Add a compatibility header file for easier maintenance

author Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>

Sat, 6 Apr 2013 12:04:12 +0000 (14:04 +0200)

committer Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>

Tue, 9 Apr 2013 19:42:16 +0000 (21:42 +0200)
author Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Sat, 6 Apr 2013 12:04:12 +0000 (14:04 +0200)
committer Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Tue, 9 Apr 2013 19:42:16 +0000 (21:42 +0200)
diff --git a/kernel/include/linux/netfilter/ipset/ip_set.h b/kernel/include/linux/netfilter/ipset/ip_set.h

index 79c4f22f4ec86f128c9c3fac70f2a250da95fb74..350178d997c24c4372a887bd0a196cbe33870a83 100644 (file)
--- a/kernel/include/linux/netfilter/ipset/ip_set.h
+++ b/kernel/include/linux/netfilter/ipset/ip_set.h
@@ -17,13 +17,9 @@
  #include <linux/netfilter/x_tables.h>
  #include <linux/stringify.h>
  #include <linux/vmalloc.h>
-#include <linux/version.h>
  #include <net/netlink.h>
  #include <uapi/linux/netfilter/ipset/ip_set.h>
-
-#if LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 35)
-#define xt_action_param        xt_match_param
-#endif
+#include <linux/netfilter/ipset/ip_set_compat.h>
  
  #define _IP_SET_MODULE_DESC(a, b, c)           \
         MODULE_DESCRIPTION(a " type of IP sets, revisions " b "-" c)
@@ -234,28 +230,6 @@ ip_set_get_h16(const struct nlattr *attr)
  #define ipset_nest_start(skb, attr) nla_nest_start(skb, attr | NLA_F_NESTED)
  #define ipset_nest_end(skb, start)  nla_nest_end(skb, start)
  
-#ifdef NLA_PUT_NET16
-static inline int nla_put_be16(struct sk_buff *skb, int attrtype, __be16 value)
-{
-       return nla_put(skb, attrtype, sizeof(__be16), &value);
-}
-
-static inline int nla_put_net16(struct sk_buff *skb, int attrtype, __be16 value)
-{
-       return nla_put_be16(skb, attrtype | NLA_F_NET_BYTEORDER, value);
-}
-
-static inline int nla_put_be32(struct sk_buff *skb, int attrtype, __be32 value)
-{
-       return nla_put(skb, attrtype, sizeof(__be32), &value);
-}
-
-static inline int nla_put_net32(struct sk_buff *skb, int attrtype, __be32 value)
-{
-       return nla_put_be32(skb, attrtype | NLA_F_NET_BYTEORDER, value);
-}
-#endif
-
  static inline int nla_put_ipaddr4(struct sk_buff *skb, int type, __be32 ipaddr)
  {
         struct nlattr *__nested = ipset_nest_start(skb, type);
diff --git a/kernel/include/linux/netfilter/ipset/ip_set_ahash.h b/kernel/include/linux/netfilter/ipset/ip_set_ahash.h

index 5d3645364b8a7620fc8853be71431a5c0619840b..0214c4c146faab0dad0a339dcd098124245dbe37 100644 (file)
--- a/kernel/include/linux/netfilter/ipset/ip_set_ahash.h
+++ b/kernel/include/linux/netfilter/ipset/ip_set_ahash.h
@@ -4,9 +4,6 @@
  #include <linux/rcupdate.h>
  #include <linux/jhash.h>
  #include <linux/netfilter/ipset/ip_set_timeout.h>
-#ifndef rcu_dereference_bh
-#define rcu_dereference_bh(p)  rcu_dereference(p)
-#endif
  
  #define CONCAT(a, b, c)                a##b##c
  #define TOKEN(a, b, c)         CONCAT(a, b, c)
diff --git a/kernel/include/linux/netfilter/ipset/ip_set_compat.h b/kernel/include/linux/netfilter/ipset/ip_set_compat.h

new file mode 100644 (file)

