xtables addons build on 5.2.6 ends with error: 'struct shash_desc' has no member named 'flags'

xtables addons build on 5.2.6 ends with error: 'struct shash_desc' has no member named 'flags'

[Franta Hanzlík]

I'm using xtables-addons-3.3 on Fedora 30 from freshrpms, which is builded
via akmods. On kernel 5.1.20-300.fc30 it build fine, but on 5.2.6-200.fc30
it ends with error:
...
2019/08/11 10:11:28 akmodsbuild: gcc -Wp,-MD,/tmp/akmodsbuild.weDM0uSv/BUILD/xtables-addons-kmod-3.3/_kmod_build_5.2.6-200.fc30.x86_64/extensions/.xt_SYSRQ.o.d  -nostdinc -isystem /usr/lib/gcc/x86_64-redhat-linux/9/include -I./arch/x86/include -I./arch/x86/include/generated  -I./include -I./arch/x86/include/uapi -I./arch/x86/include/generated/uapi -I./include/uapi -I./include/generated/uapi -include ./include/linux/kconfig.h -include ./include/linux/compiler_types.h
 -D__KERNEL__ -Wall -Wundef -Werror=strict-prototypes -Wno-trigraphs -fno-strict-aliasing -fno-common -fshort-wchar -fno-PIE -Werror=implicit-function-declaration -Werror=implicit-int -Wno-format-security -Wno-address-of-packed-member -std=gnu89 -mno-sse -mno-mmx -mno-sse2 -mno-3dnow -mno-avx -m64
 -falign-jumps=1 -falign-loops=1 -mno-80387 -mno-fp-ret-in-387 -mpreferred-stack-boundary=3 -mskip-rax-setup -mtune=generic -mno-red-zone -mcmodel=kernel
 -DCONFIG_AS_CFI=1 -DCONFIG_AS_CFI_SIGNAL_FRAME=1 -DCONFIG_AS_CFI_SECTIONS=1 -DCONFIG_AS_SSSE3=1 -DCONFIG_AS_AVX=1 -DCONFIG_AS_AVX2=1 -DCONFIG_AS_AVX512=1 -DCONFIG_AS_SHA1_NI=1 -DCONFIG_AS_SHA256_NI=1 -Wno-sign-compare -fno-asynchronous-unwind-tables -mindirect-branch=thunk-extern -mindirect-branch-register
 -fno-jump-tables -fno-delete-null-pointer-checks -Wno-frame-address -Wno-format-truncation -Wno-format-overflow -Wno-address-of-packed-member -O2 --param=allow-store-data-races=0 -Wframe-larger-than=2048 -fstack-protector-strong -Wno-unused-but-set-variable -Wno-unused-const-variable -fvar-tracking-assignments -g -pg -mrecord-mcount -mfentry -DCC_USING_FENTRY -Wdeclaration-after-statement -Wvla -Wno-pointer-sign -Wno-stringop-truncation -fno-strict-overflow -fno-merge-all-constants -fmerge-constants -fno-stack-check -fconserve-stack -Werror=date-time -Werror=incompatible-pointer-types
 -Werror=designated-init -fmacro-prefix-map=./= -Wno-packed-not-aligned  -DMODULE  -DKBUILD_BASENAME='"xt_SYSRQ"' -DKBUILD_MODNAME='"xt_SYSRQ"' -c -o /tmp/akmodsbuild.weDM0uSv/BUILD/xtables-addons-kmod-3.3/_kmod_build_5.2.6-200.fc30.x86_64/extensions/xt_SYSRQ.o /tmp/akmodsbuild.weDM0uSv/BUILD/xtables-addons-kmod-3.3/_kmod_build_5.2.6-200.fc30.x86_64/extensions/xt_SYSRQ.c

