anonfunc/xtables-addons
1
0
Fork 0
mirror of git://git.code.sf.net/p/xtables-addons/xtables-addons synced 2025-09-06 04:35:12 +02:00
Code Issues Releases Wiki Activity

build: remove support for Linux 2.6.18

Browse Source
This commit is contained in:
Jan Engelhardt
2012-10-15 20:51:19 +02:00
parent 0dcc56bc62
commit 66f213e324
10 changed files with 16 additions and 95 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
doc/changelog.txt
View File

@@ -2,7 +2,7 @@
HEAD HEAD
==== ====
Changes: Changes:
- remove support for Linux 2.6.17 - remove support for Linux 2.6.17--2.6.18
v1.47.1 (2010-10-15) v1.47.1 (2010-10-15)

36
extensions/compat_xtables.c
View File

@@ -88,11 +88,7 @@ static bool xtnu_match_run(const struct sk_buff *skb,
} }
#endif #endif
#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 18) #if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 22)
static int xtnu_match_check(const char *table, const void *entry,
const struct xt_match *cm, void *matchinfo, unsigned int matchinfosize,
unsigned int hook_mask)
#elif LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 22)
static int xtnu_match_check(const char *table, const void *entry, static int xtnu_match_check(const char *table, const void *entry,
const struct xt_match *cm, void *matchinfo, unsigned int hook_mask) const struct xt_match *cm, void *matchinfo, unsigned int hook_mask)
#elif LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 27) #elif LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 27)
@@ -132,10 +128,7 @@ static bool xtnu_match_check(const struct xt_mtchk_param *par)
} }
#endif #endif
#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 18) #if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 27)
static void xtnu_match_destroy(const struct xt_match *cm, void *matchinfo,
unsigned int matchinfosize)
#elif LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 27)
static void xtnu_match_destroy(const struct xt_match *cm, void *matchinfo) static void xtnu_match_destroy(const struct xt_match *cm, void *matchinfo)
#endif #endif
#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 27) #if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 27)
@@ -232,12 +225,7 @@ void xtnu_unregister_matches(struct xtnu_match *nt, unsigned int num)
EXPORT_SYMBOL_GPL(xtnu_unregister_matches); EXPORT_SYMBOL_GPL(xtnu_unregister_matches);
#endif #endif
#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 18) #if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 23)
static unsigned int xtnu_target_run(struct sk_buff **pskb,
const struct net_device *in, const struct net_device *out,
unsigned int hooknum, const struct xt_target *ct, const void *targinfo,
void *userdata)
#elif LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 23)
static unsigned int xtnu_target_run(struct sk_buff **pskb, static unsigned int xtnu_target_run(struct sk_buff **pskb,
const struct net_device *in, const struct net_device *out, const struct net_device *in, const struct net_device *out,
unsigned int hooknum, const struct xt_target *ct, const void *targinfo) unsigned int hooknum, const struct xt_target *ct, const void *targinfo)
@@ -295,11 +283,7 @@ xtnu_target_run(struct sk_buff *skb, const struct xt_action_param *par)
} }
#endif #endif
#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 18) #if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 22)
static int xtnu_target_check(const char *table, const void *entry,
const struct xt_target *ct, void *targinfo,
unsigned int targinfosize, unsigned int hook_mask)
#elif LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 22)
static int xtnu_target_check(const char *table, const void *entry, static int xtnu_target_check(const char *table, const void *entry,
const struct xt_target *ct, void *targinfo, unsigned int hook_mask) const struct xt_target *ct, void *targinfo, unsigned int hook_mask)
#elif LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 27) #elif LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 27)
@@ -341,13 +325,8 @@ static bool xtnu_target_check(const struct xt_tgchk_param *par)
} }
#endif #endif
#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 18)
static void xtnu_target_destroy(const struct xt_target *ct, void *targinfo,
unsigned int targinfosize)
#elif LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 27)
static void xtnu_target_destroy(const struct xt_target *ct, void *targinfo)
#endif
#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 27) #if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 27)
static void xtnu_target_destroy(const struct xt_target *ct, void *targinfo)
{ {
struct xtnu_target *nt = xtcompat_nutarget(ct); struct xtnu_target *nt = xtcompat_nutarget(ct);
struct xt_tgdtor_param local_par = { struct xt_tgdtor_param local_par = {
@@ -540,7 +519,6 @@ void xtnu_proto_csum_replace4(__sum16 *sum, struct sk_buff *skb,
__be32 diff[] = {~from, to}; __be32 diff[] = {~from, to};
const void *dv = diff; /* kludge for < v2.6.19-555-g72685fc */ const void *dv = diff; /* kludge for < v2.6.19-555-g72685fc */
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 19)
if (skb->ip_summed != CHECKSUM_PARTIAL) { if (skb->ip_summed != CHECKSUM_PARTIAL) {
*sum = csum_fold(csum_partial(dv, sizeof(diff), *sum = csum_fold(csum_partial(dv, sizeof(diff),
~csum_unfold(*sum))); ~csum_unfold(*sum)));
@@ -551,10 +529,6 @@ void xtnu_proto_csum_replace4(__sum16 *sum, struct sk_buff *skb,
*sum = ~csum_fold(csum_partial(dv, sizeof(diff), *sum = ~csum_fold(csum_partial(dv, sizeof(diff),
csum_unfold(*sum))); csum_unfold(*sum)));
} }
#else
*sum = csum_fold(csum_partial(dv, sizeof(diff),
~csum_unfold(*sum)));
#endif
} }
EXPORT_SYMBOL_GPL(xtnu_proto_csum_replace4); EXPORT_SYMBOL_GPL(xtnu_proto_csum_replace4);
#endif #endif

