From 92df63e9e37156aba8c0164804ce54487466a117 Mon Sep 17 00:00:00 2001 From: Dmitriy Stepanenko Date: Tue, 5 Nov 2019 17:36:49 +0200 Subject: [PATCH 01/20] Fixing DKMS build --- dkms.conf | 5 +++-- src/xt_tls_main.c | 2 +- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/dkms.conf b/dkms.conf index e57ef67..e29ac20 100644 --- a/dkms.conf +++ b/dkms.conf @@ -4,7 +4,8 @@ CLEAN="make clean" BUILT_MODULE_NAME=xt_tls BUILT_MODULE_LOCATION=src/ PACKAGE_NAME=xt_tls -PACKAGE_VERSION=0.3.2 -REMAKE_INITRD=yes +PACKAGE_VERSION=0.3.3 +#REMAKE_INITRD=yes +AUTOINSTALL="no" POST_INSTALL=dkms/post-install.sh POST_REMOVE=dkms/post-remove.sh diff --git a/src/xt_tls_main.c b/src/xt_tls_main.c index 24f3080..9fa7b3b 100644 --- a/src/xt_tls_main.c +++ b/src/xt_tls_main.c @@ -450,5 +450,5 @@ module_exit(tls_mt_exit); MODULE_LICENSE("GPL"); MODULE_AUTHOR("Nils Andreas Svee "); MODULE_DESCRIPTION("Xtables: TLS (SNI) matching"); -MODULE_VERSION("0.3.1"); +MODULE_VERSION("0.3.3"); MODULE_ALIAS("ipt_tls"); From e268b8f98283e5ca52fecac4d4e972f716bc3b6b Mon Sep 17 00:00:00 2001 From: Dmitriy Stepanenko Date: Sat, 9 Nov 2019 12:19:03 +0200 Subject: [PATCH 02/20] Trying to fix the module vermagic when building with DKMS --- dkms.conf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dkms.conf b/dkms.conf index e29ac20..95702d9 100644 --- a/dkms.conf +++ b/dkms.conf @@ -1,6 +1,6 @@ DEST_MODULE_LOCATION[0]="/extra" -MAKE="make KERNELDIR=/lib/modules/${kernelver}/build" -CLEAN="make clean" +MAKE="make KERNELDIR=/lib/modules/${kernelver}/build KVERSION=$kernelver KERNEL_VERSION=$kernelver BUILD_KERNEL=$kernelver" +CLEAN="make clean KVERSION=$kernelver KERNEL_VERSION=$kernelver BUILD_KERNEL=$kernelver" BUILT_MODULE_NAME=xt_tls BUILT_MODULE_LOCATION=src/ PACKAGE_NAME=xt_tls From 4d7a9131db730ad7656f1ef28f7702097c6e05fc Mon Sep 17 00:00:00 2001 From: Dmitriy Stepanenko Date: Mon, 11 Nov 2019 14:29:35 +0200 Subject: [PATCH 03/20] Trying to fix the module vermagic when building with DKMS --- dkms.conf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dkms.conf b/dkms.conf index 95702d9..3278dc8 100644 --- a/dkms.conf +++ b/dkms.conf @@ -1,6 +1,6 @@ DEST_MODULE_LOCATION[0]="/extra" -MAKE="make KERNELDIR=/lib/modules/${kernelver}/build KVERSION=$kernelver KERNEL_VERSION=$kernelver BUILD_KERNEL=$kernelver" -CLEAN="make clean KVERSION=$kernelver KERNEL_VERSION=$kernelver BUILD_KERNEL=$kernelver" +MAKE="make KERNELDIR=/lib/modules/${kernelver}/build KERNEL_VERSION=$kernelver BUILD_KERNEL=$kernelver" +CLEAN="make clean KERNELDIR=/lib/modules/${kernelver}/build KERNEL_VERSION=$kernelver BUILD_KERNEL=$kernelver" BUILT_MODULE_NAME=xt_tls BUILT_MODULE_LOCATION=src/ PACKAGE_NAME=xt_tls From 4f6a12bff82ae03c135680a7f0744659b51df69b Mon Sep 17 00:00:00 2001 From: Dmitriy Stepanenko Date: Mon, 11 Nov 2019 15:07:10 +0200 Subject: [PATCH 04/20] Trying to fix the module vermagic when building with DKMS --- dkms.conf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dkms.conf b/dkms.conf index 3278dc8..066e5c2 100644 --- a/dkms.conf +++ b/dkms.conf @@ -1,6 +1,6 @@ DEST_MODULE_LOCATION[0]="/extra" -MAKE="make KERNELDIR=/lib/modules/${kernelver}/build KERNEL_VERSION=$kernelver BUILD_KERNEL=$kernelver" -CLEAN="make clean KERNELDIR=/lib/modules/${kernelver}/build KERNEL_VERSION=$kernelver BUILD_KERNEL=$kernelver" +MAKE="make KERNELDIR=/lib/modules/${kernelver}/build KERNEL_VERSION=$kernelver" +CLEAN="make clean KERNELDIR=/lib/modules/${kernelver}/build KERNEL_VERSION=$kernelver" BUILT_MODULE_NAME=xt_tls BUILT_MODULE_LOCATION=src/ PACKAGE_NAME=xt_tls From 970e04b53d106d8f3191303abee651596c191434 Mon Sep 17 00:00:00 2001 From: Dmitriy Stepanenko Date: Mon, 11 Nov 2019 18:04:18 +0200 Subject: [PATCH 05/20] Trying to fix the module vermagic when building with DKMS --- dkms.conf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dkms.conf b/dkms.conf index 066e5c2..1fdc1a9 100644 --- a/dkms.conf +++ b/dkms.conf @@ -1,6 +1,6 @@ DEST_MODULE_LOCATION[0]="/extra" -MAKE="make KERNELDIR=/lib/modules/${kernelver}/build KERNEL_VERSION=$kernelver" -CLEAN="make clean KERNELDIR=/lib/modules/${kernelver}/build KERNEL_VERSION=$kernelver" +MAKE="make KERNEL_VERSION=$kernelver" +CLEAN="make KERNEL_VERSION=$kernelver" BUILT_MODULE_NAME=xt_tls BUILT_MODULE_LOCATION=src/ PACKAGE_NAME=xt_tls From d09eb1e2cddd34e714c7fe287d1712123c7d9ace Mon Sep 17 00:00:00 2001 From: Dmitriy Stepanenko Date: Tue, 12 Nov 2019 12:00:00 +0200 Subject: [PATCH 06/20] Revert "Trying to fix the module vermagic when building with DKMS" This reverts commit 4f6a12bff82ae03c135680a7f0744659b51df69b. --- dkms.conf | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/dkms.conf b/dkms.conf index 1fdc1a9..f6942bd 100644 --- a/dkms.conf +++ b/dkms.conf @@ -1,6 +1,7 @@ DEST_MODULE_LOCATION[0]="/extra" -MAKE="make KERNEL_VERSION=$kernelver" -CLEAN="make KERNEL_VERSION=$kernelver" +MAKE="make KERNELDIR=/lib/modules/${kernelver}/build KERNEL_VERSION=$kernelver" +CLEAN="make clean KERNELDIR=/lib/modules/${kernelver}/build KERNEL_VERSION=$kernelver" +>>>>>>> parent of 4f6a12b... Trying to fix the module vermagic when building with DKMS BUILT_MODULE_NAME=xt_tls BUILT_MODULE_LOCATION=src/ PACKAGE_NAME=xt_tls From b4e440914b66c62251247477a6e755b1baeeff53 Mon Sep 17 00:00:00 2001 From: mpolk Date: Tue, 12 Nov 2019 12:01:34 +0200 Subject: [PATCH 07/20] Fix DKMS issues Fix issues: 1) with the automatic driver building on the kernel upgrade on Ubuntu and other systems without the "dkms_autoinstaller" service 2) with the module VERMAGIC (it was not emitted) --- dkms.conf | 1 - 1 file changed, 1 deletion(-) diff --git a/dkms.conf b/dkms.conf index f6942bd..066e5c2 100644 --- a/dkms.conf +++ b/dkms.conf @@ -1,7 +1,6 @@ DEST_MODULE_LOCATION[0]="/extra" MAKE="make KERNELDIR=/lib/modules/${kernelver}/build KERNEL_VERSION=$kernelver" CLEAN="make clean KERNELDIR=/lib/modules/${kernelver}/build KERNEL_VERSION=$kernelver" ->>>>>>> parent of 4f6a12b... Trying to fix the module vermagic when building with DKMS BUILT_MODULE_NAME=xt_tls BUILT_MODULE_LOCATION=src/ PACKAGE_NAME=xt_tls From ecce2722548898c4e1c410412af8f96b95ebc83d Mon Sep 17 00:00:00 2001 From: mpolk Date: Thu, 23 Jul 2020 15:10:16 +0300 Subject: [PATCH 08/20] Fix domain suffix matching to occur only on the zone boundaries (dots) --- dkms.conf | 2 +- src/hostset.c | 9 ++++++--- src/xt_tls_main.c | 2 +- 3 files changed, 8 insertions(+), 5 deletions(-) diff --git a/dkms.conf b/dkms.conf index 066e5c2..cf53527 100644 --- a/dkms.conf +++ b/dkms.conf @@ -4,7 +4,7 @@ CLEAN="make clean KERNELDIR=/lib/modules/${kernelver}/build KERNEL_VERSION=$kern BUILT_MODULE_NAME=xt_tls BUILT_MODULE_LOCATION=src/ PACKAGE_NAME=xt_tls -PACKAGE_VERSION=0.3.3 +PACKAGE_VERSION=0.3.4 #REMAKE_INITRD=yes AUTOINSTALL="no" POST_INSTALL=dkms/post-install.sh diff --git a/src/hostset.c b/src/hostset.c index 427c66f..bcbc2c6 100644 --- a/src/hostset.c +++ b/src/hostset.c @@ -254,11 +254,14 @@ bool hs_lookup(struct host_set *hs, const char *hostname, bool suffix_matching) for (node = hs->hosts.rb_node; ! result && node;) { struct host_set_elem *hse = rb_entry(node, struct host_set_elem, rbnode); int cmp; - if (suffix_matching) { + if (! suffix_matching) { + cmp = strcmp(pattern, hse->name); + } else { size_t len = strlen(hse->name); cmp = strncmp(pattern, hse->name, len); - } else { - cmp = strcmp(pattern, hse->name); + if (cmp == 0 && len < strlen(pattern) && pattern[len + 1] != '.') { + cmp = 1; + }//if }//if if (cmp < 0) diff --git a/src/xt_tls_main.c b/src/xt_tls_main.c index 9fa7b3b..e0813e4 100644 --- a/src/xt_tls_main.c +++ b/src/xt_tls_main.c @@ -450,5 +450,5 @@ module_exit(tls_mt_exit); MODULE_LICENSE("GPL"); MODULE_AUTHOR("Nils Andreas Svee "); MODULE_DESCRIPTION("Xtables: TLS (SNI) matching"); -MODULE_VERSION("0.3.3"); +MODULE_VERSION("0.3.4"); MODULE_ALIAS("ipt_tls"); From bb455ed0a9f5f8e1ed5ce98384ab0c9a4b8b21f2 Mon Sep 17 00:00:00 2001 From: mpolk Date: Thu, 23 Jul 2020 17:24:37 +0300 Subject: [PATCH 09/20] Fix domain suffix matching to occur only on the zone boundaries (dots) --- src/hostset.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/hostset.c b/src/hostset.c index bcbc2c6..f1d07e8 100644 --- a/src/hostset.c +++ b/src/hostset.c @@ -259,7 +259,7 @@ bool hs_lookup(struct host_set *hs, const char *hostname, bool suffix_matching) } else { size_t len = strlen(hse->name); cmp = strncmp(pattern, hse->name, len); - if (cmp == 0 && len < strlen(pattern) && pattern[len + 1] != '.') { + if (cmp == 0 && len < strlen(pattern) && pattern[len] != '.') { cmp = 1; }//if }//if From 85c37414202dd09ee0f7306554a4f178dc569585 Mon Sep 17 00:00:00 2001 From: mpolk Date: Mon, 27 Jul 2020 12:38:03 +0300 Subject: [PATCH 10/20] Try to make this module work on the desktop Ubuntu/Mint --- dkms.conf | 2 +- src/hostset.c | 2 +- src/xt_tls_main.c | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/dkms.conf b/dkms.conf index cf53527..97783bf 100644 --- a/dkms.conf +++ b/dkms.conf @@ -4,7 +4,7 @@ CLEAN="make clean KERNELDIR=/lib/modules/${kernelver}/build KERNEL_VERSION=$kern BUILT_MODULE_NAME=xt_tls BUILT_MODULE_LOCATION=src/ PACKAGE_NAME=xt_tls -PACKAGE_VERSION=0.3.4 +PACKAGE_VERSION=0.3.5 #REMAKE_INITRD=yes AUTOINSTALL="no" POST_INSTALL=dkms/post-install.sh diff --git a/src/hostset.c b/src/hostset.c index f1d07e8..4f993dc 100644 --- a/src/hostset.c +++ b/src/hostset.c @@ -47,7 +47,7 @@ int hs_init(struct host_set *hs, const char *name) hs->hosts = RB_ROOT; hs->filesize = 0; - hs->proc_file = proc_create_data(name, 0644, proc_fs_hostset_dir, + hs->proc_file = proc_create_data(hs->name, 0644, proc_fs_hostset_dir, &proc_fops, hs); if (! hs->proc_file) { pr_err("Cannot create a procfs file for the host set %s\n", name); diff --git a/src/xt_tls_main.c b/src/xt_tls_main.c index e0813e4..f86f092 100644 --- a/src/xt_tls_main.c +++ b/src/xt_tls_main.c @@ -450,5 +450,5 @@ module_exit(tls_mt_exit); MODULE_LICENSE("GPL"); MODULE_AUTHOR("Nils Andreas Svee "); MODULE_DESCRIPTION("Xtables: TLS (SNI) matching"); -MODULE_VERSION("0.3.4"); +MODULE_VERSION("0.3.5"); MODULE_ALIAS("ipt_tls"); From 02765464475dc75d2471486d33719cac0a3bc882 Mon Sep 17 00:00:00 2001 From: mpolk Date: Mon, 27 Jul 2020 13:07:01 +0300 Subject: [PATCH 11/20] Try to make this module work on the desktop Ubuntu/Mint --- src/hostset.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/hostset.c b/src/hostset.c index 4f993dc..23e085d 100644 --- a/src/hostset.c +++ b/src/hostset.c @@ -53,7 +53,7 @@ int hs_init(struct host_set *hs, const char *name) pr_err("Cannot create a procfs file for the host set %s\n", name); return -EFAULT; }//if - proc_set_user(hs->proc_file, uid, gid); + //proc_set_user(hs->proc_file, uid, gid); return 0; }//hs_init From efc3f18d19bd20956dcf695849e0581f6b9574be Mon Sep 17 00:00:00 2001 From: mpolk Date: Thu, 30 Jul 2020 12:43:45 +0300 Subject: [PATCH 12/20] Try to make this module work on the desktop Ubuntu/Mint --- src/hostset.c | 2 +- src/xt_tls_main.c | 18 +++++++++++++++--- 2 files changed, 16 insertions(+), 4 deletions(-) diff --git a/src/hostset.c b/src/hostset.c index 23e085d..4f993dc 100644 --- a/src/hostset.c +++ b/src/hostset.c @@ -53,7 +53,7 @@ int hs_init(struct host_set *hs, const char *name) pr_err("Cannot create a procfs file for the host set %s\n", name); return -EFAULT; }//if - //proc_set_user(hs->proc_file, uid, gid); + proc_set_user(hs->proc_file, uid, gid); return 0; }//hs_init diff --git a/src/xt_tls_main.c b/src/xt_tls_main.c index f86f092..a400f32 100644 --- a/src/xt_tls_main.c +++ b/src/xt_tls_main.c @@ -16,6 +16,8 @@ #include "xt_tls.h" #include "hostset.h" +static uint module_usage_count = 0; + // The maximum number of host sets static int max_host_sets = 8; module_param(max_host_sets, int, S_IRUGO); @@ -401,8 +403,14 @@ static struct pernet_operations tls_net_ops = { static int __init tls_mt_init (void) { - int i; - int rc = xt_register_matches(tls_mt_regs, ARRAY_SIZE(tls_mt_regs)); + int i, rc; + + if (module_usage_count) { + module_usage_count++; + return 0; + }//if + + rc = xt_register_matches(tls_mt_regs, ARRAY_SIZE(tls_mt_regs)); if (rc) return rc; @@ -410,13 +418,13 @@ static int __init tls_mt_init (void) if (rc) { pr_err("Cannot register pernet subsys\n"); xt_unregister_matches(tls_mt_regs, ARRAY_SIZE(tls_mt_regs)); - unregister_pernet_subsys(&tls_net_ops); return rc; }//if host_set_table = kmalloc(sizeof (struct host_set) * max_host_sets, GFP_KERNEL); if (! host_set_table) { pr_err("Cannot allocate memory for the host set table\n"); + unregister_pernet_subsys(&tls_net_ops); xt_unregister_matches(tls_mt_regs, ARRAY_SIZE(tls_mt_regs)); return -ENOMEM; }//if @@ -427,12 +435,16 @@ static int __init tls_mt_init (void) for (i = 0; i < max_host_sets; i++) hs_zeroize(&host_set_table[i]); + module_usage_count++; return 0; } static void __exit tls_mt_exit (void) { int i; + if (--module_usage_count) + return; + xt_unregister_matches(tls_mt_regs, ARRAY_SIZE(tls_mt_regs)); for (i = 0; i < max_host_sets; i++) From 998f54ff9c041a859741bdd6aeed27bd1daa621a Mon Sep 17 00:00:00 2001 From: mpolk Date: Thu, 30 Jul 2020 12:55:12 +0300 Subject: [PATCH 13/20] Try to make this module work on the desktop Ubuntu/Mint --- src/xt_tls_main.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/src/xt_tls_main.c b/src/xt_tls_main.c index a400f32..b993508 100644 --- a/src/xt_tls_main.c +++ b/src/xt_tls_main.c @@ -16,7 +16,7 @@ #include "xt_tls.h" #include "hostset.h" -static uint module_usage_count = 0; +static uint module_usage_count = 0, procfs_usage_count = 0; // The maximum number of host sets static int max_host_sets = 8; @@ -378,18 +378,27 @@ static struct xt_match tls_mt_regs[] __read_mostly = { static int __net_init tls_net_init(struct net *net) { + if (procfs_usage_count) { + procfs_usage_count++; + return 0; + }//if + proc_fs_dir = proc_mkdir(KBUILD_MODNAME, net->proc_net); proc_fs_hostset_dir = proc_mkdir(PROC_FS_HOSTSET_SUBDIR, proc_fs_dir); if (! proc_fs_hostset_dir) { pr_err("Cannot create /proc/net/ subdirectory for this module\n"); return -EFAULT; }//if + + procfs_usage_count++; return 0; }//tls_net_init static void __net_exit tls_net_exit(struct net *net) { + if (--procfs_usage_count) + return; proc_remove(proc_fs_hostset_dir); proc_remove(proc_fs_dir); }//tls_net_exit From 491e2096740908071b918167256e2e391b430536 Mon Sep 17 00:00:00 2001 From: mpolk Date: Mon, 3 Aug 2020 10:40:20 +0300 Subject: [PATCH 14/20] Try to make this module work on the desktop Ubuntu/Mint --- src/xt_tls_main.