Kernel version compatibility: support from 2.6.34

The basic kernel compatibility issues are verified back to 2.6.24.
The minimal supported kernel version had to be bumped from 2.6.31 to 2.6.34.

diff --git a/Makefile.am b/Makefile.am
index ab552dc16e028a9f292ea771fb9be1fde1850675..7d91b8f36512987fc88647fb78f02e2283b7e0e1 100644 (file)
--- a/Makefile.am
+++ b/Makefile.am
@@ -24,9 +24,7 @@ SUBDIRS               = lib src
 
 modules:
        ${MAKE} -C $(KBUILD_OUTPUT) M=$$PWD/kernel V=$V \
-                       IP_SET_MAX=$(IP_SET_MAX) \
-                       NETLINK_DUMP_CONST=$(NETLINK_DUMP_CONST) \
-                       NFNL_CB_CONST=$(NFNL_CB_CONST) modules
+                       IP_SET_MAX=$(IP_SET_MAX) modules
 
 modules_install:
        ${MAKE} -C $(KBUILD_OUTPUT) M=$$PWD/kernel modules_install

diff --git a/README b/README
index 1948f64dbeb14be5cf994cc752994777238eb43d..b680f69367e104051202fa275fef35b59dddda2a 100644 (file)
--- a/README
+++ b/README
@@ -1,11 +1,12 @@
 This is the ipset source tree. Follow the next steps to install ipset:
 
-0. You need the source tree of your kernel (version >= 2.6.31)
+0. You need the source tree of your kernel (version >= 2.6.34)
    and it have to be configured with ip6tables support enabled,
    modules compiled. Please apply the netlink.patch against your kernel
    tree, which adds the new subsystem identifier for ipset.
 
-   Recompile and install the patched kernel and its modules.
+   Recompile and install the patched kernel and its modules. Please note,
+   you have to run the patched kernel for ipset to work.
 
    The ipset source code depends on the libmnl library so the library
    must be installed. You can download the libmnl library from

diff --git a/check_const b/check_const
index c26b566ed3d3ce2aa51eea6b88ce44cc424eb198..61b9f315c45a7164685dc6abb2c4e3e26b620c48 100755 (executable)
--- a/check_const
+++ b/check_const
@@ -1,7 +1,7 @@
 #! /usr/bin/awk -f
 
-# nfnetlink.h && netlink.h
-
+# include/linux/nfnetlink.h: nfnl_callback
+# include/linux/netlink.h: netlink_dump_start
 { if (/^(struct nfnl_callback|extern int netlink_dump)/) { check=1 } }
 { if (check == 1 && /(^};|...\);)/) { check=0 } }
 

diff --git a/configure.ac b/configure.ac
index f8b920a333cf2f3a4d8421c38dafb4a29d10a1e3..a66610ec9ab771cdb6a37e55b53629460d87d083 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -61,14 +61,6 @@ then
        AC_MSG_ERROR([The kernel source directory $ksourcedir is not patched with netlink.patch to support ipset])
 fi
 
-dnl Check kernel dependencies: nfnetlink.h
-NFNL_CB_CONST="`./check_const $ksourcedir/include/linux/netfilter/nfnetlink.h`"
-AC_SUBST(NFNL_CB_CONST)
-
-dnl Check kernel dependencies: netlink.h
-NETLINK_DUMP_CONST="`./check_const $ksourcedir/include/linux/netlink.h`"
-AC_SUBST(NETLINK_DUMP_CONST)
-
 dnl Maximal number of sets supported by the kernel, default 256
 AC_ARG_WITH([maxsets],
            AS_HELP_STRING([--with-maxsets=256],

