ipt_NETFLOW: add compatibility with 6.8+ (include 6.11) #230
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
as per #227, strlcopy can just be replaced by strscpy |
vvfedorenko
force-pushed
the
linux-6.9-support
branch
from
3069463 to
49c939c
Compare
Except that strscpy doesn't exist till linux 4.3. but you might be right, it's better to switch to safe modern implementation. I'll make it |
vvfedorenko
force-pushed
the
linux-6.9-support
branch
from
49c939c to
9501da1
Compare
|
@aabc could you please merge it? |
|
@juju4 this patch works for you? For me - still have issues ==> Starting build()...
./gen_compat_def > compat_def.h-
Test function xt_family linux/netfilter_ipv4/ip_tables.h declared
Test struct timeval linux/ktime.h undeclared
egrep: warning: egrep is obsolescent; using grep -E
Test struct proc_ops linux/proc_fs.h declared
Test function synchronize_sched linux/rcupdate.h undeclared
egrep: warning: egrep is obsolescent; using grep -E
Test function nf_bridge_info_get linux/netfilter_bridge.h declared
Test struct vlan_dev_priv linux/if_vlan.h declared
Test function put_unaligned_be24 asm/unaligned.h declared
Test function totalram_pages linux/mm.h declared
Test symbol totalram_pages linux/mm.h declared
Test member nf_ct_event_notifier.ct_event net/netfilter/nf_conntrack_ecache.h declared
Test function register_sysctl_paths linux/sysctl.h undeclared
egrep: warning: egrep is obsolescent; using grep -E
Test function strscpy linux/string.h undeclared
egrep: warning: egrep is obsolescent; using grep -E
Test function in6_pton linux/inet.h declared
mv compat_def.h- compat_def.h
Compiling 2.6 for kernel 6.11.5-arch1-1-nfcustom
make -C /usr/lib/modules/6.11.5-arch1-1-nfcustom/build M=/srv/raid/filez/builder/PACKAGES/6.11.5/ipt_netflow/src/ipt-netflow-2.6 modules
make[1]: Entering directory '/usr/lib/modules/6.11.5-arch1-1-nfcustom/build'
CC [M] /srv/raid/filez/builder/PACKAGES/6.11.5/ipt_netflow/src/ipt-netflow-2.6/ipt_NETFLOW.o
In file included from /srv/raid/filez/builder/PACKAGES/6.11.5/ipt_netflow/src/ipt-netflow-2.6/ipt_NETFLOW.c:80:
/srv/raid/filez/builder/PACKAGES/6.11.5/ipt_netflow/src/ipt-netflow-2.6/compat.h:229:9: warning: "strscpy" redefined
229 | #define strscpy strlcpy
| ^~~~~~~
In file included from ./include/linux/bitmap.h:13,
from ./include/linux/cpumask.h:12,
from ./arch/x86/include/asm/paravirt.h:21,
from ./arch/x86/include/asm/cpuid.h:62,
from ./arch/x86/include/asm/processor.h:19,
from ./arch/x86/include/asm/timex.h:5,
from ./include/linux/timex.h:67,
from ./include/linux/time32.h:13,
from ./include/linux/time.h:60,
from ./include/linux/stat.h:19,
from ./include/linux/module.h:13,
from /srv/raid/filez/builder/PACKAGES/6.11.5/ipt_netflow/src/ipt-netflow-2.6/ipt_NETFLOW.c:22:
./include/linux/string.h:108:9: note: this is the location of the previous definition
108 | #define strscpy(dst, src, ...) \
| ^~~~~~~
/srv/raid/filez/builder/PACKAGES/6.11.5/ipt_netflow/src/ipt-netflow-2.6/ipt_NETFLOW.c:1810:35: error: initialization of ‘int (*)(const struct ctl_table *, int, void *, size_t *, loff_t *)’ {aka ‘int (*)(const struct ctl_table *, int, void *, long unsigned int *, long long int *)’} from incompatible pointer type ‘int (*)(struct ctl_table *, int, void *, size_t *, loff_t *)’ {aka ‘int (*)(struct ctl_table *, int, void *, long unsigned int *, long long int *)’} [-Wincompatible-pointer-types]
1810 | .proc_handler = &hsize_procctl,
| ^
/srv/raid/filez/builder/PACKAGES/6.11.5/ipt_netflow/src/ipt-netflow-2.6/ipt_NETFLOW.c:1810:35: note: (near initialization for ‘netflow_sysctl_table[3].proc_handler’)
