From 8a39fa3522f32ffcebf7c85345819a2a9ddedb72 Mon Sep 17 00:00:00 2001 From: Emil Velikov Date: Sun, 22 Oct 2023 13:13:57 +0100 Subject: [PATCH 1/4] Add skb_ensure_writable() wrapper for older kernels Make a simple wrapper and avoid the multiple #if checks across the codebase. Signed-off-by: Emil Velikov --- src/xt_WGOBFS_main.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/src/xt_WGOBFS_main.c b/src/xt_WGOBFS_main.c index 2546455..1646ead 100644 --- a/src/xt_WGOBFS_main.c +++ b/src/xt_WGOBFS_main.c @@ -19,6 +19,14 @@ #define WG_MIN_LEN 32 #define MIN_RND_LEN 4 +#if LINUX_VERSION_CODE < KERNEL_VERSION(5,3,0) +static inline int +skb_ensure_writable(struct sk_buff *skb, unsigned int write_len) +{ + return !skb_make_writable(skb, write_len); +} +#endif + enum chacha_output_lengths { MAX_RND_LEN = 32, MAX_RND_WORDS = MAX_RND_LEN / sizeof(u32), @@ -164,11 +172,7 @@ static int prepare_skb_for_insert(struct sk_buff *skb, int ntail) return -1; } -#if LINUX_VERSION_CODE >= KERNEL_VERSION(5,3,0) if (unlikely(skb_ensure_writable(skb, skb->len))) -#else - if (unlikely(!skb_make_writable(skb, skb->len))) -#endif return -1; skb_put(skb, ntail); @@ -312,11 +316,7 @@ static unsigned int xt_unobfs(struct sk_buff *skb, int data_len; int rnd_len; -#if LINUX_VERSION_CODE >= KERNEL_VERSION(5,3,0) if (unlikely(skb_ensure_writable(skb, skb->len))) -#else - if (unlikely(!skb_make_writable(skb, skb->len))) -#endif return NF_DROP; udph = udp_hdr(skb); From 23bd5dbeff3fe4ecac4aa6945904fa5998eb4a5e Mon Sep 17 00:00:00 2001 From: Emil Velikov Date: Sun, 22 Oct 2023 13:16:49 +0100 Subject: [PATCH 2/4] Add fallback xt_action_param struct/define Older kernels name the struct differently. Use a #define to trivially workaround that. Signed-off-by: Emil Velikov --- src/xt_WGOBFS_main.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/src/xt_WGOBFS_main.c b/src/xt_WGOBFS_main.c index 1646ead..543d787 100644 --- a/src/xt_WGOBFS_main.c +++ b/src/xt_WGOBFS_main.c @@ -19,6 +19,10 @@ #define WG_MIN_LEN 32 #define MIN_RND_LEN 4 +#if LINUX_VERSION_CODE < KERNEL_VERSION(3,7,0) +#define xt_action_param xt_target_param +#endif + #if LINUX_VERSION_CODE < KERNEL_VERSION(5,3,0) static inline int skb_ensure_writable(struct sk_buff *skb, unsigned int write_len) @@ -349,13 +353,8 @@ static unsigned int xt_unobfs(struct sk_buff *skb, return XT_CONTINUE; } -#if LINUX_VERSION_CODE >= KERNEL_VERSION(3,7,0) static unsigned int xt_wg_obfs_target(struct sk_buff *skb, const struct xt_action_param *par) -#else -static unsigned int -xt_wg_obfs_target(struct sk_buff *skb, const struct xt_target_param *par) -#endif { const struct xt_wg_obfs_info *info = par->targinfo; struct iphdr *iph; From 7f4d33ec70a456cd6e30e3f549163ca074b09d9b Mon Sep 17 00:00:00 2001 From: Emil Velikov Date: Sun, 22 Oct 2023 13:18:18 +0100 Subject: [PATCH 3/4] Remove fallback code for < 2.6.35 kernels 2.6.35 was released over 13 years ago. I think it's fine to let go now. Signed-off-by: Emil Velikov --- src/xt_WGOBFS_main.c | 13 ------------- 1 file changed, 13 deletions(-) diff --git a/src/xt_WGOBFS_main.c b/src/xt_WGOBFS_main.c index 543d787..625801a 100644 --- a/src/xt_WGOBFS_main.c +++ b/src/xt_WGOBFS_main.c @@ -372,7 +372,6 @@ xt_wg_obfs_target(struct sk_buff *skb, const struct