2019/08/11 10:11:28 akmodsbuild: gcc -Wp,-MD,/tmp/akmodsbuild.weDM0uSv/BUILD/xtables-addons-kmod-3.3/_kmod_build_5.2.6-200.fc30.x86_64/extensions/.xt_TARPIT.o.d  -nostdinc -isystem /usr/lib/gcc/x86_64-redhat-linux/9/include -I./arch/x86/include -I./arch/x86/include/generated  -I./include -I./arch/x86/include/uapi -I./arch/x86/include/generated/uapi -I./include/uapi -I./include/generated/uapi -include ./include/linux/kconfig.h -include ./include/linux/compiler_types.h -D__KERNEL__ -Wall -Wundef -Werror=strict-prototypes -Wno-trigraphs -fno-strict-aliasing -fno-common -fshort-wchar -fno-PIE
 -Werror=implicit-function-declaration -Werror=implicit-int -Wno-format-security -Wno-address-of-packed-member -std=gnu89 -mno-sse -mno-mmx -mno-sse2 -mno-3dnow -mno-avx -m64 -falign-jumps=1 -falign-loops=1 -mno-80387 -mno-fp-ret-in-387 -mpreferred-stack-boundary=3 -mskip-rax-setup -mtune=generic -mno-red-zone
 -mcmodel=kernel -DCONFIG_AS_CFI=1 -DCONFIG_AS_CFI_SIGNAL_FRAME=1 -DCONFIG_AS_CFI_SECTIONS=1 -DCONFIG_AS_SSSE3=1 -DCONFIG_AS_AVX=1 -DCONFIG_AS_AVX2=1
 -DCONFIG_AS_AVX512=1 -DCONFIG_AS_SHA1_NI=1 -DCONFIG_AS_SHA256_NI=1 -Wno-sign-compare -fno-asynchronous-unwind-tables -mindirect-branch=thunk-extern -mindirect-branch-register -fno-jump-tables -fno-delete-null-pointer-checks -Wno-frame-address -Wno-format-truncation -Wno-format-overflow -Wno-address-of-packed-member -O2 --param=allow-store-data-races=0 -Wframe-larger-than=2048 -fstack-protector-strong -Wno-unused-but-set-variable -Wno-unused-const-variable -fvar-tracking-assignments -g -pg -mrecord-mcount -mfentry -DCC_USING_FENTRY -Wdeclaration-after-statement -Wvla -Wno-pointer-sign -Wno-stringop-truncation
 -fno-strict-overflow -fno-merge-all-constants -fmerge-constants -fno-stack-check -fconserve-stack -Werror=date-time -Werror=incompatible-pointer-types -Werror=designated-init -fmacro-prefix-map=./= -Wno-packed-not-aligned  -DMODULE  -DKBUILD_BASENAME='"xt_TARPIT"' -DKBUILD_MODNAME='"xt_TARPIT"' -c -o /tmp/akmodsbuild.weDM0uSv/BUILD/xtables-addons-kmod-3.3/_kmod_build_5.2.6-200.fc30.x86_64/extensions/xt_TARPIT.o /tmp/akmodsbuild.weDM0uSv/BUILD/xtables-addons-kmod-3.3/_kmod_build_5.2.6-200.fc30.x86_64/extensions/xt_TARPIT.c