/srv/raid/filez/builder/PACKAGES/6.11.5/ipt_netflow/src/ipt-netflow-2.6/ipt_NETFLOW.c:1816:35: error: initialization of ‘int (*)(const struct ctl_table *, int, void *, size_t *, loff_t *)’ {aka ‘int (*)(const struct ctl_table *, int, void *, long unsigned int *, long long int *)’} from incompatible pointer type ‘int (*)(struct ctl_table *, int, void *, size_t *, loff_t *)’ {aka ‘int (*)(struct ctl_table *, int, void *, long unsigned int *, long long int *)’} [-Wincompatible-pointer-types]
1816 | .proc_handler = &sndbuf_procctl,
| ^
/srv/raid/filez/builder/PACKAGES/6.11.5/ipt_netflow/src/ipt-netflow-2.6/ipt_NETFLOW.c:1816:35: note: (near initialization for ‘netflow_sysctl_table[4].proc_handler’)
/srv/raid/filez/builder/PACKAGES/6.11.5/ipt_netflow/src/ipt-netflow-2.6/ipt_NETFLOW.c:1823:35: error: initialization of ‘int (*)(const struct ctl_table *, int, void *, size_t *, loff_t *)’ {aka ‘int (*)(const struct ctl_table *, int, void *, long unsigned int *, long long int *)’} from incompatible pointer type ‘int (*)(struct ctl_table *, int, void *, size_t *, loff_t *)’ {aka ‘int (*)(struct ctl_table *, int, void *, long unsigned int *, long long int *)’} [-Wincompatible-pointer-types]
1823 | .proc_handler = &destination_procctl,
| ^
/srv/raid/filez/builder/PACKAGES/6.11.5/ipt_netflow/src/ipt-netflow-2.6/ipt_NETFLOW.c:1823:35: note: (near initialization for ‘netflow_sysctl_table[5].proc_handler’)
/srv/raid/filez/builder/PACKAGES/6.11.5/ipt_netflow/src/ipt-netflow-2.6/ipt_NETFLOW.c:1845:35: error: initialization of ‘int (*)(const struct ctl_table *, int, void *, size_t *, loff_t *)’ {aka ‘int (*)(const struct ctl_table *, int, void *, long unsigned int *, long long int *)’} from incompatible pointer type ‘int (*)(struct ctl_table *, int, void *, size_t *, loff_t *)’ {aka ‘int (*)(struct ctl_table *, int, void *, long unsigned int *, long long int *)’} [-Wincompatible-pointer-types]
1845 | .proc_handler = &flush_procctl,
| ^
/srv/raid/filez/builder/PACKAGES/6.11.5/ipt_netflow/src/ipt-netflow-2.6/ipt_NETFLOW.c:1845:35: note: (near initialization for ‘netflow_sysctl_table[7].proc_handler’)
/srv/raid/filez/builder/PACKAGES/6.11.5/ipt_netflow/src/ipt-netflow-2.6/ipt_NETFLOW.c:1851:35: error: initialization of ‘int (*)(const struct ctl_table *, int, void *, size_t *, loff_t *)’ {aka ‘int (*)(const struct ctl_table *, int, void *, long unsigned int *, long long int *)’} from incompatible pointer type ‘int (*)(struct ctl_table *, int, void *, size_t *, loff_t *)’ {aka ‘int (*)(struct ctl_table *, int, void *, long unsigned int *, long long int *)’} [-Wincompatible-pointer-types]
1851 | .proc_handler = &protocol_procctl,
| ^
/srv/raid/filez/builder/PACKAGES/6.11.5/ipt_netflow/src/ipt-netflow-2.6/ipt_NETFLOW.c:1851:35: note: (near initialization for ‘netflow_sysctl_table[8].proc_handler’)
/srv/raid/filez/builder/PACKAGES/6.11.5/ipt_netflow/src/ipt-netflow-2.6/ipt_NETFLOW.c: In function ‘ethtool_drvinfo’:
/srv/raid/filez/builder/PACKAGES/6.11.5/ipt_netflow/src/ipt-netflow-2.6/compat.h:229:17: error: implicit declaration of function ‘strlcpy’; did you mean ‘strncpy’? [-Wimplicit-function-declaration]
229 | #define strscpy strlcpy
| ^~~~~~~
/srv/raid/filez/builder/PACKAGES/6.11.5/ipt_netflow/src/ipt-netflow-2.6/ipt_NETFLOW.c:4093:17: note: in expansion of macro ‘strscpy’
4093 | strscpy(info.driver, dev->dev.parent->driver->name, sizeof(info.driver));
| ^~~~~~~
make[3]: *** [scripts/Makefile.build:244: /srv/raid/filez/builder/PACKAGES/6.11.5/ipt_netflow/src/ipt-netflow-2.6/ipt_NETFLOW.o] Error 1
make[2]: *** [/usr/lib/modules/6.11.5-arch1-1-nfcustom/build/Makefile:1926: /srv/raid/filez/builder/PACKAGES/6.11.5/ipt_netflow/src/ipt-netflow-2.6] Error 2
make[1]: *** [Makefile:224: __sub-make] Error 2
make[1]: Leaving directory '/usr/lib/modules/6.11.5-arch1-1-nfcustom/build'
make: *** [Makefile:27: ipt_NETFLOW.ko] Error 2
==> ERROR: A failure occurred in build().
