From: marta Date: Fri, 6 Nov 2009 13:51:47 +0000 (+0000) Subject: Enabled the code for xid matching. X-Git-Tag: ipfw-0.9-5~3 X-Git-Url: http://git.onelab.eu/?p=ipfw.git;a=commitdiff_plain;h=3e6f20122e1a37a4a6c84b0821827a8d98f0f8ec Enabled the code for xid matching. This code change the input hook used by ipfw with the IP_IN_LOCAL_IN hook, used by the PlanetLab code to set the xid into the sk_buff. The spec file export a variable to the ipfw Makefile in order to compile the PlanetLab related code. Added some debugging messages. --- diff --git a/dummynet/Makefile b/dummynet/Makefile index ff68e55..126c2ff 100644 --- a/dummynet/Makefile +++ b/dummynet/Makefile @@ -1,10 +1,14 @@ # # $Id$ # -# gnu Makefile to build linux module for ipfw+dummynet +# gnu Makefile to build linux module for ipfw+dummynet. +# +# The defaults are set to build without modifications on PlanetLab +# and possibly 2.6 versions. +# -# Unless specified otherwise, variable names are arbitrary. -# Exceptions are the following: +# Some variables need to have specific names, because they are used +# by the build infrastructure on Linux and OpenWrt. They are: # # ccflags-y additional $(CC) flags # M used by Kbuild, we must set it to `pwd` @@ -14,6 +18,14 @@ # O_TARGET the link target, for openwrt # EXTRA_CFLAGS as the name says... in openwrt # EXTRA_CFLAGS is used in 2.6.22 module kernel compilation too +# KERNELPATH the path to the kernel sources or headers +# +# Not sure about this (the name might be reserved) +# ipfw-cflags our flags for building the module +# +# Other variables are only private and can be renamed. They include: +# +# VER linux version we are building for (2.4 2.6 or openwrt) #--- $(warning including dummynet/Makefile) @@ -21,36 +33,57 @@ $(warning including dummynet/Makefile) # lets default for 2.6 for planetlab builds VER ?= 2.6 -ifeq ($(VER),openwrt) - -$(warning dummynet/Makefile doing openwrt) +# General values obj-m := ipfw_mod.o -obj-y := ipfw2_mod.o bsd_compat.o \ + +# generic cflags used on all systems +ipfw-cflags += -DIPFIREWALL_DEFAULT_TO_ACCEPT -DTRACE +# _BSD_SOURCE enables __FAVOR_BSD (udp/tcp bsd structs instead of posix) +ipfw-cflags += -D_BSD_SOURCE +ipfw-cflags += -DKERNEL_MODULE # build linux kernel module +# the two header trees for empty and override files +ipfw-cflags += -I $(M)/include_e -I $(M)/include +ipfw-cflags += -include $(M)/../glue.h # headers + +$(warning "---- Building dummynet kernel module for Version $(VER)") +# We have three sections for OpenWrt, Linux 2.4 and Linux 2.6 +# +ifeq ($(VER),openwrt) + M=. + obj-y := ipfw2_mod.o bsd_compat.o \ in_cksum.o ip_dummynet.o ip_fw2.o ip_fw_pfil.o -O_TARGET := ipfw_mod.o + O_TARGET := ipfw_mod.o -xcflags-y += -O1 -DLINUX_24 -xcflags-y += -DIPFIREWALL_DEFAULT_TO_ACCEPT -xcflags-y += -g -xcflags-y += -D_BSD_SOURCE # enable __FAVOR_BSD (udp/tcp bsd struct over posix) -xcflags-y += -DKERNEL_MODULE # linux kernel