index 0000000..940a3c3
--- /dev/null
+++ b/kernel/include/linux/netfilter/ipset/ip_set_compat.h
@@ -0,0 +1,82 @@
+#ifndef __IP_SET_COMPAT_H
+#define __IP_SET_COMPAT_H
+
+/* Not everything could be moved here. Compatibility stuffs can be found in
+ * xt_set.c, ip_set_core.c, ip_set_getport.c, pfxlen.c too.
+ */
+
+#include <linux/version.h>
+#include <linux/netlink.h>
+
+#ifndef rcu_dereference_bh
+#define rcu_dereference_bh(p)          rcu_dereference(p)
+#endif
+
+#ifndef rcu_dereference_protected
+#define rcu_dereference_protected(p, c)        rcu_dereference(p)
+#endif
+
+#ifndef __rcu
+#define        __rcu
+#endif
+
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 35)
+#define xt_action_param                xt_match_param
+#endif
+
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 37)
+#define vzalloc(size)          __vmalloc(size,\
+                                         GFP_KERNEL|__GFP_ZERO|__GFP_HIGHMEM,\
+                                         PAGE_KERNEL)
+#endif
+
+#if LINUX_VERSION_CODE < KERNEL_VERSION(3, 5, 0)
+#include <linux/etherdevice.h>
+
+static inline bool ether_addr_equal(const u8 *addr1, const u8 *addr2)
+{
+       return !compare_ether_addr(addr1, addr2);
+}
+#endif
+
+#if LINUX_VERSION_CODE < KERNEL_VERSION(3, 7, 0)
+#define NETLINK_PORTID(skb)    NETLINK_CB(skb).pid
+#else
+#define NETLINK_PORTID(skb)    NETLINK_CB(skb).portid
+#endif
+
+#if LINUX_VERSION_CODE < KERNEL_VERSION(3, 8, 0)
+#define ns_capable(ns, cap)    capable(cap)
+#endif
+
+#if LINUX_VERSION_CODE < KERNEL_VERSION(3, 9, 0)
+#define lock_nfnl()            nfnl_lock()
+#define unlock_nfnl()          nfnl_unlock()
+#else
+#define lock_nfnl()            nfnl_lock(NFNL_SUBSYS_IPSET)
+#define unlock_nfnl()          nfnl_unlock(NFNL_SUBSYS_IPSET)
+#endif
+
+#ifdef NLA_PUT_NET16
+static inline int nla_put_be16(struct sk_buff *skb, int attrtype, __be16 value)
+{
+       return nla_put(skb, attrtype, sizeof(__be16), &value);
+}
+
+static inline int nla_put_net16(struct sk_buff *skb, int attrtype, __be16 value)
+{
+       return nla_put_be16(skb, attrtype | NLA_F_NET_BYTEORDER, value);
+}
+
+static inline int nla_put_be32(struct sk_buff *skb, int attrtype, __be32 value)
+{
+       return nla_put(skb, attrtype, sizeof(__be32), &value);
+}
+
+static inline int nla_put_net32(struct sk_buff *skb, int attrtype, __be32 value)
+{
+       return nla_put_be32(skb, attrtype | NLA_F_NET_BYTEORDER, value);
+}
+#endif
+
+#endif /* __IP_SET_COMPAT_H */
diff --git a/kernel/net/netfilter/ipset/ip_set_bitmap_ipmac.c b/kernel/net/netfilter/ipset/ip_set_bitmap_ipmac.c

index 0073b09f3eef21ba0b5fa5873969bf824ea520f2..0f92dc24cb894bfa0674c2b3f6dca970d7615c64 100644 (file)
--- a/kernel/net/netfilter/ipset/ip_set_bitmap_ipmac.c
+++ b/kernel/net/netfilter/ipset/ip_set_bitmap_ipmac.c
@@ -19,7 +19,6 @@
  #include <linux/netlink.h>
  #include <linux/jiffies.h>
  #include <linux/timer.h>
-#include <linux/version.h>
  #include <net/netlink.h>
  
  #include <linux/netfilter/ipset/pfxlen.h>
@@ -35,14 +34,6 @@ MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>");
  IP_SET_MODULE_DESC("bitmap:ip,mac", REVISION_MIN, REVISION_MAX);
  MODULE_ALIAS("ip_set_bitmap:ip,mac");
  