xt_action_param *par) return XT_CONTINUE; } -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,35) static int xt_wg_obfs_checkentry(const struct xt_tgchk_param *par) { if (strcmp(par->table, "mangle")) { @@ -383,18 +382,6 @@ static int xt_wg_obfs_checkentry(const struct xt_tgchk_param *par) return 0; } -#else -static bool xt_wg_obfs_checkentry(const struct xt_tgchk_param *par) -{ - if (strcmp(par->table, "mangle")) { - printk(KERN_WARNING - "WGOBFS: can only be called from mangle table\n"); - return false; - } - - return true; -} -#endif static struct xt_target xt_wg_obfs = { .name = "WGOBFS", From 2466b90cd244a0406ffac1cfbc580ca166da54d8 Mon Sep 17 00:00:00 2001 From: Emil Velikov Date: Sun, 22 Oct 2023 13:24:41 +0100 Subject: [PATCH 4/4] Remove unused code The wg_message_handshake_cookie struct alongside all the static inline helpers are unused - remove them. The former was unused since its introduction, while the latter since commit bf30d58d2b23a2b4c6c08c8712d09b09223da9a3 Signed-off-by: Emil Velikov --- src/wg.h | 62 -------------------------------------------------------- 1 file changed, 62 deletions(-) diff --git a/src/wg.h b/src/wg.h index 86791b9..e463872 100644 --- a/src/wg.h +++ b/src/wg.h @@ -32,65 +32,3 @@ struct wg_message_handshake_response { u8 encrypted_nothing[wg_noise_encrypted_len(0)]; struct wg_message_macs macs; }; - -struct wg_message_handshake_cookie { - struct wg_message_header header; - __le32 receiver_index; - u8 nonce[WG_COOKIE_NONCE_LEN]; - u8 encrypted_cookie[wg_noise_encrypted_len(WG_COOKIE_LEN)]; -}; - -#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 13, 0) && LINUX_VERSION_CODE >= KERNEL_VERSION(4, 2, 0) && (LINUX_VERSION_CODE >= KERNEL_VERSION(4, 10, 0) || LINUX_VERSION_CODE < KERNEL_VERSION(4, 9, 320)) -#include -#include -#include -struct rng_initializer { - struct completion done; - struct random_ready_callback cb; -}; -static inline void rng_initialized_callback(struct random_ready_callback *cb) -{ - complete(&container_of(cb, struct rng_initializer, cb)->done); -} -static inline int wait_for_random_bytes(void) -{ - static bool rng_is_initialized = false; - int ret; - if (unlikely(!rng_is_initialized)) { - struct rng_initializer rng = { - .done = COMPLETION_INITIALIZER(rng.done), - .cb = { .owner = THIS_MODULE, .func = rng_initialized_callback } - }; - ret = add_random_ready_callback(&rng.cb); - if (!ret) { - ret = wait_for_completion_interruptible(&rng.done); - if (ret) { - del_random_ready_callback(&rng.cb); - return ret; - } - } else if (ret != -EALREADY) - return ret; - rng_is_initialized = true; - } - return 0; -} -#elif LINUX_VERSION_CODE < KERNEL_VERSION(4, 2, 0) -/* This is a disaster. Without this API, we really have no way of - * knowing if it's initialized. We just return that it has and hope - * for the best... */ -static inline int wait_for_random_bytes(void) -{ - return 0; -} -#endif - -#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 13, 0) && (LINUX_VERSION_CODE >= KERNEL_VERSION(4, 10, 0) || LINUX_VERSION_CODE < KERNEL_VERSION(4, 9, 320)) -static inline int get_random_bytes_wait(void *buf, int nbytes) -{ - int ret = wait_for_random_bytes(); - if (unlikely(ret)) - return ret; - get_random_bytes(buf, nbytes); - return 0; -} -#endif