4
extensions/compat_xtables.h
View File

@@ -8,8 +8,8 @@
#define DEBUGP Use__pr_debug__instead #define DEBUGP Use__pr_debug__instead
#if LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 18) #if LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 19)
# warning Kernels below 2.6.18 not supported. # warning Kernels below 2.6.19 not supported.
#endif #endif
#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)

4
extensions/compat_xtnu.h
View File

@@ -5,10 +5,6 @@
#include <linux/netfilter/x_tables.h> #include <linux/netfilter/x_tables.h>
#include <linux/spinlock.h> #include <linux/spinlock.h>
#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 18)
typedef _Bool bool;
enum { false = 0, true = 1, };
#endif
#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 19) #if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 19)
typedef __u16 __bitwise __sum16; typedef __u16 __bitwise __sum16;
typedef __u32 __bitwise __wsum; typedef __u32 __bitwise __wsum;

4
extensions/ip6table_rawpost.c
View File

@@ -50,11 +50,7 @@ static unsigned int rawpost6_hook_fn(unsigned int hook, sk_buff_t *skb,
const struct net_device *in, const struct net_device *out, const struct net_device *in, const struct net_device *out,
int (*okfn)(struct sk_buff *)) int (*okfn)(struct sk_buff *))
{ {
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 19)
return ip6t_do_table(skb, hook, in, out, rawpost6_ptable); return ip6t_do_table(skb, hook, in, out, rawpost6_ptable);
#else
return ip6t_do_table(skb, hook, in, out, rawpost6_ptable, NULL);
#endif
} }
static struct nf_hook_ops rawpost6_hook_ops __read_mostly = { static struct nf_hook_ops rawpost6_hook_ops __read_mostly = {

4
extensions/iptable_rawpost.c
View File

@@ -51,11 +51,7 @@ static unsigned int rawpost4_hook_fn(unsigned int hook, sk_buff_t *skb,
const struct net_device *in, const struct net_device *out, const struct net_device *in, const struct net_device *out,
int (*okfn)(struct sk_buff *)) int (*okfn)(struct sk_buff *))
{ {
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 19)
return ipt_do_table(skb, hook, in, out, rawpost4_ptable); return ipt_do_table(skb, hook, in, out, rawpost4_ptable);
#else
return ipt_do_table(skb, hook, in, out, rawpost4_ptable, NULL);
#endif
} }
static struct nf_hook_ops rawpost4_hook_ops __read_mostly = { static struct nf_hook_ops rawpost4_hook_ops __read_mostly = {