diff --git a/kernel/Kbuild b/kernel/Kbuild
index 312456912ebaa17a9b33dcbb798b1d5afc139cf1..dca009ad7553276a0c12808ceb74b7dbd5fcb6f1 100644 (file)
--- a/kernel/Kbuild
+++ b/kernel/Kbuild
@@ -1,7 +1,5 @@
 EXTRA_CFLAGS := -I$(M)/include \
-       -DCONFIG_IP_SET_MAX=$(IP_SET_MAX) \
-       -DNETLINK_DUMP_CONST=$(NETLINK_DUMP_CONST) \
-       -DNFNL_CB_CONST=$(NFNL_CB_CONST)
+       -DCONFIG_IP_SET_MAX=$(IP_SET_MAX)
 
 obj-m += ip_set.o xt_set.o
 obj-m += ip_set_bitmap_ip.o ip_set_bitmap_ipmac.o ip_set_bitmap_port.o

diff --git a/kernel/include/linux/netfilter/ipset/ip_set_ahash.h b/kernel/include/linux/netfilter/ipset/ip_set_ahash.h
index 7e0af3d89fcec4b7a9f388d97e8babfb5e8400f9..b7029e13b513ddf88dd08b2a3ac4066b2e85b02a 100644 (file)
--- a/kernel/include/linux/netfilter/ipset/ip_set_ahash.h
+++ b/kernel/include/linux/netfilter/ipset/ip_set_ahash.h
@@ -578,8 +578,8 @@ nla_put_failure:
        nlmsg_trim(skb, incomplete);
        ipset_nest_end(skb, atd);
        if (unlikely(first == cb->args[2])) {
-               pr_warn("Can't list set %s: one bucket does not fit into "
-                       "a message. Please report it!\n", set->name);
+               pr_warning("Can't list set %s: one bucket does not fit into "
+                          "a message. Please report it!\n", set->name);
                cb->args[2] = 0;
        }
        return 0;
@@ -979,8 +979,8 @@ nla_put_failure:
        nlmsg_trim(skb, incomplete);
        ipset_nest_end(skb, atd);
        if (unlikely(first == cb->args[2])) {
-               pr_warn("Can't list set %s: one bucket does not fit into "
-                       "a message. Please report it!\n", set->name);
+               pr_warning("Can't list set %s: one bucket does not fit into "
+                          "a message. Please report it!\n", set->name);
                cb->args[2] = 0;
        }
        return 0;

diff --git a/kernel/ip_set.c b/kernel/ip_set.c
index e890bf874b706bb915ada53b7b029892e12b871e..6d353d9ef0b1a56f4f57651ae831639c7f60158f 100644 (file)
--- a/kernel/ip_set.c
+++ b/kernel/ip_set.c
@@ -707,7 +707,7 @@ EXPORT_SYMBOL_GPL(ip_set_nfnl_put);
  */
 
 static inline bool
-protocol_failed(NFNL_CB_CONST struct nlattr * NFNL_CB_CONST tb[])
+protocol_failed(const struct nlattr * const tb[])
 {
        return !tb[IPSET_ATTR_PROTOCOL]
               || nla_get_u8(tb[IPSET_ATTR_PROTOCOL]) != IPSET_PROTOCOL;
@@ -811,8 +811,8 @@ load_type_module(const char *typename)
 
 static int
 ip_set_create(struct sock *ctnl, struct sk_buff *skb,
-             NFNL_CB_CONST struct nlmsghdr *nlh,
-             NFNL_CB_CONST struct nlattr * NFNL_CB_CONST attr[])
+             const struct nlmsghdr *nlh,
+             const struct nlattr * const attr[])
 {
        struct ip_set *set, *clash;
        ip_set_id_t index = IPSET_INVALID_ID;
@@ -950,8 +950,8 @@ ip_set_destroy_set(ip_set_id_t index)
 
 static int
 ip_set_destroy(struct sock *ctnl, struct sk_buff *skb,
-              NFNL_CB_CONST struct nlmsghdr *nlh,
-              NFNL_CB_CONST struct nlattr * NFNL_CB_CONST attr[])
+              const struct nlmsghdr *nlh,
+              const struct nlattr * const attr[])
 {
        ip_set_id_t i;
 