-/* Backport ether_addr_equal */
-#if LINUX_VERSION_CODE < KERNEL_VERSION(3, 5, 0)
-static inline bool ether_addr_equal(const u8 *addr1, const u8 *addr2)
-{
-       return !compare_ether_addr(addr1, addr2);
-}
-#endif
-
  enum {
         MAC_EMPTY,              /* element is not set */
         MAC_FILLED,             /* element is set with MAC */
diff --git a/kernel/net/netfilter/ipset/ip_set_core.c b/kernel/net/netfilter/ipset/ip_set_core.c

index 7345280ea851cddf0a73e2d27a296c6e0821fb80..d14bd219723e449c4155a2c8c61be583734b55a7 100644 (file)
--- a/kernel/net/netfilter/ipset/ip_set_core.c
+++ b/kernel/net/netfilter/ipset/ip_set_core.c
@@ -17,9 +17,6 @@
  #include <linux/spinlock.h>
  #include <linux/netlink.h>
  #include <linux/rculist.h>
-#ifndef IPSET_IN_KERNEL_TREE
-#include <linux/version.h>
-#endif
  #include <net/netlink.h>
  
  #include <linux/netfilter.h>
@@ -31,11 +28,7 @@ static LIST_HEAD(ip_set_type_list);          /* all registered set types */
  static DEFINE_MUTEX(ip_set_type_mutex);                /* protects ip_set_type_list */
  static DEFINE_RWLOCK(ip_set_ref_lock);         /* protects the set refs */
  
-#ifdef __rcu
  static struct ip_set * __rcu *ip_set_list;     /* all individual sets */
-#else
-static struct ip_set **ip_set_list;            /* all individual sets */
-#endif
  static ip_set_id_t ip_set_max = CONFIG_IP_SET_MAX; /* max number of sets */
  
  #define IP_SET_INC     64
@@ -55,10 +48,6 @@ MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>");
  IP_SET_CORE_MODULE_DESC(PACKAGE_VERSION);
  MODULE_ALIAS_NFNL_SUBSYS(NFNL_SUBSYS_IPSET);
  
-#ifndef rcu_dereference_protected
-#define rcu_dereference_protected(p, c)        rcu_dereference(p)
-#endif
-
  /* When the nfnl mutex is held: */
  #define nfnl_dereference(p)            \
         rcu_dereference_protected(p, 1)
@@ -104,14 +93,14 @@ find_set_type(const char *name, u8 family, u8 revision)
  static bool
  load_settype(const char *name)
  {
-       nfnl_unlock();
+       unlock_nfnl();
         pr_debug("try to load ip_set_%s\n", name);
         if (request_module("ip_set_%s", name) < 0) {
                 pr_warning("Can't find ip_set type %s\n", name);
-               nfnl_lock();
+               lock_nfnl();
                 return false;
         }
-       nfnl_lock();
+       lock_nfnl();
         return true;
  }
  
@@ -263,12 +252,7 @@ ip_set_alloc(size_t size)
                 return members;
         }
  
-#if LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 37)
-       members = __vmalloc(size, GFP_KERNEL | __GFP_ZERO | __GFP_HIGHMEM,
-                           PAGE_KERNEL);
-#else
         members = vzalloc(size);
-#endif
         if (!members)
                 return NULL;
         pr_debug("%p: allocated with vmalloc\n", members);
@@ -553,7 +537,7 @@ ip_set_nfnl_get(const char *name)
         ip_set_id_t i, index = IPSET_INVALID_ID;
         struct ip_set *s;
  
-       nfnl_lock();
+       lock_nfnl();
         for (i = 0; i < ip_set_max; i++) {
                 s = nfnl_set(i);
                 if (s != NULL && STREQ(s->name, name)) {
@@ -562,7 +546,7 @@ ip_set_nfnl_get(const char *name)
                         break;
                 }
         }
-       nfnl_unlock();
+       unlock_nfnl();
  
         return index;
  }
@@ -582,13 +566,13 @@ ip_set_nfnl_get_byindex(ip_set_id_t index)
         if (index > ip_set_max)
                 return IPSET_INVALID_ID;
  
-       nfnl_lock();
+       lock_nfnl();
         set = nfnl_set(index);
         if (set)
                 __ip_set_get(set);
         else
                 index = IPSET_INVALID_ID;
-       nfnl_unlock();
+       unlock_nfnl();
  
         return index;
  }
@@ -605,11 +589,11 @@ void
  ip_set_nfnl_put(ip_set_id_t index)
  {
         struct ip_set *set;
-       nfnl_lock();
+       lock_nfnl();
         set = nfnl_set(index);
         if (set != NULL)
                 __ip_set_put(set);
-       nfnl_unlock();
+       unlock_nfnl();
  }
  EXPORT_SYMBOL_GPL(ip_set_nfnl_put);
  
