-
Notifications
You must be signed in to change notification settings - Fork 131
New issue
Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? # to your account
ipt_NETFLOW: add compatibility with 6.8+ (include 6.11) #230
base: master
Are you sure you want to change the base?
Conversation
as per #227, strlcopy can just be replaced by strscpy |
3069463
to
49c939c
Compare
Except that strscpy doesn't exist till linux 4.3. but you might be right, it's better to switch to safe modern implementation. I'll make it |
49c939c
to
9501da1
Compare
@aabc could you please merge it? |
@juju4 this patch works for you? For me - still have issues ==> Starting build()...
./gen_compat_def > compat_def.h-
Test function xt_family linux/netfilter_ipv4/ip_tables.h declared
Test struct timeval linux/ktime.h undeclared
egrep: warning: egrep is obsolescent; using grep -E
Test struct proc_ops linux/proc_fs.h declared
Test function synchronize_sched linux/rcupdate.h undeclared
egrep: warning: egrep is obsolescent; using grep -E
Test function nf_bridge_info_get linux/netfilter_bridge.h declared
Test struct vlan_dev_priv linux/if_vlan.h declared
Test function put_unaligned_be24 asm/unaligned.h declared
Test function totalram_pages linux/mm.h declared
Test symbol totalram_pages linux/mm.h declared
Test member nf_ct_event_notifier.ct_event net/netfilter/nf_conntrack_ecache.h declared
Test function register_sysctl_paths linux/sysctl.h undeclared
egrep: warning: egrep is obsolescent; using grep -E
Test function strscpy linux/string.h undeclared
egrep: warning: egrep is obsolescent; using grep -E
Test function in6_pton linux/inet.h declared
mv compat_def.h- compat_def.h
Compiling 2.6 for kernel 6.11.5-arch1-1-nfcustom
make -C /usr/lib/modules/6.11.5-arch1-1-nfcustom/build M=/srv/raid/filez/builder/PACKAGES/6.11.5/ipt_netflow/src/ipt-netflow-2.6 modules
make[1]: Entering directory '/usr/lib/modules/6.11.5-arch1-1-nfcustom/build'
CC [M] /srv/raid/filez/builder/PACKAGES/6.11.5/ipt_netflow/src/ipt-netflow-2.6/ipt_NETFLOW.o
In file included from /srv/raid/filez/builder/PACKAGES/6.11.5/ipt_netflow/src/ipt-netflow-2.6/ipt_NETFLOW.c:80:
/srv/raid/filez/builder/PACKAGES/6.11.5/ipt_netflow/src/ipt-netflow-2.6/compat.h:229:9: warning: "strscpy" redefined
229 | #define strscpy strlcpy
| ^~~~~~~
In file included from ./include/linux/bitmap.h:13,
from ./include/linux/cpumask.h:12,
from ./arch/x86/include/asm/paravirt.h:21,
from ./arch/x86/include/asm/cpuid.h:62,
from ./arch/x86/include/asm/processor.h:19,
from ./arch/x86/include/asm/timex.h:5,
from ./include/linux/timex.h:67,
from ./include/linux/time32.h:13,
from ./include/linux/time.h:60,
from ./include/linux/stat.h:19,
from ./include/linux/module.h:13,
from /srv/raid/filez/builder/PACKAGES/6.11.5/ipt_netflow/src/ipt-netflow-2.6/ipt_NETFLOW.c:22:
./include/linux/string.h:108:9: note: this is the location of the previous definition
108 | #define strscpy(dst, src, ...) \
| ^~~~~~~
/srv/raid/filez/builder/PACKAGES/6.11.5/ipt_netflow/src/ipt-netflow-2.6/ipt_NETFLOW.c:1810:35: error: initialization of ‘int (*)(const struct ctl_table *, int, void *, size_t *, loff_t *)’ {aka ‘int (*)(const struct ctl_table *, int, void *, long unsigned int *, long long int *)’} from incompatible pointer type ‘int (*)(struct ctl_table *, int, void *, size_t *, loff_t *)’ {aka ‘int (*)(struct ctl_table *, int, void *, long unsigned int *, long long int *)’} [-Wincompatible-pointer-types]
