Restore support for kernel 4.9
This reverts commits:
94656621ed269882aedf116f900009f1ccade3f6
95d4f9e113fae3ef1e161548fe25c43c091392e3
123e1a14e95f01b6ba2e4a31b3b2a74ff250be57
f4f3f9860916d2ec88eb8339680d9ca0f64d41a4
9b1c7c1c047f0e9c6cb4f9abbdb9fd7b86ae6c1b
---
configure.ac | 2 +-
extensions/ACCOUNT/xt_ACCOUNT.c | 4 ++++
extensions/compat_xtables.h | 8 ++++++--
extensions/xt_CHAOS.c | 28 ++++++++++++++++++++++++++--
extensions/xt_DELUDE.c | 8 +++++++-
extensions/xt_DNETMAP.c | 13 +++++++++++++
extensions/xt_ECHO.c | 4 ++++
extensions/xt_LOGMARK.c | 8 ++++++++
extensions/xt_TARPIT.c | 10 ++++++++++
extensions/xt_iface.c | 8 ++++++++
extensions/xt_lscan.c | 4 ++++
11 files changed, 91 insertions(+), 6 deletions(-)
diff --git a/configure.ac b/configure.ac
index 0d3aa72..1cea354 100644
--- a/configure.ac
+++ b/configure.ac
@@ -59,7 +59,7 @@ if test -n "$kbuilddir"; then
echo "$kmajor.$kminor.$kmicro.$kstable in $kbuilddir";
if test "$kmajor" -gt 5 -o "$kmajor" -eq 5 -a "$kminor" -gt 0; then
echo "WARNING: That kernel version is not officially supported yet. Continue at own luck.";
- elif test "$kmajor" -eq 4 -a "$kminor" -ge 14; then
+ elif test "$kmajor" -eq 4 -a "$kminor" -ge 9; then
:
else
echo "WARNING: That kernel version is not officially supported.";
diff --git a/extensions/ACCOUNT/xt_ACCOUNT.c b/extensions/ACCOUNT/xt_ACCOUNT.c
index 019f5bd..8abe8ab 100644
--- a/extensions/ACCOUNT/xt_ACCOUNT.c
+++ b/extensions/ACCOUNT/xt_ACCOUNT.c
@@ -485,7 +485,11 @@ static void ipt_acc_depth2_insert(struct ipt_acc_mask_8 *mask_8,
static unsigned int
ipt_acc_target(struct sk_buff *skb, const struct xt_action_param *par)
{
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,10,0)
struct ipt_acc_net *ian = net_generic(par->state->net, ipt_acc_net_id);
+#else
+ struct ipt_acc_net *ian = net_generic(par->net, ipt_acc_net_id);
+#endif
struct ipt_acc_table *ipt_acc_tables = ian->ipt_acc_tables;
const struct ipt_acc_info *info =
par->targinfo;
diff --git a/extensions/compat_xtables.h b/extensions/compat_xtables.h
index faf5dd8..23785d9 100644
--- a/extensions/compat_xtables.h
+++ b/extensions/compat_xtables.h
@@ -8,8 +8,8 @@
#define DEBUGP Use__pr_debug__instead
-#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 14, 0)
-# warning Kernels below 4.14 not supported.
+#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 9, 0)
+# warning Kernels below 4.9 not supported.