@@ -633,13 +617,13 @@ flag_exist(const struct nlmsghdr *nlh)
  }
  
  static struct nlmsghdr *
-start_msg(struct sk_buff *skb, u32 pid, u32 seq, unsigned int flags,
+start_msg(struct sk_buff *skb, u32 portid, u32 seq, unsigned int flags,
           enum ipset_cmd cmd)
  {
         struct nlmsghdr *nlh;
         struct nfgenmsg *nfmsg;
  
-       nlh = nlmsg_put(skb, pid, seq, cmd | (NFNL_SUBSYS_IPSET << 8),
+       nlh = nlmsg_put(skb, portid, seq, cmd | (NFNL_SUBSYS_IPSET << 8),
                         sizeof(*nfmsg), flags);
         if (nlh == NULL)
                 return NULL;
@@ -1143,12 +1127,6 @@ dump_init(struct netlink_callback *cb)
         return 0;
  }
  
-#if LINUX_VERSION_CODE < KERNEL_VERSION(3, 7, 0)
-#define NETLINK_PORTID(skb)    NETLINK_CB(skb).pid
-#else
-#define NETLINK_PORTID(skb)    NETLINK_CB(skb).portid
-#endif
-
  static int
  ip_set_dump_start(struct sk_buff *skb, struct netlink_callback *cb)
  {
@@ -1753,7 +1731,7 @@ ip_set_sockfn_get(struct sock *sk, int optval, void __user *user, int *len)
         void *data;
         int copylen = *len, ret = 0;
  
-       if (!capable(CAP_NET_ADMIN))
+       if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN))
                 return -EPERM;
         if (optval != SO_IP_SET)
                 return -EBADF;
@@ -1801,10 +1779,10 @@ ip_set_sockfn_get(struct sock *sk, int optval, void __user *user, int *len)
                         goto done;
                 }
                 req_get->set.name[IPSET_MAXNAMELEN - 1] = '\0';
-               nfnl_lock();
+               lock_nfnl();
                 find_set_and_id(req_get->set.name, &id);
                 req_get->set.index = id;
-               nfnl_unlock();
+               unlock_nfnl();
                 goto copy;
         }
         case IP_SET_OP_GET_BYINDEX: {
@@ -1816,11 +1794,11 @@ ip_set_sockfn_get(struct sock *sk, int optval, void __user *user, int *len)
                         ret = -EINVAL;
                         goto done;
                 }
-               nfnl_lock();
+               lock_nfnl();
                 set = nfnl_set(req_get->set.index);
                 strncpy(req_get->set.name, set ? set->name : "",
                         IPSET_MAXNAMELEN);
-               nfnl_unlock();
+               unlock_nfnl();
                 goto copy;
         }
         default:
diff --git a/kernel/net/netfilter/xt_set.c b/kernel/net/netfilter/xt_set.c

index 737497eeff435e7fd06ef0e8f5af8b00db27c4dc..1472aad705d87b2cf78bac157326a5bd0edae31e 100644 (file)
--- a/kernel/net/netfilter/xt_set.c
+++ b/kernel/net/netfilter/xt_set.c
@@ -15,8 +15,9 @@
  #include <linux/skbuff.h>
  
  #include <linux/netfilter/x_tables.h>
-#include <linux/netfilter/xt_set.h>
+#include <linux/netfilter/ipset/ip_set.h>
  #include <linux/netfilter/ipset/ip_set_timeout.h>
+#include <uapi/linux/netfilter/xt_set.h>
  
  MODULE_LICENSE("GPL");
  MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>");
author	Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
	Sat, 6 Apr 2013 12:04:12 +0000 (14:04 +0200)
committer	Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
	Tue, 9 Apr 2013 19:42:16 +0000 (21:42 +0200)
kernel/include/linux/netfilter/ipset/ip_set.h		patch \| blob \| history
kernel/include/linux/netfilter/ipset/ip_set_ahash.h		patch \| blob \| history
kernel/include/linux/netfilter/ipset/ip_set_compat.h	[new file with mode: 0644]	patch \| blob
kernel/net/netfilter/ipset/ip_set_bitmap_ipmac.c		patch \| blob \| history
kernel/net/netfilter/ipset/ip_set_core.c		patch \| blob \| history
kernel/net/netfilter/xt_set.c		patch \| blob \| history