
+ AC_MSG_RESULT(no)
+ AC_SUBST(HAVE_VZALLOC, undef)
+fi
+
+AC_MSG_CHECKING([kernel source for ether_addr_equal])
+if test -f $ksourcedir/include/linux/etherdevice.h && \
+ $GREP -q 'ether_addr_equal' $ksourcedir/include/linux/etherdevice.h; then
+ AC_MSG_RESULT(yes)
+ AC_SUBST(HAVE_ETHER_ADDR_EQUAL, define)
+else
+ AC_MSG_RESULT(no)
+ AC_SUBST(HAVE_ETHER_ADDR_EQUAL, undef)
+fi
+
+AC_MSG_CHECKING([kernel source for nla_put_be64])
+if test -f $ksourcedir/include/net/netlink.h && \
+ $GREP -q 'nla_put_be64' $ksourcedir/include/net/netlink.h; then
+ AC_MSG_RESULT(yes)
+ AC_SUBST(HAVE_NLA_PUT_BE64, define)
+else
+ AC_MSG_RESULT(no)
+ AC_SUBST(HAVE_NLA_PUT_BE64, undef)
+fi
+
+AC_MSG_CHECKING([kernel source for portid in nl_info])
+if test -f $ksourcedir/include/linux/netlink.h && \
+ $AWK '/^struct netlink_skb_parms/ {for(i=1; i<=5; i++) {getline; print}}' $ksourcedir/include/linux/netlink.h | $GREP -q 'portid;'; then
+ AC_MSG_RESULT(yes)
+ AC_SUBST(HAVE_NL_INFO_PORTID, define)
+else
+ AC_MSG_RESULT(no)
+ AC_SUBST(HAVE_NL_INFO_PORTID, undef)
+fi
+
+AC_MSG_CHECKING([kernel source for netlink_dump_start args])
+if test -f $ksourcedir/include/linux/netlink.h && \
+ $AWK '/netlink_dump_start/ {for(i=1; i<=4; i++) {getline; print}}' $ksourcedir/include/linux/netlink.h | $GREP -q 'done.*;'; then
+ AC_MSG_RESULT(5 args)
+ AC_SUBST(HAVE_NETLINK_DUMP_START_ARGS, 5)
+elif test -f $ksourcedir/include/linux/netlink.h && \
+ $AWK '/netlink_dump_start/ {for(i=1; i<=4; i++) {getline; print}}' $ksourcedir/include/linux/netlink.h | $GREP -q 'min_dump_alloc.*;'; then
+ AC_MSG_RESULT(6 args)
+ AC_SUBST(HAVE_NETLINK_DUMP_START_ARGS, 6)
+else
+ AC_MSG_RESULT(4 args)
+ AC_SUBST(HAVE_NETLINK_DUMP_START_ARGS, 4)
+fi
+
+AC_MSG_CHECKING([kernel source for ns_capable])
+if test -f $ksourcedir/include/linux/capability.h && \
+ $GREP -q 'ns_capable' $ksourcedir/include/linux/capability.h; then
+ AC_MSG_RESULT(yes)
+ AC_SUBST(HAVE_NS_CAPABLE, define)
+else
+ AC_MSG_RESULT(no)
+ AC_SUBST(HAVE_NS_CAPABLE, undef)
+fi
+
+AC_MSG_CHECKING([kernel source for nfnl_lock per subsys])
+if test -f $ksourcedir/include/linux/netfilter/nfnetlink.h && \
+ $GREP -q 'nfnl_lock.* subsys_id' $ksourcedir/include/linux/netfilter/nfnetlink.h; then
+ AC_MSG_RESULT(yes)
+ AC_SUBST(HAVE_NFNL_LOCK_SUBSYS, define)
+else
+ AC_MSG_RESULT(no)
+ AC_SUBST(HAVE_NFNL_LOCK_SUBSYS, undef)
+fi
+
+AC_MSG_CHECKING([kernel source for export.h])
+if test -f $ksourcedir/include/linux/export.h; then
+ AC_MSG_RESULT(yes)
+ AC_SUBST(HAVE_EXPORT_H, define)
+else
+ AC_MSG_RESULT(no)
+ AC_SUBST(HAVE_EXPORT_H, undef)
+fi
+
+AC_MSG_CHECKING([kernel source for ipv6_skip_exthdr args])
+if test -f $ksourcedir/include/net/ipv6.h && \
+ $AWK '/ipv6_skip_exthdr/ {getline; print}' $ksourcedir/include/net/ipv6.h | $GREP -q 'frag_offp'; then