#endif
#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
@@ -44,7 +44,11 @@
static inline struct net *par_net(const struct xt_action_param *par)
{
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 10, 0)
return par->state->net;
+#else
+ return par->net;
+#endif
}
#ifndef NF_CT_ASSERT
diff --git a/extensions/xt_CHAOS.c b/extensions/xt_CHAOS.c
index eec36d4..cee2026 100644
--- a/extensions/xt_CHAOS.c
+++ b/extensions/xt_CHAOS.c
@@ -58,7 +58,12 @@ xt_chaos_total(struct sk_buff *skb, const struct xt_action_param *par)
{
struct xt_action_param local_par;
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,10,0)
local_par.state = par->state;
+#else
+ local_par.in = par->in,
+ local_par.out = par->out,
+#endif
local_par.match = xm_tcp;
local_par.matchinfo = &tcp_params;
local_par.fragoff = fragoff;
@@ -73,7 +78,14 @@ xt_chaos_total(struct sk_buff *skb, const struct xt_action_param *par)
destiny = (info->variant == XTCHAOS_TARPIT) ? xt_tarpit : xt_delude;
{
struct xt_action_param local_par;
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,10,0)
local_par.state = par->state;
+#else
+ local_par.in = par->in;
+ local_par.out = par->out;
+ local_par.hooknum = par->hooknum;
+ local_par.family = par->family;
+#endif
local_par.target = destiny;
local_par.targinfo = par->targinfo;
destiny->target(skb, &local_par);
@@ -96,15 +108,27 @@ chaos_tg(struct sk_buff *skb, const struct xt_action_param *par)
if ((unsigned int)prandom_u32() <= reject_percentage) {
struct xt_action_param local_par;
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,10,0)
local_par.state = par->state;
+#else
+ local_par.in = par->in;
+ local_par.out = par->out;
+ local_par.hooknum = par->hooknum;
+#endif
local_par.target = xt_reject;
local_par.targinfo = &reject_params;
return xt_reject->target(skb, &local_par);
}
/* TARPIT/DELUDE may not be called from the OUTPUT chain */
- if (iph->protocol == IPPROTO_TCP && info->variant != XTCHAOS_NORMAL &&
- par->state->hook != NF_INET_LOCAL_OUT)
+ if (iph->protocol == IPPROTO_TCP &&
+ info->variant != XTCHAOS_NORMAL &&
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,10,0)
+ par->state->hook
+#else
+ par->hooknum
+#endif
+ != NF_INET_LOCAL_OUT)
xt_chaos_total(skb, par);
return NF_DROP;
diff --git a/extensions/xt_DELUDE.c b/extensions/xt_DELUDE.c
index 618de5e..221f342 100644
--- a/extensions/xt_DELUDE.c
+++ b/extensions/xt_DELUDE.c
@@ -146,7 +146,13 @@ delude_tg(struct sk_buff *skb, const struct xt_action_param *par)
* a problem, as that is supported since Linux 2.6.35. But since we do not
* actually want to have a connection open, we are still going to drop it.
*/
- delude_send_reset(par_net(par), skb, par->state->hook);
+ delude_send_reset(par_net(par), skb,
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,10,0)
+ par->state->hook
+#else
+ par->hooknum
+#endif
+ );
return NF_DROP;
}
diff --git a/extensions/xt_DNETMAP.c b/extensions/xt_DNETMAP.c
index de7d4ec..36a59e2 100644
--- a/extensions/xt_DNETMAP.c
+++ b/extensions/xt_DNETMAP.c
@@ -356,7 +356,11 @@ out:
static unsigned int
dnetmap_tg(struct sk_buff *skb, const struct xt_action_param *par)
{
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,10,0)
struct net *net = dev_net(par->state->in ? par->state->in : par->state->out);
+#else
+ struct net *net = dev_net(par->in ? par->in : par->out);
+#endif
struct dnetmap_net *dnetmap_net = dnetmap_pernet(net);
struct nf_conn *ct;
enum ip_conntrack_info ctinfo;
@@ -371,7 +375,11 @@ dnetmap_tg(struct sk_buff *skb, const struct xt_action_param *par)
struct dnetmap_entry *e;
struct dnetmap_prefix *p;
__s32 jttl;
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,10,0)
unsigned int hooknum = par->state->hook;
+#else
+ unsigned int hooknum = par->hooknum;
+#endif
ct = nf_ct_get(skb, &ctinfo);
jttl = tginfo->flags & XT_DNETMAP_TTL ? tginfo->ttl * HZ : jtimeout;
@@ -496,7 +504,12 @@ bind_new_prefix:
newrange.max_addr.ip = postnat_ip;
newrange.min_proto = mr->min_proto;
newrange.max_proto = mr->max_proto;
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,10,0)
return nf_nat_setup_info(ct, &newrange, HOOK2MANIP(par->state->hook));
+#else
+ return nf_nat_setup_info(ct, &newrange, HOOK2MANIP(par->hooknum));
+#endif
+
no_rev_map:
no_free_ip:
spin_unlock_bh(&dnetmap_lock);
diff --git a/extensions/xt_ECHO.c b/extensions/xt_ECHO.c
index e99312b..60cb815 100644
--- a/extensions/xt_ECHO.c
+++ b/extensions/xt_ECHO.c
@@ -35,7 +35,11 @@ echo_tg6(struct sk_buff *oldskb, const struct xt_action_param *par)
void *payload;
struct flowi6 fl;
struct dst_entry *dst = NULL;
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,10,0)
struct net *net = dev_net((par->state->in != NULL) ? par->state->in : par->state->out);
+#else
+ struct net *net = dev_net((par->in != NULL) ? par->in : par->out);
+#endif
/* This allows us to do the copy operation in fewer lines of code. */
if (skb_linearize(oldskb) < 0)
diff --git a/extensions/xt_LOGMARK.c b/extensions/xt_LOGMARK.c
index 0474bf8..02e32be 100644
--- a/extensions/xt_LOGMARK.c
+++ b/extensions/xt_LOGMARK.c
@@ -77,13 +77,21 @@ logmark_tg(struct sk_buff *skb, const struct xt_action_param *par)
printk("<%u>%.*s""iif=%d hook=%s nfmark=0x%x "
"secmark=0x%x classify=0x%x",
info->level, (unsigned int)sizeof(info->prefix), info->prefix,
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,10,0)
skb_ifindex(skb), hook_names[par->state->hook],
+#else
+ skb_ifindex(skb), hook_names[par->hooknum],
+#endif
skb_nfmark(skb), skb_secmark(skb), skb->priority);
ct = nf_ct_get(skb, &ctinfo);
printk(" ctdir=%s", dir_names[ctinfo >= IP_CT_IS_REPLY]);
if (ct == NULL)
printk(" ct=NULL ctmark=NULL ctstate=INVALID ctstatus=NONE");
+#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 12, 0)
+ else if (nf_ct_is_untracked(ct))
+ printk(" ct=UNTRACKED ctmark=NULL ctstate=UNTRACKED ctstatus=NONE");
+#endif
else
logmark_ct(ct, ctinfo);
diff --git a/extensions/xt_TARPIT.c b/extensions/xt_TARPIT.c
index cb98e9e..b78683c 100644
--- a/extensions/xt_TARPIT.c
+++ b/extensions/xt_TARPIT.c
@@ -431,7 +431,12 @@ tarpit_tg4(struct sk_buff *skb, const struct xt_action_param *par)
/* We are not interested in fragments */
if (iph->frag_off & htons(IP_OFFSET))
return NF_DROP;
+
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,10,0)
tarpit_tcp4(par_net(par), skb, par->state->hook, info->variant);
+#else
+ tarpit_tcp4(par_net(par), skb, par->hooknum, info->variant);
+#endif
return NF_DROP;
}
@@ -472,7 +477,12 @@ tarpit_tg6(struct sk_buff *skb, const struct xt_action_param *par)
pr_debug("addr is not unicast.\n");
return NF_DROP;
}
+
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,10,0)
tarpit_tcp6(par_net(par), skb, par->state->hook, info->variant);
+#else
+ tarpit_tcp6(par_net(par), skb, par->hooknum, info->variant);
+#endif
return NF_DROP;
}
#endif
diff --git a/extensions/xt_iface.c b/extensions/xt_iface.c
index 7704686..be52a52 100644
--- a/extensions/xt_iface.c
+++ b/extensions/xt_iface.c
@@ -45,9 +45,17 @@ static const struct net_device *iface_get(const struct xt_iface_mtinfo *info,
const struct xt_action_param *par, struct net_device **put)
{
if (info->flags & XT_IFACE_DEV_IN)
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,10,0)
return par->state->in;
+#else
+ return par->in;
+#endif
else if (info->flags & XT_IFACE_DEV_OUT)
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,10,0)
return par->state->out;
+#else
+ return par->out;
+#endif
return *put = dev_get_by_name(&init_net, info->ifname);
}
diff --git a/extensions/xt_lscan.c b/extensions/xt_lscan.c
index 060fe44..3a7d2ed 100644
--- a/extensions/xt_lscan.c
+++ b/extensions/xt_lscan.c
@@ -204,7 +204,11 @@ lscan_mt(const struct sk_buff *skb, struct xt_action_param *par)
unsigned int n;
n = lscan_mt_full(ctdata->mark & connmark_mask, ctstate,
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,10,0)
par->state->in == init_net.loopback_dev, tcph,
+#else
+ par->in == init_net.loopback_dev, tcph,
+#endif
skb->len - par->thoff - 4 * tcph->doff);
ctdata->mark = (ctdata->mark & ~connmark_mask) | n;
--
2.21.0