28
extensions/pknock/xt_pknock.c
View File

@@ -32,10 +32,6 @@
#include "xt_pknock.h" #include "xt_pknock.h"
#include "compat_xtables.h" #include "compat_xtables.h"
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 19)
# define PK_CRYPTO 1
#endif
enum status { enum status {
ST_INIT = 1, ST_INIT = 1,
ST_MATCHING, ST_MATCHING,
@@ -113,7 +109,6 @@ static struct proc_dir_entry *pde;
static DEFINE_SPINLOCK(list_lock); static DEFINE_SPINLOCK(list_lock);
#ifdef PK_CRYPTO
static struct { static struct {
const char *algo; const char *algo;
struct crypto_hash *tfm; struct crypto_hash *tfm;
@@ -124,7 +119,6 @@ static struct {
.tfm = NULL, .tfm = NULL,
.size = 0 .size = 0
}; };
#endif
module_param(rule_hashsize, int, S_IRUGO); module_param(rule_hashsize, int, S_IRUGO);
MODULE_PARM_DESC(rule_hashsize, "Buckets in rule hash table (default: 8)"); MODULE_PARM_DESC(rule_hashsize, "Buckets in rule hash table (default: 8)");
@@ -719,7 +713,6 @@ msg_to_userspace_nl(const struct xt_pknock_mtinfo *info,
return true; return true;
} }
#ifdef PK_CRYPTO
/** /**
* Transforms a sequence of characters to hexadecimal. * Transforms a sequence of characters to hexadecimal.
* *
@@ -818,7 +811,6 @@ has_secret(const unsigned char *secret, unsigned int secret_len, uint32_t ipsrc,
kfree(hexresult); kfree(hexresult);
return fret; return fret;
} }
#endif /* PK_CRYPTO */
/** /**
* If the peer pass the security policy. * If the peer pass the security policy.
@@ -841,13 +833,11 @@ pass_security(struct peer *peer, const struct xt_pknock_mtinfo *info,
pk_debug("DENIED (anti-spoof protection)", peer); pk_debug("DENIED (anti-spoof protection)", peer);
return false; return false;
} }
#ifdef PK_CRYPTO
/* Check for OPEN secret */ /* Check for OPEN secret */
if (has_secret(info->open_secret, if (has_secret(info->open_secret,
info->open_secret_len, peer->ip, info->open_secret_len, peer->ip,
payload, payload_len)) payload, payload_len))
return true; return true;
#endif
return false; return false;
} }
@@ -939,7 +929,6 @@ static bool
is_close_knock(const struct peer *peer, const struct xt_pknock_mtinfo *info, is_close_knock(const struct peer *peer, const struct xt_pknock_mtinfo *info,
const unsigned char *payload, unsigned int payload_len) const unsigned char *payload, unsigned int payload_len)
{ {
#ifdef PK_CRYPTO
/* Check for CLOSE secret. */ /* Check for CLOSE secret. */
if (has_secret(info->close_secret, if (has_secret(info->close_secret,
info->close_secret_len, peer->ip, info->close_secret_len, peer->ip,
@@ -948,7 +937,6 @@ is_close_knock(const struct peer *peer, const struct xt_pknock_mtinfo *info,
pk_debug("BLOCKED", peer); pk_debug("BLOCKED", peer);
return true; return true;
} }
#endif
return false; return false;
} }
@@ -983,14 +971,8 @@ static bool pknock_mt(const struct sk_buff *skb,
