Thanks a lot, that works like a charm!
Here are diff patches for your convenience. They probably should be submitted to xtables-addons ASAP, so people's firewalls can continue filtering & tarpitting instead of accepting...
#diff -u xt_TARPIT.orig.c xt_TARPIT.c
--- xt_TARPIT.orig.c 2015-06-23 13:31:04.406533833 +0300
+++ xt_TARPIT.c 2015-06-23 13:24:03.103202214 +0300
@@ -250,7 +250,7 @@
#ifdef CONFIG_BRIDGE_NETFILTER
if (hook != NF_INET_FORWARD || (nskb->nf_bridge != NULL &&
- nskb->nf_bridge->mask & BRNF_BRIDGED))
+ nskb->nf_bridge->physoutdev))
#else
if (hook != NF_INET_FORWARD)
#endif
@@ -279,7 +279,7 @@
nf_ct_attach(nskb, oldskb);
- NF_HOOK(NFPROTO_IPV4, NF_INET_LOCAL_OUT, nskb, NULL,
+ NF_HOOK(NFPROTO_IPV4, NF_INET_LOCAL_OUT, NULL, nskb, NULL,
skb_dst(nskb)->dev, dst_output);
return;
@@ -394,7 +394,7 @@
nf_ct_attach(nskb, oldskb);
- NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, nskb, NULL,
+ NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, NULL, nskb, NULL,
skb_dst(nskb)->dev, dst_output);
return;
# diff -u xt_DELUDE.orig.c xt_DELUDE.c
--- xt_DELUDE.orig.c 2015-06-23 13:30:57.166533864 +0300
+++ xt_DELUDE.c 2015-06-23 13:28:11.046534539 +0300
@@ -107,7 +107,7 @@
addr_type = RTN_UNSPEC;
#ifdef CONFIG_BRIDGE_NETFILTER
if (hook != NF_INET_FORWARD || (nskb->nf_bridge != NULL &&
- nskb->nf_bridge->mask & BRNF_BRIDGED))
+ nskb->nf_bridge->physoutdev))
#else
if (hook != NF_INET_FORWARD)
#endif
Yours, Alexander Petrenas.
> -----Original Message-----
> From: netfilter-devel-owner@xxxxxxxxxxxxxxx [mailto:netfilter-devel-
> owner@xxxxxxxxxxxxxxx] On Behalf Of Florian Westphal
> Sent: Tuesday, June 23, 2015 12:40 PM
> To: Alexander Petrenas
> Cc: netfilter-devel@xxxxxxxxxxxxxxx
>
> > Netfilter changes in the recent 4.1.0 kernel update included removal of
> the BRNF_BRIDGED flag:
> >
> http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=40
> 451fd013878b005ccae767dfebc07dfecf85d9
> >
> > Unfortunately, getting rid of BRNF_BRIDGED flag broke the xtables-addons-
> 2.6 package, which now fails to build TARPIT & DELUGE targets with the
> following errors:
> >
> > xtables-addons-2.6/extensions/xt_TARPIT.c:253:30: error: ‘BRNF_BRIDGED’
> undeclared (first use in this function)
> > nskb->nf_bridge->mask & BRNF_BRIDGED))
> > ^
> >
> > xtables-addons-2.6/extensions/xt_TARPIT.c:282:2: error: too few arguments
> to function ‘NF_HOOK’
> > NF_HOOK(NFPROTO_IPV4, NF_INET_LOCAL_OUT, nskb, NULL,
> > ^
>
> NF_HOOK(NFPROTO_IPV4, NF_INET_LOCAL_OUT, NULL, nskb, NULL,
>
> > xtables-addons-2.6/extensions/xt_TARPIT.c:397:2: error: too few arguments
> to function ‘NF_HOOK’
> > NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, nskb, NULL,
>
> NF_HOOK(NFPROTO_IPV4, NF_INET_LOCAL_OUT, NULL, nskb, NULL,
>
> >
> > #ifdef CONFIG_BRIDGE_NETFILTER
> > if (hook != NF_INET_FORWARD || (nskb->nf_bridge != NULL &&
> > nskb->nf_bridge->mask & BRNF_BRIDGED))
> > #else
>
> if (hook != NF_INET_FORWARD || (nskb->nf_bridge != NULL &&
> nskb->nf_bridge->physoutdev))
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