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/xt_tls_main.c b/src/xt_tls_main.c index b993508..974cec8 100644 --- a/src/xt_tls_main.c +++ b/src/xt_tls_main.c @@ -378,6 +378,7 @@ static struct xt_match tls_mt_regs[] __read_mostly = { static int __net_init tls_net_init(struct net *net) { + pr_info("Initializing net %px", net); if (procfs_usage_count) { procfs_usage_count++; return 0; @@ -397,6 +398,7 @@ static int __net_init tls_net_init(struct net *net) static void __net_exit tls_net_exit(struct net *net) { + pr_info("Finalizing net %px", net); if (--procfs_usage_count) return; proc_remove(proc_fs_hostset_dir); From 7d17f70f687577b4976c5e5d89b981c6884175a2 Mon Sep 17 00:00:00 2001 From: mpolk Date: Mon, 3 Aug 2020 13:40:35 +0300 Subject: [PATCH 15/20] Try to make this module work on the desktop Ubuntu/Mint --- src/hostset.c | 4 +- src/hostset.h | 29 ++++++++++- src/xt_tls.h | 3 +- src/xt_tls_main.c | 123 ++++++++++++++++++++++++++-------------------- 4 files changed, 100 insertions(+), 59 deletions(-) diff --git a/src/hostset.c b/src/hostset.c index 4f993dc..4bdf384 100644 --- a/src/hostset.c +++ b/src/hostset.c @@ -34,7 +34,7 @@ static struct file_operations proc_fops = { }; // Initialize a host set -int hs_init(struct host_set *hs, const char *name) +int hs_init(struct host_set *hs, const char *name, struct proc_dir_entry *parent_dir) { kuid_t uid = make_kuid(&init_user_ns, 0); kgid_t gid = make_kgid(&init_user_ns, 0); @@ -47,7 +47,7 @@ int hs_init(struct host_set *hs, const char *name) hs->hosts = RB_ROOT; hs->filesize = 0; - hs->proc_file = proc_create_data(hs->name, 0644, proc_fs_hostset_dir, + hs->proc_file = proc_create_data(hs->name, 0644, parent_dir, &proc_fops, hs); if (! hs->proc_file) { pr_err("Cannot create a procfs file for the host set %s\n", name); diff --git a/src/hostset.h b/src/hostset.h index d7b7d52..57e299f 100644 --- a/src/hostset.h +++ b/src/hostset.h @@ -27,8 +27,20 @@ struct host_set { };//host_set +// Descriptor holding a pointer to the host set table for the specific net namespace +struct host_set_table_descriptor { + struct net *net; + struct proc_dir_entry *proc_fs_dir, *proc_fs_hostset_dir; + struct host_set *host_sets; + struct host_set_table_descriptor *next; +};//host_set_table_descriptor + +// The list of the host sets tables we use +extern struct host_set_table_descriptor *host_set_tables; + + // Initialize a host set -int hs_init(struct host_set *hs, const char *name); +int hs_init(struct host_set *hs, const char *name, struct proc_dir_entry *parent_dir); // Increment the usage count for the host set static inline void hs_hold(struct host_set *hs) { hs->refcount++; } // Free a host set entry (taking into account its refcount) @@ -41,3 +53,18 @@ static inline bool hs_is_free(struct host_set *hs) { return hs->refcount == 0; } static inline void hs_zeroize(struct host_set *hs) { hs->refcount = 0; } // Lookup the host set for the specifed host name bool hs_lookup(struct host_set *hs, const char *hostname, bool suffix_matching); + +// Find the host set table for a given net namespace +static inline struct host_set_table_descriptor + *find_host_set_table(struct net *net, struct host_set_table_descriptor ***ppprev) +{ + struct host_set_table_descriptor **pp; + for (pp = &host_set_tables; *pp; pp = &((*pp)->next)) { + if ((*pp)->net == net) { + if (ppprev) + *ppprev = pp; + return *pp; + }//if + }//for + return NULL; +}//find_host_set_table diff --git a/src/xt_tls.h b/src/xt_tls.h index af0c20b..c687992 100644 --- a/src/xt_tls.h +++ b/src/xt_tls.h @@ -12,11 +12,10 @@ struct xt_tls_info { __u16 op_flags, inversion_flags; char host_or_set_name[MAX_HOSTNAME_LEN + 1]; - __s32 hostset_index; + struct host_set *hostset; }; #define PROC_FS_MODULE_DIR "xt_tls" #define PROC_FS_HOSTSET_SUBDIR "hostset" -extern struct proc_dir_entry *proc_fs_hostset_dir; #endif /* _XT_TLS_TARGET_H */ diff --git a/src/xt_tls_main.c b/src/xt_tls_main.c index 974cec8..286cfb0 100644 --- a/src/xt_tls_main.c +++ b/src/xt_tls_main.c @@ -16,18 +16,13 @@ #include "xt_tls.h" #include "hostset.h" -static uint module_usage_count = 0, procfs_usage_count = 0; - // The maximum number of host sets static int max_host_sets = 8; module_param(max_host_sets, int, S_IRUGO); MODULE_PARM_DESC(max_host_sets, "host set table capacity (default 8)"); -// The table of the host sets we use -static struct host_set *host_set_table; - -// The proc-fs subdirectory for hostsets -struct proc_dir_entry *proc_fs_dir, *proc_fs_hostset_dir; +// The