Merge branch 'ipv6' into dev4

* ipv6: kmod-oaf: fix nf hook before 4.16.0
jjm2473 · Mar 18, 2024 · 5c2e5e9 · 5c2e5e9
2 parents fcfcaaa + f7a9da9
commit 5c2e5e9
Show file tree

Hide file tree

Showing 2 changed files with 66 additions and 13 deletions.
diff --git a/oaf/src/af_client.c b/oaf/src/af_client.c
@@ -355,7 +355,7 @@ static u_int32_t af_client_hook(unsigned int hook,
 	return NF_ACCEPT;
 }
 
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 4, 0)
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 16, 0)
 static struct nf_hook_ops af_client_ops[] = {
 	{
 		.hook = af_client_hook,
@@ -368,8 +368,19 @@ static struct nf_hook_ops af_client_ops[] = {
 static struct nf_hook_ops af_client_ops[] = {
 	{
 		.hook = af_client_hook,
+#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 4, 0)
 		.owner = THIS_MODULE,
-		.pf = NFPROTO_INET,
+#endif
+		.pf = NFPROTO_IPV4,
+		.hooknum = NF_INET_FORWARD,
+		.priority = NF_IP_PRI_FIRST + 1,
+	},
+	{
+		.hook = af_client_hook,
+#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 4, 0)
+		.owner = THIS_MODULE,
+#endif
+		.pf = NFPROTO_IPV6,
 		.hooknum = NF_INET_FORWARD,
 		.priority = NF_IP_PRI_FIRST + 1,
 	},
@@ -378,20 +389,24 @@ static struct nf_hook_ops af_client_ops[] = {
 
 int af_client_init(void)
 {
+	int err;
 	nf_client_list_init();
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 13, 0)
-	nf_register_net_hooks(&init_net, af_client_ops, ARRAY_SIZE(af_client_ops));
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 3, 0)
+	err = nf_register_net_hooks(&init_net, af_client_ops, ARRAY_SIZE(af_client_ops));
 #else
-	nf_register_hooks(af_client_ops, ARRAY_SIZE(af_client_ops));
+	err = nf_register_hooks(af_client_ops, ARRAY_SIZE(af_client_ops));
 #endif
+	if (err) {
+		AF_ERROR("oaf register client hooks failed!\n");
+	}
 	AF_INFO("init app afclient ........ok\n");
 
 	return 0;
 }
 
 void af_client_exit(void)
 {
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 13, 0)
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 3, 0)
 	nf_unregister_net_hooks(&init_net, af_client_ops, ARRAY_SIZE(af_client_ops));
 #else
 	nf_unregister_hooks(af_client_ops, ARRAY_SIZE(af_client_ops));

diff --git a/oaf/src/app_filter.c b/oaf/src/app_filter.c
@@ -1202,8 +1202,7 @@ static u_int32_t app_filter_by_pass_hook(unsigned int hook,
 	return app_filter_hook_bypass_handle(skb, skb->dev);
 }
 
-
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 4, 0)
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 16, 0)
 static struct nf_hook_ops app_filter_ops[] __read_mostly = {
 	{
 		.hook = app_filter_hook,
@@ -1219,12 +1218,47 @@ static struct nf_hook_ops app_filter_ops[] __read_mostly = {
 		.priority = NF_IP_PRI_MANGLE + 1,
 	},
 };
+#elif LINUX_VERSION_CODE >= KERNEL_VERSION(4, 4, 0)
+static struct nf_hook_ops app_filter_ops[] __read_mostly = {
+	{
+		.hook = app_filter_hook,
+		.pf = NFPROTO_IPV4,
+		.hooknum = NF_INET_FORWARD,
+		.priority = NF_IP_PRI_MANGLE + 1,
+	},
+	{
+		.hook = app_filter_by_pass_hook,
+		.pf = NFPROTO_IPV4,
+		.hooknum = NF_INET_PRE_ROUTING,
+		.priority = NF_IP_PRI_MANGLE + 1,
+	},
+	{
+		.hook = app_filter_hook,
+		.pf = NFPROTO_IPV6,
+		.hooknum = NF_INET_FORWARD,
+		.priority = NF_IP_PRI_MANGLE + 1,
+
+	},
+	{
+		.hook = app_filter_by_pass_hook,
+		.pf = NFPROTO_IPV6,
+		.hooknum = NF_INET_PRE_ROUTING,
+		.priority = NF_IP_PRI_MANGLE + 1,
+	},
+};
 #else
 static struct nf_hook_ops app_filter_ops[] __read_mostly = {
 	{
 		.hook = app_filter_hook,
 		.owner = THIS_MODULE,
-		.pf = NFPROTO_INET,
+		.pf = NFPROTO_IPV4,
+		.hooknum = NF_INET_FORWARD,
+		.priority = NF_IP_PRI_MANGLE + 1,
+	},
+	{
+		.hook = app_filter_hook,
+		.owner = THIS_MODULE,
+		.pf = NFPROTO_IPV6,
 		.hooknum = NF_INET_FORWARD,
 		.priority = NF_IP_PRI_MANGLE + 1,
 	},
@@ -1369,6 +1403,7 @@ int netlink_oaf_init(void)
 
 static int __init app_filter_init(void)
 {
+	int err;
 	if (0 != load_feature_config())
 	{
 		return -1;
@@ -1381,11 +1416,14 @@ static int __init app_filter_init(void)
 	af_init_app_status();
 	init_af_client_procfs();
 	af_client_init();
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 13, 0)
-	nf_register_net_hooks(&init_net, app_filter_ops, ARRAY_SIZE(app_filter_ops));
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 3, 0)
+	err = nf_register_net_hooks(&init_net, app_filter_ops, ARRAY_SIZE(app_filter_ops));
 #else
-	nf_register_hooks(app_filter_ops, ARRAY_SIZE(app_filter_ops));
+	err = nf_register_hooks(app_filter_ops, ARRAY_SIZE(app_filter_ops));
 #endif
+	if (err) {
+		AF_ERROR("oaf register filter hooks failed!\n");
+	}
 	init_oaf_timer();
 	AF_INFO("init app filter ........ok\n");
 	return 0;
@@ -1395,7 +1433,7 @@ static void app_filter_fini(void)
 {
 	AF_INFO("app filter module exit\n");
 	fini_oaf_timer();
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 13, 0)
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 3, 0)
 	nf_unregister_net_hooks(&init_net, app_filter_ops, ARRAY_SIZE(app_filter_ops));
 #else
 	nf_unregister_hooks(app_filter_ops, ARRAY_SIZE(app_filter_ops));