case IPPROTO_UDP: case IPPROTO_UDP:
case IPPROTO_UDPLITE: case IPPROTO_UDPLITE:
#ifdef PK_CRYPTO
hdr_len = (iph->ihl * 4) + sizeof(struct udphdr); hdr_len = (iph->ihl * 4) + sizeof(struct udphdr);
break; break;
#else
pr_debug("UDP protocol not supported\n");
return false;
#endif
default: default:
pr_debug("IP payload protocol is neither tcp nor udp.\n"); pr_debug("IP payload protocol is neither tcp nor udp.\n");
return false; return false;
@@ -1079,12 +1061,9 @@ static int pknock_mt_check(const struct xt_mtchk_param *par)
if (!(info->option & XT_PKNOCK_NAME)) if (!(info->option & XT_PKNOCK_NAME))
RETURN_ERR("You must specify --name option.\n"); RETURN_ERR("You must specify --name option.\n");
#ifndef PK_CRYPTO
if (info->option & (XT_PKNOCK_OPENSECRET | XT_PKNOCK_CLOSESECRET)) if (info->option & (XT_PKNOCK_OPENSECRET | XT_PKNOCK_CLOSESECRET))
RETURN_ERR("No crypto support available; " RETURN_ERR("No crypto support available; "
"cannot use opensecret/closescret\n"); "cannot use opensecret/closescret\n");
#endif
if (info->option & XT_PKNOCK_OPENSECRET && info->ports_count != 1) if (info->option & XT_PKNOCK_OPENSECRET && info->ports_count != 1)
RETURN_ERR("--opensecret must have just one knock port\n"); RETURN_ERR("--opensecret must have just one knock port\n");
if (info->option & XT_PKNOCK_KNOCKPORT) { if (info->option & XT_PKNOCK_KNOCKPORT) {
@@ -1154,7 +1133,6 @@ static int __init xt_pknock_mt_init(void)
if (gc_expir_time < DEFAULT_GC_EXPIRATION_TIME) if (gc_expir_time < DEFAULT_GC_EXPIRATION_TIME)
gc_expir_time = DEFAULT_GC_EXPIRATION_TIME; gc_expir_time = DEFAULT_GC_EXPIRATION_TIME;
#ifdef PK_CRYPTO
if (request_module(crypto.algo) < 0) { if (request_module(crypto.algo) < 0) {
printk(KERN_ERR PKNOCK "request_module('%s') error.\n", printk(KERN_ERR PKNOCK "request_module('%s') error.\n",
crypto.algo); crypto.algo);
@@ -1171,9 +1149,6 @@ static int __init xt_pknock_mt_init(void)
crypto.size = crypto_hash_digestsize(crypto.tfm); crypto.size = crypto_hash_digestsize(crypto.tfm);
crypto.desc.tfm = crypto.tfm; crypto.desc.tfm = crypto.tfm;
crypto.desc.flags = 0; crypto.desc.flags = 0;
#else
pr_info("No crypto support for < 2.6.19\n");
#endif
pde = proc_mkdir("xt_pknock", init_net__proc_net); pde = proc_mkdir("xt_pknock", init_net__proc_net);
if (pde == NULL) { if (pde == NULL) {
@@ -1188,11 +1163,8 @@ static void __exit xt_pknock_mt_exit(void)
remove_proc_entry("xt_pknock", init_net__proc_net); remove_proc_entry("xt_pknock", init_net__proc_net);
xt_unregister_match(&xt_pknock_mt_reg); xt_unregister_match(&xt_pknock_mt_reg);
kfree(rule_hashtable); kfree(rule_hashtable);
#ifdef PK_CRYPTO
if (crypto.tfm != NULL) if (crypto.tfm != NULL)
crypto_free_hash(crypto.tfm); crypto_free_hash(crypto.tfm);
#endif
} }
module_init(xt_pknock_mt_init); module_init(xt_pknock_mt_init);