list of the host sets tables we use +struct host_set_table_descriptor *host_set_tables = NULL; /* * Searches through skb->data and looks for a @@ -241,6 +236,7 @@ static int get_tls_hostname(const struct sk_buff *skb, char **dest) return EPROTO; } + static bool tls_mt(const struct sk_buff *skb, struct xt_action_param *par) { char *parsed_host; @@ -263,8 +259,7 @@ static bool tls_mt(const struct sk_buff *skb, struct xt_action_param *par) match = glob_match(info->host_or_set_name, parsed_host); break; case XT_TLS_OP_HOSTSET: - match = hs_lookup(&host_set_table[info->hostset_index], - parsed_host, suffix_matching); + match = hs_lookup(info->hostset, parsed_host, suffix_matching); break; }//switch @@ -285,6 +280,14 @@ static int tls_mt_check (const struct xt_mtchk_param *par) { __u16 proto; struct xt_tls_info *match_info = par->matchinfo; + struct host_set *host_set_table; + + struct host_set_table_descriptor *hst_descr = find_host_set_table(par->net, NULL); + if (hst_descr == NULL) { + pr_err("Cannot find a host set table for the net %p", par->net); + return -EINVAL; + }//if + host_set_table = hst_descr->host_sets; if (par->family == NFPROTO_IPV4) { proto = ((const struct ipt_ip *) par->entryinfo)->proto; @@ -325,12 +328,13 @@ static int tls_mt_check (const struct xt_mtchk_param *par) pr_err("Cannot add a new hostset: the hostset table is full\n"); return -ENOMEM; }//if - rc = hs_init(&host_set_table[i], match_info->host_or_set_name); + rc = hs_init(&host_set_table[i], match_info->host_or_set_name, + hst_descr->proc_fs_hostset_dir); if (rc) return rc; }//if - match_info->hostset_index = i; + match_info->hostset = host_set_table + i; }//if return 0; @@ -345,7 +349,7 @@ static void tls_mt_destroy(const struct xt_mtdtor_param *par) match_info->op_flags, match_info->hostset_index); #endif if (match_info->op_flags & XT_TLS_OP_HOSTSET) { - hs_free(&host_set_table[match_info->hostset_index]); + hs_free(match_info->hostset); }//if }//tls_mt_destroy @@ -378,31 +382,73 @@ static struct xt_match tls_mt_regs[] __read_mostly = { static int __net_init tls_net_init(struct net *net) { +#ifdef XT_TLS_DEBUG pr_info("Initializing net %px", net); - if (procfs_usage_count) { - procfs_usage_count++; - return 0; +#endif + int i; + struct host_set_table_descriptor + *hst_descr = kmalloc(sizeof(struct host_set_table_descriptor), GFP_KERNEL); + if (hst_descr == NULL) { + pr_err("Cannot accloacte memory for the host set table"); + return -ENOMEM; }//if + + hst_descr->next = NULL; + hst_descr->net = net; - proc_fs_dir = proc_mkdir(KBUILD_MODNAME, net->proc_net); - proc_fs_hostset_dir = proc_mkdir(PROC_FS_HOSTSET_SUBDIR, proc_fs_dir); - if (! proc_fs_hostset_dir) { + hst_descr->host_sets = kmalloc(sizeof (struct host_set) * max_host_sets, GFP_KERNEL); + if (! hst_descr->host_sets) { + pr_err("Cannot allocate memory for the host set table\n"); + kfree(hst_descr); + return -ENOMEM; + }//if +#ifdef XT_TLS_DEBUG + pr_info("Host set table allocated (%u elements max)\n", max_host_sets); +#endif + + for (i = 0; i < max_host_sets; i++) + hs_zeroize(&hst_descr->host_sets[i]); + + hst_descr->proc_fs_dir = proc_mkdir(KBUILD_MODNAME, net->proc_net); + if (! hst_descr->proc_fs_dir) { + pr_err("Cannot create /proc/net/ subdirectory for this module\n"); + kfree(hst_descr->host_sets); + kfree(hst_descr); + return -EFAULT; + }//if + hst_descr->proc_fs_hostset_dir = proc_mkdir(PROC_FS_HOSTSET_SUBDIR, hst_descr->proc_fs_dir); + if (! hst_descr->proc_fs_hostset_dir) { pr_err("Cannot create /proc/net/ subdirectory for this module\n"); + proc_remove(hst_descr->proc_fs_dir); + kfree(hst_descr->host_sets); + kfree(hst_descr); return -EFAULT; }//if - procfs_usage_count++; return 0; }//tls_net_init static void __net_exit tls_net_exit(struct net *net) { + int i; +#ifdef XT_TLS_DEBUG pr_info("Finalizing net %px", net); - if (--procfs_usage_count) +#endif + struct host_set_table_descriptor **pprev, + *hst_descr = find_host_set_table(net, &pprev); + if (hst_descr == NULL) { + pr_err("Cannot find a host set table for the net %p", net); return; - proc_remove(proc_fs_hostset_dir); - proc_remove(proc_fs_dir); + }//if + + *pprev = hst_descr->next; + for (i = 0; i < max_host_sets; i++) + hs_destroy(hst_descr->host_sets + i); + proc_remove(hst_descr->proc_fs_hostset_dir); + proc_remove(hst_descr->proc_fs_dir); + kfree(hst_descr->host_sets); + kfree(hst_descr); }//tls_net_exit @@ -414,14 +460,7 @@ static struct pernet_operations tls_net_ops = { static int __init tls_mt_init (void) { - int i, rc; - - if (module_usage_count) { - module_usage_count++; - return 0; - }//if - - rc = xt_register_matches(tls_mt_regs, ARRAY_SIZE(tls_mt_regs)); + int rc = xt_register_matches(tls_mt_regs, ARRAY_SIZE(tls_mt_regs)); if (rc) return rc; @@ -431,36 +470,12 @@ static int __init tls_mt_init (void) xt_unregister_matches(tls_mt_regs, ARRAY_SIZE(tls_mt_regs)); return rc; }//if - - host_set_table = kmalloc(sizeof (struct host_set) * max_host_sets, GFP_KERNEL); - if (! host_set_table) { - pr_err("Cannot allocate memory for the host set table\n"); - unregister_pernet_subsys(&tls_net_ops); - xt_unregister_matches(tls_mt_regs, ARRAY_SIZE(tls_mt_regs)); - return -ENOMEM; - }//if -#ifdef XT_TLS_DEBUG - pr_info("Host set table allocated (%u elements max)\n", max_host_sets); -#endif - - for (i = 0; i < max_host_sets; i++) - hs_zeroize(&host_set_table[i]); - - module_usage_count++; return 0; } static void __exit tls_mt_exit (void) { - int i; - if (--module_usage_count) - return; - xt_unregister_matches(tls_mt_regs, ARRAY_SIZE(tls_mt_regs)); - - for (i = 0; i < max_host_sets; i++) - hs_destroy(&host_set_table[i]); - kfree(host_set_table); unregister_pernet_subsys(&tls_net_ops); #ifdef XT_TLS_DEBUG pr_info("Host set table disposed\n"); From 345ce645459b22154e3b6710846df1a2c547e7e6 Mon Sep 17 00:00:00 2001 From: mpolk Date: Mon, 3 Aug 2020 14:08:03 +0300 Subject: [PATCH 16/20] Try to make this module work on the desktop Ubuntu/Mint --- dkms.conf | 2 +- src/xt_tls_main.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/dkms.conf b/dkms.conf index 97783bf..84b291a 100644 --- a/dkms.conf +++ b/dkms.conf @@ -4,7 +4,7 @@ CLEAN="make clean KERNELDIR=/lib/modules/${kernelver}/build KERNEL_VERSION=$kern BUILT_MODULE_NAME=xt_tls BUILT_MODULE_LOCATION=src/ PACKAGE_NAME=xt_tls -PACKAGE_VERSION=0.3.5 +PACKAGE_VERSION=0.3.6 #REMAKE_INITRD=yes AUTOINSTALL="no" POST_INSTALL=dkms/post-install.sh diff --git a/src/xt_tls_main.c b/src/xt_tls_main.c index 286cfb0..9095ba2 100644 --- a/src/xt_tls_main.c +++ b/src/xt_tls_main.c @@ -488,5 +488,5 @@ module_exit(tls_mt_exit); MODULE_LICENSE("GPL"); MODULE_AUTHOR("Nils Andreas Svee "); MODULE_DESCRIPTION("Xtables: TLS (SNI) matching"); -MODULE_VERSION("0.3.5"); +MODULE_VERSION("0.3.6"); MODULE_ALIAS("ipt_tls"); From 8031db98261344ef1a88164541c11fabee61f936 Mon Sep 17 00:00:00 2001 From: mpolk Date: Mon, 3 Aug 2020 14:28:23 +0300 Subject: [PATCH 17/20] Try to make this module work on the desktop Ubuntu/Mint --- src/xt_tls_main.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/src/xt_tls_main.c b/src/xt_tls_main.c index 9095ba2..915448e 100644 --- a/src/xt_tls_main.c +++ b/src/xt_tls_main.c @@ -386,14 +386,13 @@ static int __net_init tls_net_init(struct net *net) pr_info("Initializing net %px", net); #endif int i; - struct host_set_table_descriptor - *hst_descr = kmalloc(sizeof(struct host_set_table_descriptor), GFP_KERNEL); + struct host_set_table_descriptor + *hst_descr = kmalloc(sizeof(struct host_set_table_descriptor), GFP_KERNEL); if (hst_descr == NULL) { - pr_err("Cannot accloacte memory for the host set table"); + pr_err("Cannot allocate memory for the host set table\n"); return -ENOMEM; }//if - hst_descr->next = NULL; hst_descr->net = net; hst_descr->host_sets = kmalloc(sizeof (struct host_set) * max_host_sets, GFP_KERNEL); @@ -425,6 +424,8 @@ static int __net_init tls_net_init(struct net *net) return -EFAULT; }//if + hst_descr->next = host_set_tables; + host_set_tables = hst_descr; return 0; }//tls_net_init @@ -438,7 +439,7 @@ static void __net_exit tls_net_exit(struct net *net) struct host_set_table_descriptor **pprev, *hst_descr = find_host_set_table(net, &pprev); if (hst_descr == NULL) { - pr_err("Cannot find a host set table for the net %p", net); + pr_err("Cannot find a host set table for the net %p\n", net); return; }//if From 54caec584fbdad553195ba23d69dc72858ae136d Mon Sep 17 00:00:00 2001 From: mpolk Date: Mon, 3 Aug 2020 15:22:33 +0300 Subject: [PATCH 18/20] Try to make this module work on the desktop Ubuntu/Mint --- src/hostset.c | 4 ++++ src/xt_tls_main.c | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/src/hostset.c b/src/hostset.c index 4bdf384..e42a365 100644 --- a/src/hostset.c +++ b/src/hostset.c @@ -370,6 +370,10 @@ proc_write(struct file *file, const char __user *input, size_t size, loff_t *lof char buf[MAX_HOSTNAME_LEN + 2]; int rc; +#ifdef XT_TLS_DEBUG + pr_info("proc_write %u chars at offset %lu: %s\n", size, loff, input); +#endif + if (size == 0) return 0; if (size > sizeof(buf) - 1) diff --git a/src/xt_tls_main.c b/src/xt_tls_main.c index 915448e..6e2e1f2 100644 --- a/src/xt_tls_main.c +++ b/src/xt_tls_main.c @@ -284,7 +284,7 @@ static int tls_mt_check (const struct xt_mtchk_param *par) struct host_set_table_descriptor *hst_descr = find_host_set_table(par->net, NULL); if (hst_descr == NULL) { - pr_err("Cannot find a host set table for the net %p", par->net); + pr_err("Cannot find a host set table for the net %p\n", par->net); return -EINVAL; }//if host_set_table = hst_descr->host_sets; From b278a4c69d2b3f3e6f2938fc3347548849658553 Mon Sep 17 00:00:00 2001 From: mpolk Date: Mon, 3 Aug 2020 15:25:53 +0300 Subject: [PATCH 19/20] Try to make this module work on the desktop Ubuntu/Mint --- src/xt_tls_main.