build: support for Linux 4.4

diff --git a/doc/changelog.txt b/doc/changelog.txt
index c1cca5344078ae428e5de1031833a5b2288e7530..fe6930572c4ac6c939a603af4f8e18b5d48cf2b1 100644 (file)
--- a/doc/changelog.txt
+++ b/doc/changelog.txt
@@ -1,6 +1,8 @@
 
 HEAD
 ====
+Enhancements:
+- Support for Linux 4.4
 Fixes:
 - xt_ACCOUNT: call free_page with the right amount of pages
 

diff --git a/extensions/compat_xtables.h b/extensions/compat_xtables.h
index 9009eeb2a8e4b3cbdd46a5af3821aceb10cd5edc..a6c61ac02ea268091fd00c515c02d8d9599254c6 100644 (file)
--- a/extensions/compat_xtables.h
+++ b/extensions/compat_xtables.h
@@ -73,4 +73,20 @@ static inline void proc_remove(struct proc_dir_entry *de)
 }
 #endif
 
+#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 4, 0)
+#      define ip6_local_out(xnet, xsk, xskb) ip6_local_out(xskb)
+#      define ip6_route_me_harder(xnet, xskb) ip6_route_me_harder(xskb)
+#      define ip_local_out(xnet, xsk, xskb) ip_local_out(xskb)
+#      define ip_route_me_harder(xnet, xskb, xaddrtype) ip_route_me_harder((xskb), (xaddrtype))
+#endif
+
+static inline struct net *par_net(const struct xt_action_param *par)
+{
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 4, 0)
+       return par->net;
+#else
+       return dev_net((par->in != NULL) ? par->in : par->out);
+#endif
+}
+
 #endif /* _XTABLES_COMPAT_H */

diff --git a/extensions/xt_DELUDE.c b/extensions/xt_DELUDE.c
index 1568252a53223012ebf3d2d43e364fe9e47eda20..aff281f3bf7907ecae6dca7c7907c5e33b9bffed 100644 (file)
--- a/extensions/xt_DELUDE.c
+++ b/extensions/xt_DELUDE.c
@@ -25,7 +25,8 @@
 #include "compat_xtables.h"
 #define PFX KBUILD_MODNAME ": "
 
-static void delude_send_reset(struct sk_buff *oldskb, unsigned int hook)
+static void delude_send_reset(struct net *net, struct sk_buff *oldskb,
+    unsigned int hook)
 {
        struct tcphdr _otcph, *tcph;
        const struct tcphdr *oth;
@@ -121,7 +122,7 @@ static void delude_send_reset(struct sk_buff *oldskb, unsigned int hook)
        /* ip_route_me_harder expects skb->dst to be set */
        skb_dst_set(nskb, dst_clone(skb_dst(oldskb)));
 
-       if (ip_route_me_harder(nskb, addr_type))
+       if (ip_route_me_harder(net, nskb, addr_type))
                goto free_nskb;
        else
                niph = ip_hdr(nskb);
@@ -135,7 +136,7 @@ static void delude_send_reset(struct sk_buff *oldskb, unsigned int hook)
 
        nf_ct_attach(nskb, oldskb);
 
-       ip_local_out(nskb);
+       ip_local_out(net, nskb->sk, nskb);
        return;
 
  free_nskb:
@@ -150,7 +151,7 @@ delude_tg(struct sk_buff *skb, const struct xt_action_param *par)
         * a problem, as that is supported since Linux 2.6.35. But since we do not
         * actually want to have a connection open, we are still going to drop it.
         */
-       delude_send_reset(skb, par->hooknum);
+       delude_send_reset(par_net(par), skb, par->hooknum);
        return NF_DROP;
 }
 

diff --git a/extensions/xt_ECHO.c b/extensions/xt_ECHO.c
index c5b529c4b5e44723b55a47943bbc5ac7e9e0aa90..f6d2c6988d94503d2b6c754ba4e4bc670ee7a9c4 100644 (file)
--- a/extensions/xt_ECHO.c
+++ b/extensions/xt_ECHO.c
@@ -112,7 +112,7 @@ echo_tg6(struct sk_buff *oldskb, const struct xt_action_param *par)
                goto free_nskb;
 
        nf_ct_attach(newskb, oldskb);
-       ip6_local_out(newskb);
+       ip6_local_out(par_net(par), newskb->sk, newskb);
        return NF_DROP;
 
  free_nskb:
@@ -190,7 +190,7 @@ echo_tg4(struct sk_buff *oldskb, const struct xt_action_param *par)
        /* ip_route_me_harder expects the skb's dst to be set */
        skb_dst_set(newskb, dst_clone(skb_dst(oldskb)));
 