2019/08/11 10:11:28 akmodsbuild: /tmp/akmodsbuild.weDM0uSv/BUILD/xtables-addons-kmod-3.3/_kmod_build_5.2.6-200.fc30.x86_64/extensions/pknock/xt_pknock.c: In function 'xt_pknock_mt_init':
2019/08/11 10:11:28 akmodsbuild: /tmp/akmodsbuild.weDM0uSv/BUILD/xtables-addons-kmod-3.3/_kmod_build_5.2.6-200.fc30.x86_64/extensions/pknock/xt_pknock.c:1128:13: error: 'struct shash_desc' has no member named 'flags'
2019/08/11 10:11:28 akmodsbuild: 1128 |  crypto.desc.flags = 0;
2019/08/11 10:11:28 akmodsbuild: |             ^
2019/08/11 10:11:28 akmodsbuild: /tmp/akmodsbuild.weDM0uSv/BUILD/xtables-addons-kmod-3.3/_kmod_build_5.2.6-200.fc30.x86_64/extensions/xt_SYSRQ.c: In function 'sysrq_tg':
2019/08/11 10:11:28 akmodsbuild: /tmp/akmodsbuild.weDM0uSv/BUILD/xtables-addons-kmod-3.3/_kmod_build_5.2.6-200.fc30.x86_64/extensions/xt_SYSRQ.c:117:6: error: 'struct shash_desc' has no member named 'flags'
2019/08/11 10:11:28 akmodsbuild: 117 |  desc.flags = 0;
2019/08/11 10:11:28 akmodsbuild: |      ^
2019/08/11 10:11:28 akmodsbuild: make[2]: *** [scripts/Makefile.build:285: /tmp/akmodsbuild.weDM0uSv/BUILD/xtables-addons-kmod-3.3/_kmod_build_5.2.6-200.fc30.x86_64/extensions/pknock/xt_pknock.o] Error 1
2019/08/11 10:11:28 akmodsbuild: make[1]: *** [scripts/Makefile.build:285: /tmp/akmodsbuild.weDM0uSv/BUILD/xtables-addons-kmod-3.3/_kmod_build_5.2.6-200.fc30.x86_64/extensions/xt_SYSRQ.o] Error 1
2019/08/11 10:11:28 akmodsbuild: make[1]: *** Waiting for unfinished jobs....
2019/08/11 10:11:28 akmodsbuild: make[1]: *** [scripts/Makefile.build:489: /tmp/akmodsbuild.weDM0uSv/BUILD/xtables-addons-kmod-3.3/_kmod_build_5.2.6-200.fc30.x86_64/extensions/pknock] Error 2
2019/08/11 10:11:28 akmodsbuild: ./tools/objtool/objtool orc generate  --module --no-fp --retpoline --uaccess /tmp/akmodsbuild.weDM0uSv/BUILD/xtables-addons-kmod-3.3/_kmod_build_5.2.6-200.fc30.x86_64/extensions/compat_xtables.o
2019/08/11 10:11:28 akmodsbuild: ./tools/objtool/objtool orc generate  --module --no-fp --retpoline --uaccess /tmp/akmodsbuild.weDM0uSv/BUILD/xtables-addons-kmod-3.3/_kmod_build_5.2.6-200.fc30.x86_64/extensions/xt_LOGMARK.o
2019/08/11 10:11:28 akmodsbuild: ./tools/objtool/objtool orc generate  --module --no-fp --retpoline --uaccess /tmp/akmodsbuild.weDM0uSv/BUILD/xtables-addons-kmod-3.3/_kmod_build_5.2.6-200.fc30.x86_64/extensions/xt_IPMARK.o
2019/08/11 10:11:28 akmodsbuild: ./tools/objtool/objtool orc generate  --module --no-fp --retpoline --uaccess /tmp/akmodsbuild.weDM0uSv/BUILD/xtables-addons-kmod-3.3/_kmod_build_5.2.6-200.fc30.x86_64/extensions/xt_CHAOS.o
2019/08/11 10:11:28 akmodsbuild: ./tools/objtool/objtool orc generate  --module --no-fp --retpoline --uaccess /tmp/akmodsbuild.weDM0uSv/BUILD/xtables-addons-kmod-3.3/_kmod_build_5.2.6-200.fc30.x86_64/extensions/xt_DHCPMAC.o
2019/08/11 10:11:28 akmodsbuild: ./tools/objtool/objtool orc generate  --module --no-fp --retpoline --uaccess /tmp/akmodsbuild.weDM0uSv/BUILD/xtables-addons-kmod-3.3/_kmod_build_5.2.6-200.fc30.x86_64/extensions/xt_DELUDE.o
2019/08/11 10:11:28 akmodsbuild: ./tools/objtool/objtool orc generate  --module --no-fp --retpoline --uaccess /tmp/akmodsbuild.weDM0uSv/BUILD/xtables-addons-kmod-3.3/_kmod_build_5.2.6-200.fc30.x86_64/extensions/xt_ECHO.o
2019/08/11 10:11:28 akmodsbuild: ./tools/objtool/objtool orc generate  --module --no-fp --retpoline --uaccess /tmp/akmodsbuild.weDM0uSv/BUILD/xtables-addons-kmod-3.3/_kmod_build_5.2.6-200.fc30.x86_64/extensions/xt_TARPIT.o
2019/08/11 10:11:28 akmodsbuild: ./tools/objtool/objtool orc generate  --module --no-fp --retpoline --uaccess /tmp/akmodsbuild.weDM0uSv/BUILD/xtables-addons-kmod-3.3/_kmod_build_5.2.6-200.fc30.x86_64/extensions/xt_DNETMAP.o
2019/08/11 10:11:28 akmodsbuild: ./tools/objtool/objtool orc generate  --module --no-fp --retpoline --uaccess /tmp/akmodsbuild.weDM0uSv/BUILD/xtables-addons-kmod-3.3/_kmod_build_5.2.6-200.fc30.x86_64/extensions/ACCOUNT/xt_ACCOUNT.o
2019/08/11 10:11:28 akmodsbuild: make: *** [Makefile:1600: _module_/tmp/akmodsbuild.weDM0uSv/BUILD/xtables-addons-kmod-3.3/_kmod_build_5.2.6-200.fc30.x86_64/extensions] Error 2
2019/08/11 10:11:28 akmodsbuild: make: Leaving directory '/usr/src/kernels/5.2.6-200.fc30.x86_64'
2019/08/11 10:11:28 akmodsbuild: error: Bad exit status from /var/tmp/rpm-tmp.oP2hls (%build)
...