module -xcflags-y += -I include_e -I include -xcflags-y += -include ../glue.h # headers + # xcflags-y is a temporary variable where we store build options + xcflags-y += -O1 -DLINUX_24 + xcflags-y += -g -EXTRA_CFLAGS := $(xcflags-y) + EXTRA_CFLAGS := $(xcflags-y) $(ipfw-cflags) -# we should not export anything -#export-objs := ipfw2_mod.o + # we should not export anything + #export-objs := ipfw2_mod.o -include $(TOPDIR)/Rules.make -else # !openwrt +else # !openwrt, below we do linux builds for 2.4 and 2.6 + + # KERNELPATH is where the kernel headers reside. On PlanetLab + # it is set already by the build system. + # We can override it from the command line, or let the system guess. -obj-m := ipfw_mod.o ifneq ($(shell echo $(VER)|grep '2.4'),) - $(warning "---- Building for Version $(VER)") - KERNELDIR := -isystem /usr/src/linux-2.4.35.4/include - # replace the system include directory - WARN += -nostdinc -isystem /usr/lib/gcc/i486-linux-gnu/4.2.4/include + # The linux 2.4 version + # guess the kernel path -- or is it under /lib/modules ? + KERNELPATH ?= /usr/src/`uname -r`/build + + # Guess the gcc include directory + # The gcc version is in the last line returned by gcc -v + # gcc version 4.3.2 (Debian 4.3.2-1.1) + MYGCC_VER ?= $(shell gcc -v 2>&1 |tail -n 1 | cut -d " " -f 3) + # We don't know the exact directory unde /usr/lib/gcc so we guess + MYGCC_INCLUDE ?= $(shell echo /usr/lib/gcc/*/$(MYGCC_VER) | cut -d " " -f 1)/include + $(warning "---- gcc includes guessed to $(MYGCC_INCLUDE)") + + # additional warning #WARN = -Wp,-MD,/home/luigi/ports-luigi/dummynet-branches/ipfw_mod/dummynet/.ipfw2_mod.o.d #WARN += -Iinclude -include include/linux/autoconf.h @@ -62,36 +95,35 @@ ifneq ($(shell echo $(VER)|grep '2.4'),) WARN += -m32 -msoft-float # -mregparm=3 #WARN += -freg-struct-return -mpreferred-stack-boundary=2 WARN += -Wno-sign-compare - WARN += -Wdeclaration-after-statement -Wno-pointer-sign + WARN += -Wdeclaration-after-statement -Wno-pointer-sign ccflags-y += -O1 -DLINUX_24 - CFLAGS = -DMODULE -D__KERNEL__ ${KERNELDIR} ${ccflags-y} + CFLAGS = -DMODULE -D__KERNEL__ -nostdinc \ + -isystem ${KERNELPATH}/include -isystem $(MYGCC_INCLUDE) ${ccflags-y} # The Main target all: mod24 else - # KERNELDIR is where the kernel headers reside - # XXX on Planetlab, KERNELDIR must be same as KERNELPATH - KERNELDIR ?= $(KERNELPATH) - # KERNELDIR := /home/luigi/linux-2.6.25.17/ - # test on rock - #KERNELDIR := /usr/src/linux-2.6.24 # not with v.2237 - #KERNELDIR := /usr/src/linux-2.6.26 - #KERNELDIR := /usr/src/linux-2.6.22 - #KERNELDIR := /usr/src/linux-source-2.6.26 - #KERNELDIR := /lib/modules/`uname -r`/build - $(warning "---- Building Version 2.6 $(VER) in $(KERNELDIR)") +ifeq ($(IPFW_PLANETLAB),1) + $(warning "---- Building for PlanetLab") + ipfw-cflags += -DIPFW_PLANETLAB # PlanetLab compilation +endif + # if not set, use the version from the installed system + KERNELPATH ?