@@ -995,8 +995,8 @@ ip_set_flush_set(struct ip_set *set)
 
 static int
 ip_set_flush(struct sock *ctnl, struct sk_buff *skb,
-            NFNL_CB_CONST struct nlmsghdr *nlh,
-            NFNL_CB_CONST struct nlattr * NFNL_CB_CONST attr[])
+            const struct nlmsghdr *nlh,
+            const struct nlattr * const attr[])
 {
        ip_set_id_t i;
 
@@ -1031,8 +1031,8 @@ ip_set_setname2_policy[IPSET_ATTR_CMD_MAX + 1] = {
 
 static int
 ip_set_rename(struct sock *ctnl, struct sk_buff *skb,
-             NFNL_CB_CONST struct nlmsghdr *nlh,
-             NFNL_CB_CONST struct nlattr * NFNL_CB_CONST attr[])
+             const struct nlmsghdr *nlh,
+             const struct nlattr * const attr[])
 {
        struct ip_set *set;
        const char *name2;
@@ -1071,8 +1071,8 @@ ip_set_rename(struct sock *ctnl, struct sk_buff *skb,
 
 static int
 ip_set_swap(struct sock *ctnl, struct sk_buff *skb,
-           NFNL_CB_CONST struct nlmsghdr *nlh,
-           NFNL_CB_CONST struct nlattr * NFNL_CB_CONST attr[])
+           const struct nlmsghdr *nlh,
+           const struct nlattr * const attr[])
 {
        struct ip_set *from, *to;
        ip_set_id_t from_id, to_id;
@@ -1292,8 +1292,8 @@ out:
 
 static int
 ip_set_dump(struct sock *ctnl, struct sk_buff *skb,
-           NFNL_CB_CONST struct nlmsghdr *nlh,
-           NFNL_CB_CONST struct nlattr * NFNL_CB_CONST attr[])
+           const struct nlmsghdr *nlh,
+           const struct nlattr * const attr[])
 {
        if (unlikely(protocol_failed(attr)))
                return -IPSET_ERR_PROTOCOL;
@@ -1316,7 +1316,7 @@ static const struct nla_policy ip_set_adt_policy[IPSET_ATTR_CMD_MAX + 1] = {
 
 static int
 call_ad(struct sock *ctnl, struct sk_buff *skb,
-       NFNL_CB_CONST struct nlattr * NFNL_CB_CONST attr[],
+       const struct nlattr * const attr[],
        struct ip_set *set, const struct nlattr *nla,
        enum ipset_adt adt, u32 flags)
 {
@@ -1348,8 +1348,8 @@ call_ad(struct sock *ctnl, struct sk_buff *skb,
 
 static int
 ip_set_uadd(struct sock *ctnl, struct sk_buff *skb,
-           NFNL_CB_CONST struct nlmsghdr *nlh,
-           NFNL_CB_CONST struct nlattr * NFNL_CB_CONST attr[])
+           const struct nlmsghdr *nlh,
+           const struct nlattr * const attr[])
 {
        struct ip_set *set;
        const struct nlattr *nla;
@@ -1392,8 +1392,8 @@ ip_set_uadd(struct sock *ctnl, struct sk_buff *skb,
 
 static int
 ip_set_udel(struct sock *ctnl, struct sk_buff *skb,
-           NFNL_CB_CONST struct nlmsghdr *nlh,
-           NFNL_CB_CONST struct nlattr * NFNL_CB_CONST attr[])
+           const struct nlmsghdr *nlh,
+           const struct nlattr * const attr[])
 {
        struct ip_set *set;
        const struct nlattr *nla;
@@ -1436,8 +1436,8 @@ ip_set_udel(struct sock *ctnl, struct sk_buff *skb,
 