I report it as issue against Fedora 30 kernel-5.2.6, but it was rejected
with
"That error is from the add on itself. Fedora does not provide support for 3rd party modules."

Know anyone, where problem may be?
-- 
TIA, Franta Hanzlik

Re: xtables addons build on 5.2.6 ends with error: 'struct shash_desc' has no member named 'flags'

[Jeremy Sowden]

[-- Attachment #1: Type: text/plain, Size: 735 bytes --]

On 2019-08-11, at 11:40:20 +0200, Franta Hanzlík wrote:
> I'm using xtables-addons-3.3 on Fedora 30 from freshrpms, which is builded
> via akmods. On kernel 5.1.20-300.fc30 it build fine, but on 5.2.6-200.fc30
> it ends with error:
> [...]
>
> I report it as issue against Fedora 30 kernel-5.2.6, but it was
> rejected with "That error is from the add on itself. Fedora does not
> provide support for 3rd party modules."
>
> Know anyone, where problem may be?

According to the xtables-addons configure script, kernels after 5.0 are
not yet supported.  It would appear that the source-code has not yet
been updated to incorporate a couple of kernel API changes (a crypto one
in 5.1, and a netfilter one in 5.2).

J.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

[PATCH xtables-addons 1/2] xt_pknock, xt_SYSRQ: don't set shash_desc::flags.

[Jeremy Sowden]

shash_desc::flags was removed from the kernel in 5.1.

Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
---
 extensions/pknock/xt_pknock.c | 1 -
 extensions/xt_SYSRQ.c         | 1 -
 2 files changed, 2 deletions(-)

diff --git a/extensions/pknock/xt_pknock.c b/extensions/pknock/xt_pknock.c
index c76901ac4c1a..8021ea07e1b9 100644
--- a/extensions/pknock/xt_pknock.c
+++ b/extensions/pknock/xt_pknock.c
@@ -1125,7 +1125,6 @@ static int __init xt_pknock_mt_init(void)
 
 	crypto.size = crypto_shash_digestsize(crypto.tfm);
 	crypto.desc.tfm = crypto.tfm;
-	crypto.desc.flags = 0;
 
 	pde = proc_mkdir("xt_pknock", init_net.proc_net);
 	if (pde == NULL) {
diff --git a/extensions/xt_SYSRQ.c b/extensions/xt_SYSRQ.c
index c386c7e2db5d..183692f49489 100644
--- a/extensions/xt_SYSRQ.c
+++ b/extensions/xt_SYSRQ.c
@@ -114,7 +114,6 @@ static unsigned int sysrq_tg(const void *pdata, uint16_t len)
 	}
 
 	desc.tfm   = sysrq_tfm;
-	desc.flags = 0;
 	ret = crypto_shash_init(&desc);
 	if (ret != 0)
 		goto hash_fail;
-- 
2.20.1

[PATCH xtables-addons 2/2] xt_DHCPMAC: replaced skb_make_writable with skb_ensure_writable.

[Jeremy Sowden]

skb_make_writable was removed from the kernel in 5.2 and its callers
converted to use skb_ensure_writable.

Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
---
 extensions/xt_DHCPMAC.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/extensions/xt_DHCPMAC.c b/extensions/xt_DHCPMAC.c
index 47f9534f74c7..412f8984d326 100644
--- a/extensions/xt_DHCPMAC.c
+++ b/extensions/xt_DHCPMAC.c
@@ -96,7 +96,7 @@ dhcpmac_tg(struct sk_buff *skb, const struct xt_action_param *par)
 	struct udphdr udpbuf, *udph;
 	unsigned int i;
 
-	if (!skb_make_writable(skb, 0))
+	if (!skb_ensure_writable(skb, 0))
 		return NF_DROP;
 
 	udph = skb_header_pointer(skb, ip_hdrlen(skb),
-- 
2.20.1

Re: [PATCH xtables-addons 2/2] xt_DHCPMAC: replaced skb_make_writable with skb_ensure_writable.