= /lib/modules/`uname -r`/build + # the latest kernel + #KERNELPATH = /usr/src/linux-2.6.22 + $(warning "---- Building Version 2.6 $(VER) in $(KERNELPATH)") WARN := -O1 -Wall -Werror -DDEBUG_SPINLOCK -DDEBUG_MUTEXES # The main target # Required by kernel <= 2.6.22, ccflags-y is used on newer version -LINUX_VERSION_CODE := $(shell grep LINUX_VERSION_CODE $(KERNELDIR)/include/linux/version.h|cut -d " " -f3) -ifeq ($(LINUX_VERSION_CODE),132630) - EXTRA_CFLAGS += $(ccflags-y) -endif + LINUX_VERSION_CODE := $(shell grep LINUX_VERSION_CODE $(KERNELPATH)/include/linux/version.h|cut -d " " -f3) + ifeq ($(LINUX_VERSION_CODE),132630) + EXTRA_CFLAGS += $(ccflags-y) + endif all: include_e - $(MAKE) -C $(KERNELDIR) V=1 M=`pwd` modules + $(MAKE) -C $(KERNELPATH) V=1 M=`pwd` modules endif #-- back to the common section of code @@ -105,15 +137,10 @@ IPFW_SRCS = ip_fw2.c ip_dummynet.c ip_fw_pfil.c in_cksum.c # Module glue and functions missing in linux IPFW_SRCS += ipfw2_mod.c bsd_compat.c - # additional $(CC) flags ccflags-y += $(WARN) -ccflags-y += -DIPFIREWALL_DEFAULT_TO_ACCEPT +ccflags-y += $(ipfw-cflags) ccflags-y += -g -ccflags-y += -D_BSD_SOURCE # enable __FAVOR_BSD (udp/tcp bsd structure over posix) -ccflags-y += -DKERNEL_MODULE # linux kernel module -ccflags-y += -I $(M)/include_e -I $(M)/include -ccflags-y += -include $(M)/../glue.h # headers mod24: include_e $(obj-m) diff --git a/dummynet/ip_fw2.c b/dummynet/ip_fw2.c index 39d6ab7..102cd5d 100644 --- a/dummynet/ip_fw2.c +++ b/dummynet/ip_fw2.c @@ -2002,9 +2002,17 @@ check_uidgid(ipfw_insn_u32 *insn, int proto, struct ifnet *oif, int match = 0; struct sk_buff *skb = ((struct mbuf *)inp)->m_skb; + printf("%s opcode %d arg %d oif %p src 0x%x:%d dst 0x%x:%d\n", __FUNCTION__, + insn->o.opcode, insn->d[0], oif, + ntohl(src_ip.s_addr), ntohs(src_port), + ntohl(dst_ip.s_addr), ntohs(dst_port) + ); if (insn->o.opcode == O_JAIL) { #ifdef IPFW_PLANETLAB match = (skb->skb_tag == insn->d[0]); + printf("JAIL compiled for planetlab state %d xid %d want %d result %d\n", + skb->skb_tag, insn->d[0], match); + #endif return match; } diff --git a/dummynet/ipfw2_mod.c b/dummynet/ipfw2_mod.c index ebb16b2..3bf836a 100644 --- a/dummynet/ipfw2_mod.c +++ b/dummynet/ipfw2_mod.c @@ -624,7 +624,7 @@ ipfw_module_init(void) { int ret = 0; - printf("%s called\n", __FUNCTION__); + printf("%s in-hook %d svn id %s\n", __FUNCTION__, IPFW_HOOK_IN, "$Id$"); my_mod_register(moddesc_ipfw, "ipfw", 1); my_mod_register(moddesc_dummynet, "dummynet", 2); diff --git a/ipfw.spec b/ipfw.spec index f4e8920..d4754be 100644 --- a/ipfw.spec +++ b/ipfw.spec @@ -54,7 +54,7 @@ rm -rf $RPM_BUILD_ROOT %define kernelpath /usr/src/kernels/%{kernel_id_arch} %__make KERNELPATH=%kernelpath clean -%__make KERNELPATH=%kernelpath +%__make KERNELPATH=%kernelpath IPFW_PLANETLAB=1 %install install -D -m 755 dummynet/ipfw_mod.ko $RPM_BUILD_ROOT/lib/modules/%{kernel_id}/net/netfilter/ipfw_mod.ko