+ AC_MSG_RESULT(4 args)
+ AC_SUBST(HAVE_IPV6_SKIP_EXTHDR_ARGS, 4)
+else
+ AC_MSG_RESULT(3 args)
+ AC_SUBST(HAVE_IPV6_SKIP_EXTHDR_ARGS, 3)
+fi
+
+AC_MSG_CHECKING([kernel source for bool checkentry function prototype])
+if test -f $ksourcedir/net/netfilter/xt_state.c && \
+ $GREP -q 'bool state_mt_check' $ksourcedir/net/netfilter/xt_state.c; then
+ AC_MSG_RESULT(yes)
+ AC_SUBST(HAVE_CHECKENTRY_BOOL, define)
+else
+ AC_MSG_RESULT(no)
+ AC_SUBST(HAVE_CHECKENTRY_BOOL, undef)
+fi
+
+AC_MSG_CHECKING([kernel source for old struct xt_target_param])
+if test -f $ksourcedir/net/netfilter/xt_TCPMSS.c && \
+ $GREP -q 'const struct xt_target_param' $ksourcedir/net/netfilter/xt_TCPMSS.c; then
+ AC_MSG_RESULT(yes)
+ AC_SUBST(HAVE_XT_TARGET_PARAM, define)
+else
+ AC_MSG_RESULT(no)
+ AC_SUBST(HAVE_XT_TARGET_PARAM, undef)
+fi
+
+AC_MSG_CHECKING([kernel source for id in struct pernet_operations])
+if test -f $ksourcedir/include/net/net_namespace.h && \
+ $AWK '/struct pernet_operations/ {for(i=1; i<=6; i++) {getline; print}}' $ksourcedir/include/net/net_namespace.h | $GREP -q 'int \*id;'; then
+ AC_MSG_RESULT(yes)
+ AC_SUBST(HAVE_NET_OPS_ID, define)
+else
+ AC_MSG_RESULT(no)
+ AC_SUBST(HAVE_NET_OPS_ID, undef)
+fi
+
+AC_MSG_CHECKING([kernel source for struct net_generic])
+if test -f $ksourcedir/include/net/netns/generic.h && \
+ $GREP -q 'struct net_generic' $ksourcedir/include/net/netns/generic.h; then
+ AC_MSG_RESULT(yes)
+else
+ AC_MSG_RESULT(no)
+ AC_MSG_ERROR([Netns support is required in the Linux kernel tree])
+fi
+
+dnl Checks for compiler characteristics.
dnl Check extra warning flags except
dnl -Wconversion -> we need it
dnl -Wunreachable-code -> fails with ntoh*
dnl Generate output
AC_CONFIG_FILES([Makefile include/libipset/Makefile
- lib/Makefile lib/libipset.pc src/Makefile])
+ lib/Makefile lib/libipset.pc src/Makefile
+ kernel/include/linux/netfilter/ipset/ip_set_compat.h])
AC_OUTPUT
dnl Summary
#ifndef __IP_SET_COMPAT_H
#define __IP_SET_COMPAT_H
+#@HAVE_STRUCT_XT_ACTION_PARAM@ HAVE_STRUCT_XT_ACTION_PARAM
+#@HAVE_VZALLOC@ HAVE_VZALLOC
+#@HAVE_ETHER_ADDR_EQUAL@ HAVE_ETHER_ADDR_EQUAL
+#@HAVE_NLA_PUT_BE64@ HAVE_NLA_PUT_BE64
+#@HAVE_NL_INFO_PORTID@ HAVE_NL_INFO_PORTID
+#define HAVE_NETLINK_DUMP_START_ARGS @HAVE_NETLINK_DUMP_START_ARGS@
+#@HAVE_NS_CAPABLE@ HAVE_NS_CAPABLE
+#@HAVE_NFNL_LOCK_SUBSYS@ HAVE_NFNL_LOCK_SUBSYS
+#@HAVE_EXPORT_H@ HAVE_EXPORT_H
+#define HAVE_IPV6_SKIP_EXTHDR_ARGS @HAVE_IPV6_SKIP_EXTHDR_ARGS@
+#@HAVE_CHECKENTRY_BOOL@ HAVE_CHECKENTRY_BOOL
+#@HAVE_XT_TARGET_PARAM@ HAVE_XT_TARGET_PARAM
+#@HAVE_NET_OPS_ID@ HAVE_NET_OPS_ID
+
/* Not everything could be moved here. Compatibility stuffs can be found in
* xt_set.c, ip_set_core.c, ip_set_getport.c, pfxlen.c too.
