Netfilter probes appear to have compilation problems on rawhide (4.4.0-0.rc3.git4.1.fc24.x86_64): ===== # stap -g -p4 ../src/testsuite/systemtap.examples/network/netfilter_drop.stp TCP 1 /tmp/stapKszyjv/stap_638ac27ca43bafef41a50ed201d5c6bd_19005_src.c:2519:9: error: initialization from incompatible pointer type [-Werror=incompatible-pointer-types] .hook = enter_netfilter_probe_0, ^ /tmp/stapKszyjv/stap_638ac27ca43bafef41a50ed201d5c6bd_19005_src.c:2519:9: note: (near initialization for ‘netfilter_opts_0.hook’) /tmp/stapKszyjv/stap_638ac27ca43bafef41a50ed201d5c6bd_19005_src.c:2520:1: error: unknown field ‘owner’ specified in initializer .owner = THIS_MODULE, ^ In file included from include/linux/linkage.h:6:0, from include/linux/preempt.h:9, from include/linux/spinlock.h:50, from include/linux/mmzone.h:7, from include/linux/gfp.h:5, from /usr/local/share/systemtap/runtime/linux/runtime_defines.h:20, from /usr/local/share/systemtap/runtime/runtime_defines.h:8, from /tmp/stapKszyjv/stap_638ac27ca43bafef41a50ed201d5c6bd_19005_src.c:10: include/linux/export.h:34:21: error: initialization from incompatible pointer type [-Werror=incompatible-pointer-types] #define THIS_MODULE (&__this_module) ^ /tmp/stapKszyjv/stap_638ac27ca43bafef41a50ed201d5c6bd_19005_src.c:2520:10: note: in expansion of macro ‘THIS_MODULE’ .owner = THIS_MODULE, ^ include/linux/export.h:34:21: note: (near initialization for ‘netfilter_opts_0.dev’) #define THIS_MODULE (&__this_module) ^ /tmp/stapKszyjv/stap_638ac27ca43bafef41a50ed201d5c6bd_19005_src.c:2520:10: note: in expansion of macro ‘THIS_MODULE’ .owner = THIS_MODULE, ^ cc1: all warnings being treated as errors scripts/Makefile.build:258: recipe for target '/tmp/stapKszyjv/stap_638ac27ca43bafef41a50ed201d5c6bd_19005_src.o' failed make[1]: *** [/tmp/stapKszyjv/stap_638ac27ca43bafef41a50ed201d5c6bd_19005_src.o] Error 1 Makefile:1388: recipe for target '_module_/tmp/stapKszyjv' failed make: *** [_module_/tmp/stapKszyjv] Error 2 WARNING: kbuild exited with status: 2 Pass 4: compilation failed. [man error::pass4] =====
It looks like the following kernel commit got rid of the 'owner' field: ==== ommit 2ffbceb2b08f8ca0496c54a9ebcd11d25275954e Author: Florian Westphal <fw@strlen.de> Date: Tue Oct 13 14:33:26 2015 +0200 netfilter: remove hook owner refcounting since commit 8405a8fff3f8 ("netfilter: nf_qeueue: Drop queue entries on nf_unregister_hook") all pending queued entries are discarded. So we can simply remove all of the owner handling -- when module is removed it also needs to unregister all its hooks. ==== It looks like the following kernel commit changed the 'hook' field: ==== commit 008027c31d57a22bd80dda5acc95b037634eee0f Author: Arnd Bergmann <arnd@arndb.de> Date: Fri Oct 9 20:45:42 2015 +0200 netfilter: turn NF_HOOK into an inline function A recent change to the dst_output handling caused a new warning when the call to NF_HOOK() is the only used of a local variable passed as 'dev', and CONFIG_NETFILTER is disabled: net/ipv6/ip6_output.c: In function 'ip6_output': net/ipv6/ip6_output.c:135:21: warning: unused variable 'dev' [-Wunused-vari\ able] The reason for this is that the NF_HOOK macro in this case does not reference the variable at all, and the call to dev_net(dev) got removed from the ip6_output function. To avoid that warning now and in the future, this changes the macro into an equivalent inline function, which tells the compiler that the variable is passed correctly but still unused. The dn_forward function apparently had the same problem in the past and added a local workaround that no longer works with the inline function. In order to avoid a regression, we have to also remove the #ifdef from decnet in the same patch. ==== It looks like these changes first appeared in kernel v4.4-rc1.
Here's another related kernel commit that changed the netfilter hook function signature: ==== commit 06198b34a3e09e06d9aecaa3727e0d37206cea77 Author: Eric W. Biederman <ebiederm@xmission.com> Date: Fri Sep 18 14:33:06 2015 -0500 netfilter: Pass priv instead of nf_hook_ops to netfilter hooks Only pass the void *priv parameter out of the nf_hook_ops. That is all any of the functions are interested now, and by limiting what is passed it becomes simpler to change implementation details. Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> ==== It looks like this change first appeared in kernel v4.4-rc1.
Fixed in commit 2736131.