[Florian Westphal]

Jeremy Sowden <jeremy@azazel.net> wrote:
> skb_make_writable was removed from the kernel in 5.2 and its callers
> converted to use skb_ensure_writable.
> 
> Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
> ---
>  extensions/xt_DHCPMAC.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/extensions/xt_DHCPMAC.c b/extensions/xt_DHCPMAC.c
> index 47f9534f74c7..412f8984d326 100644
> --- a/extensions/xt_DHCPMAC.c
> +++ b/extensions/xt_DHCPMAC.c
> @@ -96,7 +96,7 @@ dhcpmac_tg(struct sk_buff *skb, const struct xt_action_param *par)
>  	struct udphdr udpbuf, *udph;
>  	unsigned int i;
>  
> -	if (!skb_make_writable(skb, 0))
> +	if (!skb_ensure_writable(skb, 0))
>  		return NF_DROP;

You need to drop the "!".  The "0" argument is suspicious as well, i
guess this needs to be "skb->len".

Re: [PATCH xtables-addons 2/2] xt_DHCPMAC: replaced skb_make_writable with skb_ensure_writable.

[Jeremy Sowden]

[-- Attachment #1: Type: text/plain, Size: 992 bytes --]

On 2019-08-11, at 20:42:17 +0200, Florian Westphal wrote:
> Jeremy Sowden <jeremy@azazel.net> wrote:
> > skb_make_writable was removed from the kernel in 5.2 and its callers
> > converted to use skb_ensure_writable.
> >
> > Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
> > ---
> >  extensions/xt_DHCPMAC.c | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/extensions/xt_DHCPMAC.c b/extensions/xt_DHCPMAC.c
> > index 47f9534f74c7..412f8984d326 100644
> > --- a/extensions/xt_DHCPMAC.c
> > +++ b/extensions/xt_DHCPMAC.c
> > @@ -96,7 +96,7 @@ dhcpmac_tg(struct sk_buff *skb, const struct
> xt_action_param *par)
> >  	struct udphdr udpbuf, *udph;
> >  	unsigned int i;
> >
> > -	if (!skb_make_writable(skb, 0))
> > +	if (!skb_ensure_writable(skb, 0))
> >  		return NF_DROP;
>
> You need to drop the "!".  The "0" argument is suspicious as well, i
> guess this needs to be "skb->len".

Whoops.  Not paying enough attention.  Will correct and resend.

Thanks,

J.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

[PATCH xtables-addons v2 0/2] Kernel API updates

[Jeremy Sowden]

v3.3 of xtables-addons does not compile against v5.2 of the kernel owing
to a couple of kernel API changes.  These two patches update the broken
extensions to work with the new API's.

Jeremy Sowden (2):
  xt_pknock, xt_SYSRQ: don't set shash_desc::flags.
  xt_DHCPMAC: replaced skb_make_writable with skb_ensure_writable.

 extensions/pknock/xt_pknock.c | 1 -
 extensions/xt_DHCPMAC.c       | 3 ++-
 extensions/xt_SYSRQ.c         | 1 -
 3 files changed, 2 insertions(+), 3 deletions(-)

Since v1:

 * added this cover-letter;
 * fixed the skb_ensure_writable call in line with Florian Westphal's
   feedback.

-- 
2.20.1

[PATCH xtables-addons v2 1/2] xt_pknock, xt_SYSRQ: don't set shash_desc::flags.

[Jeremy Sowden]

shash_desc::flags was removed from the kernel in 5.1.

Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
---
 extensions/pknock/xt_pknock.c | 1 -
 extensions/xt_SYSRQ.c         | 1 -
 2 files changed, 2 deletions(-)

diff --git a/extensions/pknock/xt_pknock.c b/extensions/pknock/xt_pknock.c
index c76901ac4c1a..8021ea07e1b9 100644
--- a/extensions/pknock/xt_pknock.c
+++ b/extensions/pknock/xt_pknock.c
@@ -1125,7 +1125,6 @@ static int __init xt_pknock_mt_init(void)
 
 	crypto.size = crypto_shash_digestsize(crypto.tfm);
 	crypto.desc.tfm = crypto.tfm;
-	crypto.desc.flags = 0;
 
 	pde = proc_mkdir("xt_pknock", init_net.proc_net);
 	if (pde == NULL) {
diff --git a/extensions/xt_SYSRQ.c b/extensions/xt_SYSRQ.c
index c386c7e2db5d..183692f49489 100644
--- a/extensions/xt_SYSRQ.c
+++ b/extensions/xt_SYSRQ.c
@@ -114,7 +114,6 @@ static unsigned int sysrq_tg(const void *pdata, uint16_t len)
 	}
 
 	desc.tfm   = sysrq_tfm;
-	desc.flags = 0;
 	ret = crypto_shash_init(&desc);
 	if (ret != 0)
 		goto hash_fail;
-- 
2.20.1

[PATCH xtables-addons v2 2/2] xt_DHCPMAC: replaced skb_make_writable with skb_ensure_writable.