*/
#error "NETFILTER_NETLINK must be enabled: select NFACCT/NFQUEUE/LOG over NFNETLINK"
#endif
-#if LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 35)
+#ifndef HAVE_STRUCT_XT_ACTION_PARAM
#define xt_action_param xt_match_param
#endif
-#if LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 37)
+#ifndef HAVE_VZALLOC
#define vzalloc(size) __vmalloc(size,\
GFP_KERNEL|__GFP_ZERO|__GFP_HIGHMEM,\
PAGE_KERNEL)
#endif
-#if LINUX_VERSION_CODE < KERNEL_VERSION(3, 5, 0)
+#ifndef HAVE_ETHER_ADDR_EQUAL
#include <linux/etherdevice.h>
static inline bool ether_addr_equal(const u8 *addr1, const u8 *addr2)
{
return !compare_ether_addr(addr1, addr2);
}
+#endif
+#ifndef HAVE_NLA_PUT_BE64
static inline int nla_put_be64(struct sk_buff *skb, int attrtype, __be64 value)
{
return nla_put(skb, attrtype, sizeof(__be64), &value);
}
#endif
-#if LINUX_VERSION_CODE < KERNEL_VERSION(3, 7, 0)
-#define NETLINK_PORTID(skb) NETLINK_CB(skb).pid
-#else
+#ifdef HAVE_NL_INFO_PORTID
#define NETLINK_PORTID(skb) NETLINK_CB(skb).portid
+#else
+#define NETLINK_PORTID(skb) NETLINK_CB(skb).pid
#endif
-#if LINUX_VERSION_CODE < KERNEL_VERSION(3, 8, 0)
+#ifndef HAVE_NS_CAPABLE
#define ns_capable(ns, cap) capable(cap)
#endif
-#if LINUX_VERSION_CODE < KERNEL_VERSION(3, 9, 0)
-#define lock_nfnl() nfnl_lock()
-#define unlock_nfnl() nfnl_unlock()
-#else
+#ifdef HAVE_NFNL_LOCK_SUBSYS
#define lock_nfnl() nfnl_lock(NFNL_SUBSYS_IPSET)
#define unlock_nfnl() nfnl_unlock(NFNL_SUBSYS_IPSET)
+#else
+#define lock_nfnl() nfnl_lock()
+#define unlock_nfnl() nfnl_unlock()
#endif
#ifdef NLA_PUT_NET16
if (unlikely(protocol_failed(attr)))
return -IPSET_ERR_PROTOCOL;
-#if LINUX_VERSION_CODE < KERNEL_VERSION(3, 1, 0)
+#if HAVE_NETLINK_DUMP_START_ARGS == 5
return netlink_dump_start(ctnl, skb, nlh,
ip_set_dump_start,
ip_set_dump_done);
-#elif LINUX_VERSION_CODE < KERNEL_VERSION(3, 4, 0)
+#elif HAVE_NETLINK_DUMP_START_ARGS == 6
return netlink_dump_start(ctnl, skb, nlh,
ip_set_dump_start,
ip_set_dump_done, 0);
static int __net_init
ip_set_net_init(struct net *net)
{
- struct ip_set_net *inst = ip_set_pernet(net);
+ struct ip_set_net *inst;
struct ip_set **list;
+#ifdef HAVE_NET_OPS_ID
+ inst = ip_set_pernet(net);
+#else
+ int err;
+
+ inst = kzalloc(sizeof(struct ip_set_net), GFP_KERNEL);
+ if (!inst)
+ return -ENOMEM;
+ err = net_assign_generic(net, ip_set_net_id, inst);
+ if (err < 0)
+ goto err_alloc;
+#endif
inst->ip_set_max = max_sets ? max_sets : CONFIG_IP_SET_MAX;
if (inst->ip_set_max >= IPSET_INVALID_ID)
inst->ip_set_max = IPSET_INVALID_ID - 1;
list = kzalloc(sizeof(struct ip_set *) * inst->ip_set_max, GFP_KERNEL);
if (!list)
+#ifdef HAVE_NET_OPS_ID
return -ENOMEM;
+#else
+ goto err_alloc;
+#endif
inst->is_deleted = 0;
rcu_assign_pointer(inst->ip_set_list, list);
pr_notice("ip_set: protocol %u\n", IPSET_PROTOCOL);
return 0;
+
+#ifndef HAVE_NET_OPS_ID
+err_alloc:
+ kfree(inst);
+ return err;
+#endif
}
static void __net_exit
ip_set_destroy_set(inst, i);
}
kfree(rcu_dereference_protected(inst->ip_set_list, 1));
+#ifndef HAVE_NET_OPS_ID
+ kfree(inst);
+#endif
}
static struct pernet_operations ip_set_net_ops = {
.init = ip_set_net_init,
.exit = ip_set_net_exit,
+#ifdef HAVE_NET_OPS_ID
.id = &ip_set_net_id,
.size = sizeof(struct ip_set_net)
+#endif
};
nfnetlink_subsys_unregister(&ip_set_netlink_subsys);
return ret;
}
+#ifdef HAVE_NET_OPS_ID
ret = register_pernet_subsys(&ip_set_net_ops);
+#else