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/src/xt_tls_main.c b/src/xt_tls_main.c index 6e2e1f2..22a3b75 100644 --- a/src/xt_tls_main.c +++ b/src/xt_tls_main.c @@ -382,12 +382,13 @@ static struct xt_match tls_mt_regs[] __read_mostly = { static int __net_init tls_net_init(struct net *net) { + int i; + struct host_set_table_descriptor *hst_descr; #ifdef XT_TLS_DEBUG pr_info("Initializing net %px", net); #endif - int i; - struct host_set_table_descriptor - *hst_descr = kmalloc(sizeof(struct host_set_table_descriptor), GFP_KERNEL); + + hst_descr = kmalloc(sizeof(struct host_set_table_descriptor), GFP_KERNEL); if (hst_descr == NULL) { pr_err("Cannot allocate memory for the host set table\n"); return -ENOMEM; @@ -433,11 +434,11 @@ static int __net_init tls_net_init(struct net *net) static void __net_exit tls_net_exit(struct net *net) { int i; + struct host_set_table_descriptor **pprev, *hst_descr; #ifdef XT_TLS_DEBUG pr_info("Finalizing net %px", net); #endif - struct host_set_table_descriptor **pprev, - *hst_descr = find_host_set_table(net, &pprev); + hst_descr = find_host_set_table(net, &pprev); if (hst_descr == NULL) { pr_err("Cannot find a host set table for the net %p\n", net); return; From 8e583ca6737ba73d97733cbe9249f09998868581 Mon Sep 17 00:00:00 2001 From: mpolk Date: Mon, 3 Aug 2020 15:32:13 +0300 Subject: [PATCH 20/20] Try to make this module work on the desktop Ubuntu/Mint --- nbproject/private/Debug.properties | 3 +++ src/hostset.c | 2 +- src/xt_tls_main.c | 4 ++-- 3 files changed, 6 insertions(+), 3 deletions(-) create mode 100644 nbproject/private/Debug.properties diff --git a/nbproject/private/Debug.properties b/nbproject/private/Debug.properties new file mode 100644 index 0000000..21110eb --- /dev/null +++ b/nbproject/private/Debug.properties @@ -0,0 +1,3 @@ +/home/mpolk/xt_tls/src/xt_tls.mod.c=/usr/src/linux-headers-4.15.0-112-generic#-Wp,-MD,/home/mpolk/xt_tls/src/.xt_tls.mod.o.d -nostdinc -isystem /usr/lib/gcc/x86_64-linux-gnu/7/include -I./arch/x86/include -I./arch/x86/include/generated -I./include -I./arch/x86/include/uapi -I./arch/x86/include/generated/uapi -I./include/uapi -I./include/generated/uapi -include ./include/linux/kconfig.h -Iubuntu/include -D__KERNEL__ -Wall -Wundef -Wstrict-prototypes -Wno-trigraphs -fno-strict-aliasing -fno-common -fshort-wchar -Werror-implicit-function-declaration -Wno-format-security -std=gnu89 -fno-PIE -mno-sse -mno-mmx -mno-sse2 -mno-3dnow -mno-avx -m64 -falign-jumps=1 -falign-loops=1 -mno-80387 -mno-fp-ret-in-387 -mpreferred-stack-boundary=3 -mskip-rax-setup -mtune=generic -mno-red-zone -mcmodel=kernel -funit-at-a-time -DCONFIG_X86_X32_ABI -DCONFIG_AS_CFI=1 -DCONFIG_AS_CFI_SIGNAL_FRAME=1 -DCONFIG_AS_CFI_SECTIONS=1 -DCONFIG_AS_FXSAVEQ=1 -DCONFIG_AS_SSSE3=1 -DCONFIG_AS_CRC32=1 -DCONFIG_AS_AVX=1 -DCONFIG_AS_AVX2=1 -DCONFIG_AS_AVX512=1 -DCONFIG_AS_SHA1_NI=1 -DCONFIG_AS_SHA256_NI=1 -pipe -Wno-sign-compare -fno-asynchronous-unwind-tables -mindirect-branch=thunk-extern -mindirect-branch-register -fno-jump-tables -fno-delete-null-pointer-checks -Wno-frame-address -Wno-format-truncation -Wno-format-overflow -Wno-int-in-bool-context -O2 --param=allow-store-data-races=0 -DCC_HAVE_ASM_GOTO -Wframe-larger-than=1024 -fstack-protector-strong -Wno-unused-but-set-variable -Wno-unused-const-variable -fno-omit-frame-pointer -fno-optimize-sibling-calls -fno-var-tracking-assignments -pg -mfentry -DCC_USING_FENTRY -Wdeclaration-after-statement -Wno-pointer-sign -Wno-array-bounds -Wno-stringop-overflow -Wno-restrict -Wno-maybe-uninitialized -fno-strict-overflow -fno-merge-all-constants -fmerge-constants -fno-stack-check -fconserve-stack -Werror=implicit-int -Werror=strict-prototypes -Werror=date-time -Werror=incompatible-pointer-types -Werror=designated-init -DKBUILD_BASENAME=\"xt_tls.mod\" -DKBUILD_MODNAME=\"xt_tls\" -DMODULE -DXT_TLS_DEBUG -c -o /home/mpolk/xt_tls/src/xt_tls.mod.o /home/mpolk/xt_tls/src/xt_tls.mod.c +/home/mpolk/xt_tls/src/xt_tls_main.c=/usr/src/linux-headers-4.15.0-112-generic#-Wp,-MD,/home/mpolk/xt_tls/src/.xt_tls_main.o.d -nostdinc -isystem /usr/lib/gcc/x86_64-linux-gnu/7/include -I./arch/x86/include -I./arch/x86/include/generated -I./include -I./arch/x86/include/uapi -I./arch/x86/include/generated/uapi -I./include/uapi -I./include/generated/uapi -include ./include/linux/kconfig.h -Iubuntu/include -D__KERNEL__ -Wall -Wundef -Wstrict-prototypes -Wno-trigraphs -fno-strict-aliasing -fno-common -fshort-wchar -Werror-implicit-function-declaration -Wno-format-security -std=gnu89 -fno-PIE -mno-sse -mno-mmx -mno-sse2 -mno-3dnow -mno-avx -m64 -falign-jumps=1 -falign-loops=1 -mno-80387 -mno-fp-ret-in-387 -mpreferred-stack-boundary=3 -mskip-rax-setup -mtune=generic -mno-red-zone -mcmodel=kernel -funit-at-a-time -DCONFIG_X86_X32_ABI -DCONFIG_AS_CFI=1 -DCONFIG_AS_CFI_SIGNAL_FRAME=1 -DCONFIG_AS_CFI_SECTIONS=1 -DCONFIG_AS_FXSAVEQ=1 -DCONFIG_AS_SSSE3=1 -DCONFIG_AS_CRC32=1 -DCONFIG_AS_AVX=1 -DCONFIG_AS_AVX2=1 -DCONFIG_AS_AVX512=1 -DCONFIG_AS_SHA1_NI=1 -DCONFIG_AS_SHA256_NI=1 -pipe -Wno-sign-compare -fno-asynchronous-unwind-tables -mindirect-branch=thunk-extern -mindirect-branch-register -fno-jump-tables -fno-delete-null-pointer-checks -Wno-frame-address -Wno-format-truncation -Wno-format-overflow -Wno-int-in-bool-context -O2 --param=allow-store-data-races=0 -DCC_HAVE_ASM_GOTO -Wframe-larger-than=1024 -fstack-protector-strong -Wno-unused-but-set-variable -Wno-unused-const-variable -fno-omit-frame-pointer -fno-optimize-sibling-calls -fno-var-tracking-assignments -pg -mfentry -DCC_USING_FENTRY -Wdeclaration-after-statement -Wno-pointer-sign -Wno-array-bounds -Wno-stringop-overflow -Wno-restrict -Wno-maybe-uninitialized -fno-strict-overflow -fno-merge-all-constants -fmerge-constants -fno-stack-check -fconserve-stack -Werror=implicit-int -Werror=strict-prototypes -Werror=date-time -Werror=incompatible-pointer-types -Werror=designated-init -DMODULE -DXT_TLS_DEBUG -DKBUILD_BASENAME=\"xt_tls_main\" -DKBUILD_MODNAME=\"xt_tls\" -c -o /home/mpolk/xt_tls/src/xt_tls_main.o /home/mpolk/xt_tls/src/xt_tls_main.c +/home/mpolk/xt_tls/src/hostset.c=/usr/src/linux-headers-4.15.0-112-generic#-Wp,-MD,/home/mpolk/xt_tls/src/.hostset.o.d -nostdinc -isystem /usr/lib/gcc/x86_64-linux-gnu/7/include -I./arch/x86/include -I./arch/x86/include/generated -I./include -I./arch/x86/include/uapi -I./arch/x86/include/generated/uapi -I./include/uapi -I./include/generated/uapi -include ./include/linux/kconfig.h -Iubuntu/include -D__KERNEL__ -Wall -Wundef -Wstrict-prototypes -Wno-trigraphs -fno-strict-aliasing -fno-common -fshort-wchar -Werror-implicit-function-declaration -Wno-format-security -std=gnu89 -fno-PIE -mno-sse -mno-mmx -mno-sse2 -mno-3dnow -mno-avx -m64 -falign-jumps=1 -falign-loops=1 -mno-80387 -mno-fp-ret-in-387 -mpreferred-stack-boundary=3 -mskip-rax-setup -mtune=generic -mno-red-zone -mcmodel=kernel -funit-at-a-time -DCONFIG_X86_X32_ABI -DCONFIG_AS_CFI=1 -DCONFIG_AS_CFI_SIGNAL_FRAME=1 -DCONFIG_AS_CFI_SECTIONS=1 -DCONFIG_AS_FXSAVEQ=1 -DCONFIG_AS_SSSE3=1 -DCONFIG_AS_CRC32=1 -DCONFIG_AS_AVX=1 -DCONFIG_AS_AVX2=1 -DCONFIG_AS_AVX512=1 -DCONFIG_AS_SHA1_NI=1 -DCONFIG_AS_SHA256_NI=1 -pipe -Wno-sign-compare -fno-asynchronous-unwind-tables -mindirect-branch=thunk-extern -mindirect-branch-register -fno-jump-tables -fno-delete-null-pointer-checks -Wno-frame-address -Wno-format-truncation -Wno-format-overflow -Wno-int-in-bool-context -O2 --param=allow-store-data-races=0 -DCC_HAVE_ASM_GOTO -Wframe-larger-than=1024 -fstack-protector-strong -Wno-unused-but-set-variable -Wno-unused-const-variable -fno-omit-frame-pointer -fno-optimize-sibling-calls -fno-var-tracking-assignments -pg -mfentry -DCC_USING_FENTRY -Wdeclaration-after-statement -Wno-pointer-sign -Wno-array-bounds -Wno-stringop-overflow -Wno-restrict -Wno-maybe-uninitialized -fno-strict-overflow -fno-merge-all-constants -fmerge-constants -fno-stack-check -fconserve-stack -Werror=implicit-int -Werror=strict-prototypes -Werror=date-time -Werror=incompatible-pointer-types -Werror=designated-init -DMODULE -DXT_TLS_DEBUG -DKBUILD_BASENAME=\"hostset\" -DKBUILD_MODNAME=\"xt_tls\" -c -o /home/mpolk/xt_tls/src/hostset.o /home/mpolk/xt_tls/src/hostset.c diff --git a/src/hostset.c b/src/hostset.c index e42a365..865e58e 100644 --- a/src/hostset.c +++ b/src/hostset.c @@ -371,7 +371,7 @@ proc_write(struct file *file, const char __user *input, size_t size, loff_t *lof int rc; #ifdef XT_TLS_DEBUG - pr_info("proc_write %u chars at offset %lu: %s\n", size, loff, input); + pr_info("proc_write %lu chars at offset %lld: %s\n", size, *loff, input); #endif if (size == 0) diff --git a/src/xt_tls_main.c b/src/xt_tls_main.c index 22a3b75..1b6d53b 100644 --- a/src/xt_tls_main.c +++ b/src/xt_tls_main.c @@ -345,8 +345,8 @@ static void tls_mt_destroy(const struct xt_mtdtor_param *par) { struct xt_tls_info *match_info = par->matchinfo; #ifdef XT_TLS_DEBUG - pr_info("tls_mt_destroy: match_info: op_flags=0x%X, hostset_index=%u\n", - match_info->op_flags, match_info->hostset_index); + pr_info("tls_mt_destroy: match_info: op_flags=0x%X, hostset=%p\n", + match_info->op_flags, match_info->hostset); #endif if (match_info->op_flags & XT_TLS_OP_HOSTSET) { hs_free(match_info->hostset);