[Jeremy Sowden]

skb_make_writable was removed from the kernel in 5.2 and its callers
converted to use skb_ensure_writable.

Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
---
 extensions/xt_DHCPMAC.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/extensions/xt_DHCPMAC.c b/extensions/xt_DHCPMAC.c
index 47f9534f74c7..a748cb101d99 100644
--- a/extensions/xt_DHCPMAC.c
+++ b/extensions/xt_DHCPMAC.c
@@ -96,7 +96,8 @@ dhcpmac_tg(struct sk_buff *skb, const struct xt_action_param *par)
 	struct udphdr udpbuf, *udph;
 	unsigned int i;
 
-	if (!skb_make_writable(skb, 0))
+	if (skb_ensure_writable(skb, ip_hdrlen(skb) + sizeof(udpbuf) +
+				     sizeof(dhcpbuf)))
 		return NF_DROP;
 
 	udph = skb_header_pointer(skb, ip_hdrlen(skb),
-- 
2.20.1

Re: [PATCH xtables-addons v2 0/2] Kernel API updates

[Jeremy Sowden]

[-- Attachment #1: Type: text/plain, Size: 575 bytes --]

On 2019-08-12, at 12:57:40 +0100, Jeremy Sowden wrote:
> v3.3 of xtables-addons does not compile against v5.2 of the kernel
> owing to a couple of kernel API changes.  These two patches update the
> broken extensions to work with the new API's.
>
> Jeremy Sowden (2):
>   xt_pknock, xt_SYSRQ: don't set shash_desc::flags.
>   xt_DHCPMAC: replaced skb_make_writable with skb_ensure_writable.

Turns out that there is already a merge-request open against the
xtables-addons git repo for the shash_desc::flags fix.  I've created
another one for the skb_ensure_writable fix.

J.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

Re: [PATCH xtables-addons v2 1/2] xt_pknock, xt_SYSRQ: don't set shash_desc::flags.

[Jan Engelhardt]

On Monday 2019-08-12 19:57, Jeremy Sowden wrote:

>shash_desc::flags was removed from the kernel in 5.1.
>
>Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
>---
> extensions/pknock/xt_pknock.c | 1 -
> extensions/xt_SYSRQ.c         | 1 -
> 2 files changed, 2 deletions(-)
>
>diff --git a/extensions/pknock/xt_pknock.c b/extensions/pknock/xt_pknock.c
>index c76901ac4c1a..8021ea07e1b9 100644
>--- a/extensions/pknock/xt_pknock.c
>+++ b/extensions/pknock/xt_pknock.c
>@@ -1125,7 +1125,6 @@ static int __init xt_pknock_mt_init(void)
> 
> 	crypto.size = crypto_shash_digestsize(crypto.tfm);
> 	crypto.desc.tfm = crypto.tfm;
>-	crypto.desc.flags = 0;

But this will still be needed for 5.0 I guess, so it cannot just be 
unconditionally removed.

Re: [PATCH xtables-addons v2 1/2] xt_pknock, xt_SYSRQ: don't set shash_desc::flags.

[Jeremy Sowden]

[-- Attachment #1.1: Type: text/plain, Size: 1632 bytes --]

On 2019-08-12, at 23:17:52 +0800, Jan Engelhardt wrote:
> On Monday 2019-08-12 19:57, Jeremy Sowden wrote:
> >shash_desc::flags was removed from the kernel in 5.1.
> >
> >Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
> >---
> > extensions/pknock/xt_pknock.c | 1 -
> > extensions/xt_SYSRQ.c         | 1 -
> > 2 files changed, 2 deletions(-)
> >
> >diff --git a/extensions/pknock/xt_pknock.c b/extensions/pknock/xt_pknock.c
> >index c76901ac4c1a..8021ea07e1b9 100644
> >--- a/extensions/pknock/xt_pknock.c
> >+++ b/extensions/pknock/xt_pknock.c
> >@@ -1125,7 +1125,6 @@ static int __init xt_pknock_mt_init(void)
> >
> > 	crypto.size = crypto_shash_digestsize(crypto.tfm);
> > 	crypto.desc.tfm = crypto.tfm;
> >-	crypto.desc.flags = 0;
>
> But this will still be needed for 5.0 I guess, so it cannot just be
> unconditionally removed.