1810 | .proc_handler = &hsize_procctl,
| ^
/srv/raid/filez/builder/PACKAGES/6.11.5/ipt_netflow/src/ipt-netflow-2.6/ipt_NETFLOW.c:1810:35: note: (near initialization for ‘netflow_sysctl_table[3].proc_handler’)
/srv/raid/filez/builder/PACKAGES/6.11.5/ipt_netflow/src/ipt-netflow-2.6/ipt_NETFLOW.c:1816:35: error: initialization of ‘int (*)(const struct ctl_table *, int, void *, size_t *, loff_t *)’ {aka ‘int (*)(const struct ctl_table *, int, void *, long unsigned int *, long long int *)’} from incompatible pointer type ‘int (*)(struct ctl_table *, int, void *, size_t *, loff_t *)’ {aka ‘int (*)(struct ctl_table *, int, void *, long unsigned int *, long long int *)’} [-Wincompatible-pointer-types]
1816 | .proc_handler = &sndbuf_procctl,
| ^
/srv/raid/filez/builder/PACKAGES/6.11.5/ipt_netflow/src/ipt-netflow-2.6/ipt_NETFLOW.c:1816:35: note: (near initialization for ‘netflow_sysctl_table[4].proc_handler’)
/srv/raid/filez/builder/PACKAGES/6.11.5/ipt_netflow/src/ipt-netflow-2.6/ipt_NETFLOW.c:1823:35: error: initialization of ‘int (*)(const struct ctl_table *, int, void *, size_t *, loff_t *)’ {aka ‘int (*)(const struct ctl_table *, int, void *, long unsigned int *, long long int *)’} from incompatible pointer type ‘int (*)(struct ctl_table *, int, void *, size_t *, loff_t *)’ {aka ‘int (*)(struct ctl_table *, int, void *, long unsigned int *, long long int *)’} [-Wincompatible-pointer-types]
1823 | .proc_handler = &destination_procctl,
| ^
/srv/raid/filez/builder/PACKAGES/6.11.5/ipt_netflow/src/ipt-netflow-2.6/ipt_NETFLOW.c:1823:35: note: (near initialization for ‘netflow_sysctl_table[5].proc_handler’)
/srv/raid/filez/builder/PACKAGES/6.11.5/ipt_netflow/src/ipt-netflow-2.6/ipt_NETFLOW.c:1845:35: error: initialization of ‘int (*)(const struct ctl_table *, int, void *, size_t *, loff_t *)’ {aka ‘int (*)(const struct ctl_table *, int, void *, long unsigned int *, long long int *)’} from incompatible pointer type ‘int (*)(struct ctl_table *, int, void *, size_t *, loff_t *)’ {aka ‘int (*)(struct ctl_table *, int, void *, long unsigned int *, long long int *)’} [-Wincompatible-pointer-types]
1845 | .proc_handler = &flush_procctl,
| ^
/srv/raid/filez/builder/PACKAGES/6.11.5/ipt_netflow/src/ipt-netflow-2.6/ipt_NETFLOW.c:1845:35: note: (near initialization for ‘netflow_sysctl_table[7].proc_handler’)
/srv/raid/filez/builder/PACKAGES/6.11.5/ipt_netflow/src/ipt-netflow-2.6/ipt_NETFLOW.c:1851:35: error: initialization of ‘int (*)(const struct ctl_table *, int, void *, size_t *, loff_t *)’ {aka ‘int (*)(const struct ctl_table *, int, void *, long unsigned int *, long long int *)’} from incompatible pointer type ‘int (*)(struct ctl_table *, int, void *, size_t *, loff_t *)’ {aka ‘int (*)(struct ctl_table *, int, void *, long unsigned int *, long long int *)’} [-Wincompatible-pointer-types]
1851 | .proc_handler = &protocol_procctl,
| ^
/srv/raid/filez/builder/PACKAGES/6.11.5/ipt_netflow/src/ipt-netflow-2.6/ipt_NETFLOW.c:1851:35: note: (near initialization for ‘netflow_sysctl_table[8].proc_handler’)
/srv/raid/filez/builder/PACKAGES/6.11.5/ipt_netflow/src/ipt-netflow-2.6/ipt_NETFLOW.c: In function ‘ethtool_drvinfo’:
/srv/raid/filez/builder/PACKAGES/6.11.5/ipt_netflow/src/ipt-netflow-2.6/compat.h:229:17: error: implicit declaration of function ‘strlcpy’; did you mean ‘strncpy’? [-Wimplicit-function-declaration]