-       if (ip_route_me_harder(newskb, RTN_UNSPEC) != 0)
+       if (ip_route_me_harder(par_net(par), newskb, RTN_UNSPEC) != 0)
                goto free_nskb;
 
        newip->ttl = ip4_dst_hoplimit(skb_dst(newskb));
@@ -201,7 +201,7 @@ echo_tg4(struct sk_buff *oldskb, const struct xt_action_param *par)
                goto free_nskb;
 
        nf_ct_attach(newskb, oldskb);
-       ip_local_out(newskb);
+       ip_local_out(par_net(par), newskb->sk, newskb);
        return NF_DROP;
 
  free_nskb:

diff --git a/extensions/xt_TARPIT.c b/extensions/xt_TARPIT.c
index 67986ad630117395d2092c6864dfb694211defcb..95faba032f342ed84755850d22955d8586600873 100644 (file)
--- a/extensions/xt_TARPIT.c
+++ b/extensions/xt_TARPIT.c
@@ -170,8 +170,8 @@ static bool tarpit_generic(struct tcphdr *tcph, const struct tcphdr *oth,
        return true;
 }
 
-static void tarpit_tcp4(struct sk_buff *oldskb, unsigned int hook,
-    unsigned int mode)
+static void tarpit_tcp4(struct net *net, struct sk_buff *oldskb,
+    unsigned int hook, unsigned int mode)
 {
        struct tcphdr _otcph, *tcph;
        const struct tcphdr *oth;
@@ -261,7 +261,7 @@ static void tarpit_tcp4(struct sk_buff *oldskb, unsigned int hook,
 #endif
                addr_type = RTN_LOCAL;
 
-       if (ip_route_me_harder(nskb, addr_type))
+       if (ip_route_me_harder(net, nskb, addr_type))
                goto free_nskb;
        else
                niph = ip_hdr(nskb);
@@ -284,8 +284,11 @@ static void tarpit_tcp4(struct sk_buff *oldskb, unsigned int hook,
 
        nf_ct_attach(nskb, oldskb);
 
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 1, 0)
-       NF_HOOK(NFPROTO_IPV4, NF_INET_LOCAL_OUT, NULL, nskb, NULL,
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 4, 0)
+       NF_HOOK(NFPROTO_IPV4, NF_INET_LOCAL_OUT, net, nskb->sk, nskb, NULL,
+               skb_dst(nskb)->dev, dst_output);
+#elif LINUX_VERSION_CODE >= KERNEL_VERSION(4, 1, 0)
+       NF_HOOK(NFPROTO_IPV4, NF_INET_LOCAL_OUT, nskb->sk, nskb, NULL,
                skb_dst(nskb)->dev, dst_output_sk);
 #else
        NF_HOOK(NFPROTO_IPV4, NF_INET_LOCAL_OUT, nskb, NULL,
@@ -298,8 +301,8 @@ static void tarpit_tcp4(struct sk_buff *oldskb, unsigned int hook,
 }
 
 #ifdef WITH_IPV6
-static void tarpit_tcp6(struct sk_buff *oldskb, unsigned int hook,
-    unsigned int mode)
+static void tarpit_tcp6(struct net *net, struct sk_buff *oldskb,
+    unsigned int hook, unsigned int mode)
 {
        struct sk_buff *nskb;
        struct tcphdr *tcph, oth;
@@ -397,15 +400,18 @@ static void tarpit_tcp6(struct sk_buff *oldskb, unsigned int hook,
                      IPPROTO_TCP,
                      csum_partial(tcph, sizeof(struct tcphdr), 0));
 
-       if (ip6_route_me_harder(nskb))
+       if (ip6_route_me_harder(net, nskb))
                goto free_nskb;
 
        nskb->ip_summed = CHECKSUM_NONE;
 
        nf_ct_attach(nskb, oldskb);
 
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 1, 0)
-       NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, NULL, nskb, NULL,
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 4, 0)
+       NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, net, nskb->sk, nskb, NULL,
+               skb_dst(nskb)->dev, dst_output);
+#elif LINUX_VERSION_CODE >= KERNEL_VERSION(4, 1, 0)
+       NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, nskb->sk, nskb, NULL,
                skb_dst(nskb)->dev, dst_output_sk);
 #else
        NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, nskb, NULL,
@@ -449,7 +455,7 @@ tarpit_tg4(struct sk_buff *skb, const struct xt_action_param *par)
        if (iph->frag_off & htons(IP_OFFSET))
                return NF_DROP;
 
-       tarpit_tcp4(skb, par->hooknum, info->variant);
+       tarpit_tcp4(par_net(par), skb, par->hooknum, info->variant);
        return NF_DROP;
 }
 
@@ -491,7 +497,7 @@ tarpit_tg6(struct sk_buff *skb, const struct xt_action_param *par)
                return NF_DROP;
        }
 
-       tarpit_tcp6(skb, par->hooknum, info->variant);
+       tarpit_tcp6(par_net(par), skb, par->hooknum, info->variant);
        return NF_DROP;
 }
 #endif