Aborting... |
I did not use the patch. only replaced strlcpy by strscpy which seems to work for ubuntu-24.04. no change needed for 22.04 |
|
Oops, |
* replace strlcpy with strscpy as strlcpy was removed in 6.8
* replace strtoul with simple_strtoul which exists in all kernels and is
proper interface to use
* inline timeval_to_jiffies to follow new kernel build rules
* replace check for in{4,6}_pton to remove unneeded functions
Signed-off-by: Vadim Fedorenko <vvfedorenko@github.com>
vvfedorenko
force-pushed
the
linux-6.9-support
branch
from
9501da1 to
eaefd3b
Compare
Added to Arch 🤳🏿 |
There are several changes in linux kernel 6.11+ which are incompatible with the module. Improve compatibility. Signed-off-by: Vadim Fedorenko <vvfedorenko@github.com>
vvfedorenko
changed the title
put_unaligned_u32 was moved to linux/unaligned.h and now arch independent. Update include and gef_compat_def. Signed-off-by: Vadim Fedorenko <vvfedorenko@github.com>
anbe42
suggested changes
Mar 7, 2025
| # Test symbol if include exists | ||
| kbuild_test_symbol_include() { | ||
| echo "Test file exists $KDIR/include/$2" >&2 | ||
| if [ -f $KDIR/include/$2 ]; then |
There was a problem hiding this comment.
Testing kernel header existence at the file system level is very fragile and does not work for all kernel versions equally well.
Also e.g. the Debian linux-headers-* packages have split up the headers into /lib/modules/X.Y.Z-amd64/build -> /usr/src/linux-headers-X.Y.Z-amd64 and /lib/modules/X.Y.Z-amd64/source -> /usr/src/linux-headers-X.Y.Z-common
I tried checking in both locations, but that didn't work either for all kernel versions.
| @@ -76,12 +76,14 @@ union nf_inet_addr { | |||
| # define BEFORE2632(x,y) | |||
| # endif | |||
|
|
|||
| # if LINUX_VERSION_CODE >= KERNEL_VERSION(3,17,0) | |||
| # define ctl_table struct ctl_table | |||
There was a problem hiding this comment.
This lacks support for < 3.17
--- a/compat.h
+++ b/compat.h
@@ -80,10 +80,16 @@ union nf_inet_addr {
# define s_ctl_table const struct ctl_table
# elif LINUX_VERSION_CODE >= KERNEL_VERSION(3,17,0)
# define s_ctl_table struct ctl_table
+# else
+# define s_ctl_table ctl_table
# endif
-# if !defined(HAVE_GRSECURITY_H) && LINUX_VERSION_CODE >= KERNEL_VERSION(3,17,0)
-# define ctl_table_no_const struct ctl_table
+# ifndef HAVE_GRSECURITY_H
+# if LINUX_VERSION_CODE >= KERNEL_VERSION(3,17,0)
+# define ctl_table_no_const struct ctl_table
+# else
+# define ctl_table_no_const ctl_table
+# endif
# endif
#endif
# for free
to join this conversation on GitHub.
Already have an account?
# to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Linux 6.8:
Linux 6.11: