From 12e31aab383c9731f2b58364956789c670b3a151 Mon Sep 17 00:00:00 2001 From: Tomer Barletz Date: Tue, 1 Dec 2015 00:49:29 -0800 Subject: [PATCH 1/2] Add support for kernel > v4.0. In change 1d1de89b, nf_queue_entry was refactored, and since v4.0-rc6 some of its member variables have now been extracted to nf_hook_state. --- kipfw/ipfw2_mod.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/kipfw/ipfw2_mod.c b/kipfw/ipfw2_mod.c index 73c79c8..cd252fb 100644 --- a/kipfw/ipfw2_mod.c +++ b/kipfw/ipfw2_mod.c @@ -556,7 +556,11 @@ ipfw2_queue_handler(QH_ARGS) m->m_skb = skb; m->m_len = skb->len; /* len from ip header to end */ m->m_pkthdr.len = skb->len; /* total packet len */ +#if LINUX_VERSION_CODE < KERNEL_VERSION(4,1,0) m->m_pkthdr.rcvif = info->indev; +#else + m->m_pkthdr.rcvif = info->state.in; +#endif m->queue_entry = info; #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,22) /* XXX was 2.6.0 */ m->m_data = (char *)skb->nh.iph; @@ -565,11 +569,19 @@ ipfw2_queue_handler(QH_ARGS) #endif /* XXX add the interface */ +#if LINUX_VERSION_CODE < KERNEL_VERSION(4,1,0) if (info->hook == IPFW_HOOK_IN) { ret = ipfw_check_hook(NULL, &m, info->indev, PFIL_IN, NULL); } else { ret = ipfw_check_hook(NULL, &m, info->outdev, PFIL_OUT, NULL); } +#else + if (info->state.hook == IPFW_HOOK_IN) { + ret = ipfw_check_hook(NULL, &m, info->state.in, PFIL_IN, NULL); + } else { + ret = ipfw_check_hook(NULL, &m, info->state.out, PFIL_OUT, NULL); + } +#endif if (m != NULL) { /* Accept. reinject and free the mbuf */ REINJECT(info, NF_ACCEPT); From 0a74717be1027d4cdb480e8750ffd21e90b608cc Mon Sep 17 00:00:00 2001 From: Tomer Barletz Date: Tue, 1 Dec 2015 01:14:07 -0800 Subject: [PATCH 2/2] In Linux 4.1 nf_hookfn()'s signature has changed. --- kipfw/ipfw2_mod.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/kipfw/ipfw2_mod.c b/kipfw/ipfw2_mod.c index cd252fb..2f7c001 100644 --- a/kipfw/ipfw2_mod.c +++ b/kipfw/ipfw2_mod.c @@ -478,10 +478,19 @@ call_ipfw( #else struct sk_buff *skb, #endif +#if LINUX_VERSION_CODE < KERNEL_VERSION(4,1,0) const struct net_device *in, const struct net_device *out, int (*okfn)(struct sk_buff *)) +#else + const struct nf_hook_state *state) +#endif { - (void)hooknum; (void)skb; (void)in; (void)out; (void)okfn; /* UNUSED */ + (void)hooknum; (void)skb; /* UNUSED */ +#if LINUX_VERSION_CODE < KERNEL_VERSION(4,1,0) + (void)in; (void)out; (void)okfn; /* UNUSED */ +#else + (void)state; /* UNUSED */ +#endif return NF_QUEUE; }