That assignment was actually superfluous anyway, because crypto.desc is
zero-initialized when crypto is initialized (xt_pknock.c, ll. 110ff.):

  static struct {
          const char *algo;
          struct crypto_shash *tfm;
          unsigned int size;
          struct shash_desc desc;
  } crypto = {
          .algo	= "hmac(sha256)",
          .tfm	= NULL,
          .size	= 0
  };

In fact the explicit zero-initialization of .tfm and .size is also
superfluous and can be removed:

  static struct {
          const char *algo;
          struct crypto_shash *tfm;
          unsigned int size;
          struct shash_desc desc;
  } crypto = {
          .algo	= "hmac(sha256)",
  };

Adding an initializer to the variable declaration in xt_SYSRQ.c will do
the same thing.  Patch attached.

J.

[-- Attachment #1.2: 0001-xt_pknock-xt_SYSRQ-don-t-set-shash_desc-flags.patch --]
[-- Type: text/x-diff, Size: 2001 bytes --]

From ea440005076686ba946da433049d4e68c4672984 Mon Sep 17 00:00:00 2001
From: Jeremy Sowden <jeremy@azazel.net>
Date: Sun, 11 Aug 2019 14:08:42 +0100
Subject: [PATCH] xt_pknock, xt_SYSRQ: don't set shash_desc::flags.

shash_desc::flags was removed from the kernel in 5.1, so removed the
explicit assignment of zero to it.

In the case of xt_pknock.c, the change is backwards-compatible because
the shash_desc was already zero-initialized when the enclosing crypto
struct was initialized.  In the case of xt_SYSRQ.c, we add an
initializer for the shash_desc which will ensure that all members which
are not explicitly initialized will be initialized to zero, including
.flags in the case of older kernels.

Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
---
 extensions/pknock/xt_pknock.c | 1 -
 extensions/xt_SYSRQ.c         | 4 +---
 2 files changed, 1 insertion(+), 4 deletions(-)

diff --git a/extensions/pknock/xt_pknock.c b/extensions/pknock/xt_pknock.c
index c76901ac4c1a..8021ea07e1b9 100644
--- a/extensions/pknock/xt_pknock.c
+++ b/extensions/pknock/xt_pknock.c
@@ -1125,7 +1125,6 @@ static int __init xt_pknock_mt_init(void)
 
 	crypto.size = crypto_shash_digestsize(crypto.tfm);
 	crypto.desc.tfm = crypto.tfm;
-	crypto.desc.flags = 0;
 
 	pde = proc_mkdir("xt_pknock", init_net.proc_net);
 	if (pde == NULL) {
diff --git a/extensions/xt_SYSRQ.c b/extensions/xt_SYSRQ.c
index c386c7e2db5d..f04bd2cdc0f2 100644
--- a/extensions/xt_SYSRQ.c
+++ b/extensions/xt_SYSRQ.c
@@ -74,7 +74,7 @@ static unsigned int sysrq_tg(const void *pdata, uint16_t len)
 {
 	const char *data = pdata;
 	int i, n;
-	struct shash_desc desc;
+	struct shash_desc desc = { .tfm = sysrq_tfm };
 	int ret;
 	long new_seqno = 0;
 
@@ -113,8 +113,6 @@ static unsigned int sysrq_tg(const void *pdata, uint16_t len)
 		return NF_DROP;
 	}
 
-	desc.tfm   = sysrq_tfm;
-	desc.flags = 0;
 	ret = crypto_shash_init(&desc);
 	if (ret != 0)
 		goto hash_fail;
-- 
2.20.1


[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

Re: [PATCH xtables-addons v2 1/2] xt_pknock, xt_SYSRQ: don't set shash_desc::flags.

[Franta Hanzlík]

On Mon, 12 Aug 2019 17:57:31 +0100
Jeremy Sowden <jeremy@azazel.net> wrote:

> On 2019-08-12, at 23:17:52 +0800, Jan Engelhardt wrote:
> > On Monday 2019-08-12 19:57, Jeremy Sowden wrote:  
> > >shash_desc::flags was removed from the kernel in 5.1.
> > >
> > >Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
> > >---
> > > extensions/pknock/xt_pknock.c | 1 -
> > > extensions/xt_SYSRQ.c         | 1 -
> > > 2 files changed, 2 deletions(-)
> > >
> > >diff --git a/extensions/pknock/xt_pknock.c b/extensions/pknock/xt_pknock.c
> > >index c76901ac4c1a..8021ea07e1b9 100644
> > >--- a/extensions/pknock/xt_pknock.c
> > >+++ b/extensions/pknock/xt_pknock.c
> > >@@ -1125,7 +1125,6 @@ static int __init xt_pknock_mt_init(void)
> > >
> > > 	crypto.size = crypto_shash_digestsize(crypto.tfm);
> > > 	crypto.desc.tfm = crypto.tfm;
> > >-	crypto.desc.flags = 0;  
> >
> > But this will still be needed for 5.0 I guess, so it cannot just be
> > unconditionally removed.  
> 
> That assignment was actually superfluous anyway, because crypto.desc is
> zero-initialized when crypto is initialized (xt_pknock.c, ll. 110ff.):
> 
>   static struct {
>           const char *algo;
>           struct crypto_shash *tfm;
>           unsigned int size;
>           struct shash_desc desc;
>   } crypto = {
>           .algo	= "hmac(sha256)",
>           .tfm	= NULL,
>           .size	= 0
>   };
> 
> In fact the explicit zero-initialization of .tfm and .size is also
> superfluous and can be removed:
> 
>   static struct {
>           const char *algo;
>           struct crypto_shash *tfm;
>           unsigned int size;
>           struct shash_desc desc;
>   } crypto = {
>           .algo	= "hmac(sha256)",
>   };
> 
> Adding an initializer to the variable declaration in xt_SYSRQ.c will do
> the same thing.  Patch attached.
> 
> J.

Hi Jeremy, thanks for Your patches!
Please, they are only here in mail list, or also in any repo?
Or will be some new package release and I should wait?

My xtables-addons v3.3 package list SourceForge as project home site,
but I can't find there nothing newer than stuff from March 2019:
https://sourceforge.net/p/xtables-addons/xtables-addons/ci/master/tree/
Or am I wrong?
-- 
Thanks, Franta Hanzlik

Re: [PATCH xtables-addons v2 1/2] xt_pknock, xt_SYSRQ: don't set shash_desc::flags.

[Jeremy Sowden]

[-- Attachment #1: Type: text/plain, Size: 1911 bytes --]

On 2019-08-19, at 21:34:11 +0200, Franta Hanzlík wrote:
> On Mon, 12 Aug 2019 17:57:31 +0100 Jeremy Sowden wrote:
> > On 2019-08-12, at 23:17:52 +0800, Jan Engelhardt wrote:
> > > On Monday 2019-08-12 19:57, Jeremy Sowden wrote:
> > > >shash_desc::flags was removed from the kernel in 5.1.
> > > >
> > > >Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
> > > >---
> > > > extensions/pknock/xt_pknock.c | 1 -
> > > > extensions/xt_SYSRQ.c         | 1 -
> > > > 2 files changed, 2 deletions(-)
> > > >
> > > >diff --git a/extensions/pknock/xt_pknock.c b/extensions/pknock/xt_pknock.c
> > > >index c76901ac4c1a..8021ea07e1b9 100644
> > > >--- a/extensions/pknock/xt_pknock.c
> > > >+++ b/extensions/pknock/xt_pknock.c
> > > >@@ -1125,7 +1125,6 @@ static int __init xt_pknock_mt_init(void)
> > > >
> > > > 	crypto.size = crypto_shash_digestsize(crypto.tfm);
> > > > 	crypto.desc.tfm = crypto.tfm;
> > > >-	crypto.desc.flags = 0;
> > >
> > > But this will still be needed for 5.0 I guess, so it cannot just be
> > > unconditionally removed.
> >
> > That assignment was actually superfluous anyway, because crypto.desc is
> > zero-initialized when crypto is initialized (xt_pknock.c, ll. 110ff.):
> >
> > [...]
> >
> > Adding an initializer to the variable declaration in xt_SYSRQ.c will do
> > the same thing.
>
> Hi Jeremy, thanks for Your patches!
> Please, they are only here in mail list, or also in any repo?
> Or will be some new package release and I should wait?
>
> My xtables-addons v3.3 package list SourceForge as project home site,
> but I can't find there nothing newer than stuff from March 2019:
> https://sourceforge.net/p/xtables-addons/xtables-addons/ci/master/tree/

There are open MR's:

  https://sourceforge.net/p/xtables-addons/xtables-addons/merge-requests/12/
  https://sourceforge.net/p/xtables-addons/xtables-addons/merge-requests/13/

J.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

Re: [PATCH xtables-addons v2 1/2] xt_pknock, xt_SYSRQ: don't set shash_desc::flags.

[Jan Engelhardt]

On Monday 2019-08-12 13:57, Jeremy Sowden wrote:

>shash_desc::flags was removed from the kernel in 5.1.

Applied this. The DHCPMAC update I happened to take from SF.