 static int
 ip_set_utest(struct sock *ctnl, struct sk_buff *skb,
-            NFNL_CB_CONST struct nlmsghdr *nlh,
-            NFNL_CB_CONST struct nlattr * NFNL_CB_CONST attr[])
+            const struct nlmsghdr *nlh,
+            const struct nlattr * const attr[])
 {
        struct ip_set *set;
        int ret = 0;
@@ -1469,8 +1469,8 @@ ip_set_utest(struct sock *ctnl, struct sk_buff *skb,
 
 static int
 ip_set_header(struct sock *ctnl, struct sk_buff *skb,
-             NFNL_CB_CONST struct nlmsghdr *nlh,
-             NFNL_CB_CONST struct nlattr * NFNL_CB_CONST attr[])
+             const struct nlmsghdr *nlh,
+             const struct nlattr * const attr[])
 {
        const struct ip_set *set;
        struct sk_buff *skb2;
@@ -1526,8 +1526,8 @@ static const struct nla_policy ip_set_type_policy[IPSET_ATTR_CMD_MAX + 1] = {
 
 static int
 ip_set_type(struct sock *ctnl, struct sk_buff *skb,
-           NFNL_CB_CONST struct nlmsghdr *nlh,
-           NFNL_CB_CONST struct nlattr * NFNL_CB_CONST attr[])
+           const struct nlmsghdr *nlh,
+           const struct nlattr * const attr[])
 {
        struct sk_buff *skb2;
        struct nlmsghdr *nlh2;
@@ -1590,8 +1590,8 @@ ip_set_protocol_policy[IPSET_ATTR_CMD_MAX + 1] = {
 
 static int
 ip_set_protocol(struct sock *ctnl, struct sk_buff *skb,
-               NFNL_CB_CONST struct nlmsghdr *nlh,
-               NFNL_CB_CONST struct nlattr * NFNL_CB_CONST attr[])
+               const struct nlmsghdr *nlh,
+               const struct nlattr * const attr[])
 {
        struct sk_buff *skb2;
        struct nlmsghdr *nlh2;

diff --git a/kernel/xt_set.c b/kernel/xt_set.c
index 74849197a782efbc92721915479bc6288b52c03e..e95cae0d65801863a3887d0ef42654acacf76b42 100644 (file)
--- a/kernel/xt_set.c
+++ b/kernel/xt_set.c
@@ -38,14 +38,20 @@ match_set(ip_set_id_t index, const struct sk_buff *skb,
 
 /* Revision 0 interface: backward compatible with netfilter/iptables */
 
-/* Backward compatibility constrains:
+/* Backward compatibility constrains (incomplete):
  *  2.6.24: [NETLINK]: Introduce nested and byteorder flag to netlink attribute
+ *  2.6.25: is_vmalloc_addr(): Check if an address is within the vmalloc
+ *         boundaries
+ *  2.6.27: rcu: split list.h and move rcu-protected lists into rculist.h
+ *  2.6.28: netfilter: ctnetlink: remove bogus module dependency between
+ *         ctnetlink and nf_nat (nfnl_lock/nfnl_unlock)
+ *  2.6.29: generic swap(): introduce global macro swap(a, b)
  *  2.6.31: netfilter: passive OS fingerprint xtables match
+ *  2.6.34: rcu: Add lockdep-enabled variants of rcu_dereference()
  */
 
-
-#if LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 31)
-#error "Linux kernel version too old: must be >= 2.6.31"
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 35)
+#error "Linux kernel version too old: must be >= 2.6.35"
 #endif
 
 #if LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 35)
@@ -120,7 +126,7 @@ set_match_v0_checkentry(const struct xt_mtchk_param *par)
 static void
 set_match_v0_destroy(const struct xt_mtdtor_param *par)
 {
-       struct xt_set_info_match *info = par->matchinfo;
+       struct xt_set_info_match_v0 *info = par->matchinfo;
 
        ip_set_nfnl_put(info->match_set.index);
 }