+ ret = register_pernet_gen_device(&ip_set_net_id, &ip_set_net_ops);
+#endif
if (ret) {
pr_err("ip_set: cannot register pernet_subsys.\n");
nf_unregister_sockopt(&so_set);
static void __exit
ip_set_fini(void)
{
+#ifdef HAVE_NET_OPS_ID
unregister_pernet_subsys(&ip_set_net_ops);
+#else
+ unregister_pernet_gen_device(ip_set_net_id, &ip_set_net_ops);
+#endif
nf_unregister_sockopt(&so_set);
nfnetlink_subsys_unregister(&ip_set_netlink_subsys);
pr_debug("these are the famous last words\n");
/* Get Layer-4 data from the packets */
#include <linux/version.h>
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(3, 2, 0)
+#ifdef HAVE_EXPORT_H
#include <linux/export.h>
#endif
#include <linux/ip.h>
#include <net/ipv6.h>
#include <linux/netfilter/ipset/ip_set_getport.h>
+#include <linux/netfilter/ipset/ip_set_compat.h>
/* We must handle non-linear skbs */
static bool
__be16 frag_off = 0;
nexthdr = ipv6_hdr(skb)->nexthdr;
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(3, 3, 0)
+#if HAVE_IPV6_SKIP_EXTHDR_ARGS == 4
protoff = ipv6_skip_exthdr(skb, sizeof(struct ipv6hdr), &nexthdr,
&frag_off);
#else
#include <linux/version.h>
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(3, 2, 0)
+#ifdef HAVE_EXPORT_H
#include <linux/export.h>
#endif
#include <linux/netfilter/ipset/pfxlen.h>
MODULE_ALIAS("ipt_SET");
MODULE_ALIAS("ip6t_SET");
-#if LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 35)
+#ifdef HAVE_CHECKENTRY_BOOL
#define CHECK_OK 1
#define CHECK_FAIL(err) 0
#define CONST const
#define FTYPE bool
+#define XT_PAR_NET(par) NULL
#else /* LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,35) */
#define CHECK_OK 0
#define CHECK_FAIL(err) (err)
#define CONST
#define FTYPE int
+#define XT_PAR_NET(par) (par)->net
#endif
static inline int
struct xt_set_info_match_v0 *info = par->matchinfo;
ip_set_id_t index;
- index = ip_set_nfnl_get_byindex(par->net, info->match_set.index);
+ index = ip_set_nfnl_get_byindex(XT_PAR_NET(par), info->match_set.index);
if (index == IPSET_INVALID_ID) {
pr_warning("Cannot find set indentified by id %u to match\n",
if (info->match_set.u.flags[IPSET_DIM_MAX-1] != 0) {
pr_warning("Protocol error: set match dimension "
"is over the limit!\n");
- ip_set_nfnl_put(par->net, info->match_set.index);
+ ip_set_nfnl_put(XT_PAR_NET(par), info->match_set.index);
return CHECK_FAIL(-ERANGE);
}
{
struct xt_set_info_match_v0 *info = par->matchinfo;
- ip_set_nfnl_put(par->net, info->match_set.index);
+ ip_set_nfnl_put(XT_PAR_NET(par), info->match_set.index);
}
/* Revision 1 */
struct xt_set_info_match_v1 *info = par->matchinfo;
ip_set_id_t index;
- index = ip_set_nfnl_get_byindex(par->net, info->match_set.index);
+ index = ip_set_nfnl_get_byindex(XT_PAR_NET(par), info->match_set.index);
if (index == IPSET_INVALID_ID) {
pr_warning("Cannot find set indentified by id %u to match\n",
if (info->match_set.dim > IPSET_DIM_MAX) {
pr_warning("Protocol error: set match dimension "
"is over the limit!\n");
- ip_set_nfnl_put(par->net, info->match_set.index);
+ ip_set_nfnl_put(XT_PAR_NET(par), info->match_set.index);
return CHECK_FAIL(-ERANGE);
}
{
struct xt_set_info_match_v1 *info = par->matchinfo;
- ip_set_nfnl_put(par->net, info->match_set.index);
+ ip_set_nfnl_put(XT_PAR_NET(par), info->match_set.index);
}
/* Revision 3 match */
/* Revision 0 interface: backward compatible with netfilter/iptables */
-#if LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 35)