229 | #define strscpy strlcpy
| ^~~~~~~
/srv/raid/filez/builder/PACKAGES/6.11.5/ipt_netflow/src/ipt-netflow-2.6/ipt_NETFLOW.c:4093:17: note: in expansion of macro ‘strscpy’
4093 | strscpy(info.driver, dev->dev.parent->driver->name, sizeof(info.driver));
| ^~~~~~~
make[3]: *** [scripts/Makefile.build:244: /srv/raid/filez/builder/PACKAGES/6.11.5/ipt_netflow/src/ipt-netflow-2.6/ipt_NETFLOW.o] Error 1
make[2]: *** [/usr/lib/modules/6.11.5-arch1-1-nfcustom/build/Makefile:1926: /srv/raid/filez/builder/PACKAGES/6.11.5/ipt_netflow/src/ipt-netflow-2.6] Error 2
make[1]: *** [Makefile:224: __sub-make] Error 2
make[1]: Leaving directory '/usr/lib/modules/6.11.5-arch1-1-nfcustom/build'
make: *** [Makefile:27: ipt_NETFLOW.ko] Error 2
==> ERROR: A failure occurred in build().
Aborting... |
I did not use the patch. only replaced strlcpy by strscpy which seems to work for ubuntu-24.04. no change needed for 22.04 |
Oops, |
* replace strlcpy with strscpy as strlcpy was removed in 6.8 * replace strtoul with simple_strtoul which exists in all kernels and is proper interface to use * inline timeval_to_jiffies to follow new kernel build rules * replace check for in{4,6}_pton to remove unneeded functions Signed-off-by: Vadim Fedorenko <vvfedorenko@github.com>
9501da1
to
eaefd3b
Compare
Added to Arch 🤳🏿 |
There are several changes in linux kernel 6.11+ which are incompatible with the module. Improve compatibility. Signed-off-by: Vadim Fedorenko <vvfedorenko@github.com>
put_unaligned_u32 was moved to linux/unaligned.h and now arch independent. Update include and gef_compat_def. Signed-off-by: Vadim Fedorenko <vvfedorenko@github.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
An alternative solution for v6.12 support can be found in #233 that works for me for all kernel versions I tested (only tried Debian packaged ones).
# Test symbol if include exists | ||
kbuild_test_symbol_include() { | ||
echo "Test file exists $KDIR/include/$2" >&2 | ||
if [ -f $KDIR/include/$2 ]; then |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Testing kernel header existence at the file system level is very fragile and does not work for all kernel versions equally well.
Also e.g. the Debian linux-headers-* packages have split up the headers into /lib/modules/X.Y.Z-amd64/build -> /usr/src/linux-headers-X.Y.Z-amd64
and /lib/modules/X.Y.Z-amd64/source -> /usr/src/linux-headers-X.Y.Z-common
I tried checking in both locations, but that didn't work either for all kernel versions.
@@ -76,12 +76,14 @@ union nf_inet_addr { | |||
# define BEFORE2632(x,y) | |||
# endif | |||
|
|||
# if LINUX_VERSION_CODE >= KERNEL_VERSION(3,17,0) | |||
# define ctl_table struct ctl_table |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This lacks support for < 3.17
--- a/compat.h
+++ b/compat.h
@@ -80,10 +80,16 @@ union nf_inet_addr {
# define s_ctl_table const struct ctl_table
# elif LINUX_VERSION_CODE >= KERNEL_VERSION(3,17,0)
# define s_ctl_table struct ctl_table
+# else
+# define s_ctl_table ctl_table
# endif
-# if !defined(HAVE_GRSECURITY_H) && LINUX_VERSION_CODE >= KERNEL_VERSION(3,17,0)
-# define ctl_table_no_const struct ctl_table
+# ifndef HAVE_GRSECURITY_H
+# if LINUX_VERSION_CODE >= KERNEL_VERSION(3,17,0)
+# define ctl_table_no_const struct ctl_table
+# else
+# define ctl_table_no_const ctl_table
+# endif
# endif
#endif
Linux 6.8:
Linux 6.11: