From 0ec2162cf645063b3fe5af6b3b3c482444a9508e Mon Sep 17 00:00:00 2001 From: Andreas Beckmann Date: Sat, 20 Jul 2024 02:48:42 +0200 Subject: [PATCH 1/8] compat: Really fix __has_attribute usage Fixes: 40fefb2 ("compat: Fix __has_attribute usage") Signed-off-by: Andreas Beckmann --- compat.h | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/compat.h b/compat.h index 8461c3d..6c4984b 100644 --- a/compat.h +++ b/compat.h @@ -773,13 +773,14 @@ struct module *find_module(const char *name) /* Copy from 294f69e662d1 ("compiler_attributes.h: Add 'fallthrough' pseudo * keyword for switch/case use") */ -#ifndef fallthrough -# if defined __has_attribute && __has_attribute(__fallthrough__) +#if !defined(fallthrough) && defined(__has_attribute) +# if __has_attribute(__fallthrough__) # define fallthrough __attribute__((__fallthrough__)) -# else -# define fallthrough do {} while (0) /* fallthrough */ # endif #endif +#ifndef fallthrough +# define fallthrough do {} while (0) /* fallthrough */ +#endif #ifndef HAVE_NF_CT_EVENT_NOTIFIER_CT_EVENT /* From e7799319f68f0e8483f8b0cc75f5d0dfcda57777 Mon Sep 17 00:00:00 2001 From: Andreas Beckmann Date: Wed, 3 Jul 2024 12:06:55 +0200 Subject: [PATCH 2/8] Fix dkms status invocation and do not query unrelated modules Signed-off-by: Andreas Beckmann --- configure | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure b/configure index 66ced00..86f9488 100755 --- a/configure +++ b/configure @@ -614,7 +614,7 @@ dkms_check() { echo Yes. DKMSINSTALL=dinstall test "$FROMDKMSCONF" && return - if dkms status | grep ^ipt-netflow, >/dev/null; then + if dkms status ipt-netflow | grep ^ipt-netflow/ >/dev/null; then echo "! You are already have module installed via DKMS" echo "! it will be uninstalled on 'make install' and" echo "! current version of module installed afterwards." From 944c81ececb31ffac8fd89d09744fb066fc38308 Mon Sep 17 00:00:00 2001 From: Andreas Beckmann Date: Wed, 3 Jul 2024 12:09:45 +0200 Subject: [PATCH 3/8] Do not check for dkms if called from dkms the recursive calls slowed down the configure script significantly Signed-off-by: Andreas Beckmann --- configure | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure b/configure index 86f9488..f2ec1a9 100755 --- a/configure +++ b/configure @@ -348,7 +348,7 @@ do --disable-snmp-a*) SKIPSNMP=1 ;; --disable-net-snmp*) SKIPSNMP=1 ;; --disable-dkms*) SKIPDKMS=1 ;; - --from-dkms-conf*) ;; + --from-dkms-conf*) SKIPDKMS=1 ;; --make) echo called from make; CARGS=`echo $CARGS | sed s/--make//g` ;; -Werror) KOPTS="$KOPTS -Werror" ;; --help|-h) show_help ;; From 51d65f0dffba3b2024586b4fbff579186b089af9 Mon Sep 17 00:00:00 2001 From: Andreas Beckmann Date: Wed, 3 Jul 2024 12:12:31 +0200 Subject: [PATCH 4/8] Set KDIR early if called from dkms and get version from sources Signed-off-by: Andreas Beckmann --- configure | 1 + 1 file changed, 1 insertion(+) diff --git a/configure b/configure index f2ec1a9..ae8a579 100755 --- a/configure +++ b/configure @@ -6,6 +6,7 @@ PATH=$PATH:/bin:/usr/bin:/usr/sbin:/sbin:/usr/local/sbin case "$1" in --from-dkms-conf*) KDKMS=`echo "$1" | sed 's/[^=]*.//'` + KDIR="$KDKMS" # restore options from existing Makefile, if present if [ -e Makefile ]; then set -- `sed -n 's/^CARGS = \(.*\)/\1/p' Makefile` From 55858baa52c0bb55dcd65522b5ffbd59fd507bf2 Mon Sep 17 00:00:00 2001 From: Andreas Beckmann Date: Sat, 1 Mar 2025 14:40:37 +0100 Subject: [PATCH 5/8] dkms.conf: Declare BUILD_EXCLUSIVE_KERNEL_MIN="3" skb_reset_mac_len() was introduced in v3.0-rc3 and is used unconditionally Signed-off-by: Andreas Beckmann --- dkms.conf | 4 ++++ ipt_NETFLOW.c | 1 + 2 files changed, 5 insertions(+) diff --git a/dkms.conf b/dkms.conf index 808e158..7968b38 100644 --- a/dkms.conf +++ b/dkms.conf @@ -2,6 +2,10 @@ PACKAGE_NAME="ipt-netflow" pushd `dirname $BASH_SOURCE` PACKAGE_VERSION=`./version.sh` popd + +# skb_reset_mac_len() was introduced in v3.0-rc3 +BUILD_EXCLUSIVE_KERNEL_MIN="3" + BUILT_MODULE_NAME[0]=ipt_NETFLOW DEST_MODULE_LOCATION[0]=/kernel/extra STRIP[0]=no diff --git a/ipt_NETFLOW.c b/ipt_NETFLOW.c index eee8074..91c8c1e 100644 --- a/ipt_NETFLOW.c +++ b/ipt_NETFLOW.c @@ -74,6 +74,7 @@ * but centos6 have it backported on its 2.6.32.el6 */ # include #endif +#include #include "compat.h" #include "ipt_NETFLOW.h" #include "murmur3.h" From 22c47fc63c1fda10a5a8f8bdf99e5fdd7335f280 Mon Sep 17 00:00:00 2001 From: Andreas Beckmann Date: Thu, 18 Jul 2024 00:24:57 +0200 Subject: [PATCH 6/8] Fix module build for Linux v4.3 netif_is_bridge_port() was introduced in v4.4-rc2 by "vlan: Do not put vlan headers back on bridge and macvlan ports" (28f9ee22bcdd84726dbf6267d0b58f254166b900) Signed-off-by: Andreas Beckmann --- ipt_NETFLOW.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ipt_NETFLOW.c b/ipt_NETFLOW.c index 91c8c1e..4b7b423 100644 --- a/ipt_NETFLOW.c +++ b/ipt_NETFLOW.c @@ -4882,6 +4882,8 @@ static void parse_l2_header(const struct sk_buff *skb, struct ipt_netflow_tuple && !(vlan->flags & VLAN_FLAG_REORDER_HDR) # if LINUX_VERSION_CODE >= KERNEL_VERSION(4,3,0) && !netif_is_macvlan_port(vlan_dev) +# endif +# if LINUX_VERSION_CODE >= KERNEL_VERSION(4,4,0) && !netif_is_bridge_port(vlan_dev) # endif )) From c2d6eeb62dbe429f7a08b4ae970339884f5d2765 Mon Sep 17 00:00:00 2001 From: Andreas Beckmann Date: Sat, 20 Jul 2024 02:22:01 +0200 Subject: [PATCH 7/8] Unexporting find_module() has been backported to Linux v5.10.220 Signed-off-by: Andreas Beckmann --- compat.h | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/compat.h b/compat.h index 6c4984b..dffc9e3 100644 --- a/compat.h +++ b/compat.h @@ -746,9 +746,10 @@ unsigned long long strtoul(const char *cp, char **endp, unsigned int base) return result; } -#if LINUX_VERSION_CODE >= KERNEL_VERSION(5,12,0) +#if (LINUX_VERSION_CODE >= KERNEL_VERSION(5,12,0)) \ + || ((LINUX_VERSION_CODE >= KERNEL_VERSION(5,10,220)) && (LINUX_VERSION_CODE < KERNEL_VERSION(5,11,0))) /* - * find_module() is unexported in v5.12: + * find_module() is unexported in v5.12 (backported to 5.10.220): * 089049f6c9956 ("module: unexport find_module and module_mutex") * and module_mutex is replaced with RCU in * a006050575745 ("module: use RCU to synchronize find_module") From ca9a6ae33874c124f8382e68fc65fdbf08cdd6cd Mon Sep 17 00:00:00 2001 From: Andreas Beckmann Date: Fri, 7 Mar 2025 10:03:58 +0100 Subject: [PATCH 8/8] Fix module build for Linux v6.12 adapt to "move asm/unaligned.h to linux/unaligned.h" (5f60d5f6bbc12e782fac78110b0ee62698f3b576) in v6.12-rc2 Fixes: #237 Signed-off-by: Andreas Beckmann --- gen_compat_def | 9 +++++++-- ipt_NETFLOW.c | 4 ++++ 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/gen_compat_def b/gen_compat_def index a9cb95e..e9d4e76 100755 --- a/gen_compat_def +++ b/gen_compat_def @@ -64,7 +64,7 @@ kbuild_test_symbol() { echo -n "Test function $* " >&2 kbuild_test_compile ${1^^} $1 ${2-} <<-EOF #include - ${2:+#include <$2>} + ${3:-${2:+#include <$2>}} MODULE_LICENSE("GPL"); void *test = $1; EOF @@ -121,7 +121,12 @@ kbuild_test_symbol nf_bridge_info_get linux/netfilter_bridge.h # Stumbled on 5.9 kbuild_test_struct vlan_dev_priv linux/if_vlan.h # Kernel version check broken by centos8 -kbuild_test_symbol put_unaligned_be24 asm/unaligned.h +kbuild_test_symbol put_unaligned_be24 '???/unaligned.h' '#include +#if LINUX_VERSION_CODE >= KERNEL_VERSION(6,12,0) +#include +#else +#include +#endif' # totalram_pages changed from atomic to inline function. kbuild_test_symbol totalram_pages linux/mm.h kbuild_test_ref totalram_pages linux/mm.h diff --git a/ipt_NETFLOW.c b/ipt_NETFLOW.c index 4b7b423..bbd2c9b 100644 --- a/ipt_NETFLOW.c +++ b/ipt_NETFLOW.c @@ -68,7 +68,11 @@ # include #endif #include +#if LINUX_VERSION_CODE >= KERNEL_VERSION(6,12,0) +#include +#else #include +#endif #ifdef HAVE_LLIST /* llist.h is officially defined since linux 3.1, * but centos6 have it backported on its 2.6.32.el6 */