+#ifdef HAVE_XT_TARGET_PARAM
#undef xt_action_param
#define xt_action_param xt_target_param
#define CAST_TO_MATCH (const struct xt_match_param *)
ip_set_id_t index;
if (info->add_set.index != IPSET_INVALID_ID) {
- index = ip_set_nfnl_get_byindex(par->net, info->add_set.index);
+ index = ip_set_nfnl_get_byindex(XT_PAR_NET(par), info->add_set.index);
if (index == IPSET_INVALID_ID) {
pr_warning("Cannot find add_set index %u as target\n",
info->add_set.index);
}
if (info->del_set.index != IPSET_INVALID_ID) {
- index = ip_set_nfnl_get_byindex(par->net, info->del_set.index);
+ index = ip_set_nfnl_get_byindex(XT_PAR_NET(par), info->del_set.index);
if (index == IPSET_INVALID_ID) {
pr_warning("Cannot find del_set index %u as target\n",
info->del_set.index);
if (info->add_set.index != IPSET_INVALID_ID)
- ip_set_nfnl_put(par->net, info->add_set.index);
+ ip_set_nfnl_put(XT_PAR_NET(par), info->add_set.index);
return CHECK_FAIL(-ENOENT);
}
}
pr_warning("Protocol error: SET target dimension "
"is over the limit!\n");
if (info->add_set.index != IPSET_INVALID_ID)
- ip_set_nfnl_put(par->net, info->add_set.index);
+ ip_set_nfnl_put(XT_PAR_NET(par), info->add_set.index);
if (info->del_set.index != IPSET_INVALID_ID)
- ip_set_nfnl_put(par->net, info->del_set.index);
+ ip_set_nfnl_put(XT_PAR_NET(par), info->del_set.index);
return CHECK_FAIL(-ERANGE);
}
const struct xt_set_info_target_v0 *info = par->targinfo;
if (info->add_set.index != IPSET_INVALID_ID)
- ip_set_nfnl_put(par->net, info->add_set.index);
+ ip_set_nfnl_put(XT_PAR_NET(par), info->add_set.index);
if (info->del_set.index != IPSET_INVALID_ID)
- ip_set_nfnl_put(par->net, info->del_set.index);
+ ip_set_nfnl_put(XT_PAR_NET(par), info->del_set.index);
}
/* Revision 1 target */
ip_set_id_t index;
if (info->add_set.index != IPSET_INVALID_ID) {
- index = ip_set_nfnl_get_byindex(par->net, info->add_set.index);
+ index = ip_set_nfnl_get_byindex(XT_PAR_NET(par), info->add_set.index);
if (index == IPSET_INVALID_ID) {
pr_warning("Cannot find add_set index %u as target\n",
info->add_set.index);
}
if (info->del_set.index != IPSET_INVALID_ID) {
- index = ip_set_nfnl_get_byindex(par->net, info->del_set.index);
+ index = ip_set_nfnl_get_byindex(XT_PAR_NET(par), info->del_set.index);
if (index == IPSET_INVALID_ID) {
pr_warning("Cannot find del_set index %u as target\n",
info->del_set.index);
if (info->add_set.index != IPSET_INVALID_ID)
- ip_set_nfnl_put(par->net, info->add_set.index);
+ ip_set_nfnl_put(XT_PAR_NET(par), info->add_set.index);
return CHECK_FAIL(-ENOENT);
}
}
pr_warning("Protocol error: SET target dimension "
"is over the limit!\n");
if (info->add_set.index != IPSET_INVALID_ID)
- ip_set_nfnl_put(par->net, info->add_set.index);
+ ip_set_nfnl_put(XT_PAR_NET(par), info->add_set.index);
if (info->del_set.index != IPSET_INVALID_ID)
- ip_set_nfnl_put(par->net, info->del_set.index);
+ ip_set_nfnl_put(XT_PAR_NET(par), info->del_set.index);
return CHECK_FAIL(-ERANGE);
}
const struct xt_set_info_target_v1 *info = par->targinfo;
if (info->add_set.index != IPSET_INVALID_ID)
- ip_set_nfnl_put(par->net, info->add_set.index);
+ ip_set_nfnl_put(XT_PAR_NET(par), info->add_set.index);
if (info->del_set.index != IPSET_INVALID_ID)
- ip_set_nfnl_put(par->net, info->del_set.index);
+ ip_set_nfnl_put(XT_PAR_NET(par), info->del_set.index);
}
/* Revision 2 target */
projects / thirdparty / ipset.git / commitdiff