9
extensions/xt_CHAOS.c
View File

@@ -94,9 +94,7 @@ xt_chaos_total(struct sk_buff *skb, const struct xt_action_param *par)
return; return;
destiny = (info->variant == XTCHAOS_TARPIT) ? xt_tarpit : xt_delude; destiny = (info->variant == XTCHAOS_TARPIT) ? xt_tarpit : xt_delude;
#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 18) #if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 23)
destiny->target(&skb, par->in, par->out, par->hooknum, destiny, NULL, NULL);
#elif LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 23)
destiny->target(&skb, par->in, par->out, par->hooknum, destiny, NULL); destiny->target(&skb, par->in, par->out, par->hooknum, destiny, NULL);
#elif LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 27) #elif LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 27)
destiny->target(skb, par->in, par->out, par->hooknum, destiny, NULL); destiny->target(skb, par->in, par->out, par->hooknum, destiny, NULL);
@@ -142,10 +140,7 @@ chaos_tg(struct sk_buff **pskb, const struct xt_action_param *par)
const struct iphdr *iph = ip_hdr(skb); const struct iphdr *iph = ip_hdr(skb);
if ((unsigned int)net_random() <= reject_percentage) { if ((unsigned int)net_random() <= reject_percentage) {
#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 18) #if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 23)
return xt_reject->target(pskb, par->in, par->out, par->hooknum,
xt_reject, &reject_params, NULL);
#elif LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 23)
return xt_reject->target(pskb, par->in, par->out, par->hooknum, return xt_reject->target(pskb, par->in, par->out, par->hooknum,
xt_reject, &reject_params); xt_reject, &reject_params);
#elif LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 27) #elif LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 27)

4
extensions/xt_RAWNAT.c
View File

@@ -96,9 +96,7 @@ static void rawnat4_update_l4(struct sk_buff *skb, __be32 oldip, __be32 newip)
case IPPROTO_UDPLITE: case IPPROTO_UDPLITE:
udph = transport_hdr; udph = transport_hdr;
cond = udph->check != 0; cond = udph->check != 0;
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 19)
cond |= skb->ip_summed == CHECKSUM_PARTIAL; cond |= skb->ip_summed == CHECKSUM_PARTIAL;
#endif
if (cond) { if (cond) {
inet_proto_csum_replace4(&udph->check, skb, inet_proto_csum_replace4(&udph->check, skb,
oldip, newip, true); oldip, newip, true);
@@ -225,9 +223,7 @@ static void rawnat6_update_l4(struct sk_buff *skb, unsigned int l4proto,
case IPPROTO_UDPLITE: case IPPROTO_UDPLITE:
udph = (void *)iph + l4offset; udph = (void *)iph + l4offset;
cond = udph->check; cond = udph->check;
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 19)
cond |= skb->ip_summed == CHECKSUM_PARTIAL; cond |= skb->ip_summed == CHECKSUM_PARTIAL;
#endif
if (cond) { if (cond) {
for (i = 0; i < 4; ++i) for (i = 0; i < 4; ++i)
inet_proto_csum_replace4(&udph->check, skb, inet_proto_csum_replace4(&udph->check, skb,

16
extensions/xt_SYSRQ.c
View File

@@ -26,8 +26,7 @@
#include <net/ip.h> #include <net/ip.h>
#include "compat_xtables.h" #include "compat_xtables.h"
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 19) && \ #if defined(CONFIG_CRYPTO) || defined(CONFIG_CRYPTO_MODULE)
(defined(CONFIG_CRYPTO) || defined(CONFIG_CRYPTO_MODULE))
# define WITH_CRYPTO 1 # define WITH_CRYPTO 1
#endif #endif
#if defined(CONFIG_IP6_NF_IPTABLES) || defined(CONFIG_IP6_NF_IPTABLES_MODULE) #if defined(CONFIG_IP6_NF_IPTABLES) || defined(CONFIG_IP6_NF_IPTABLES_MODULE)
@@ -156,10 +155,8 @@ static unsigned int sysrq_tg(const void *pdata, uint16_t len)
printk(KERN_INFO KBUILD_MODNAME ": SysRq %c\n", data[i]); printk(KERN_INFO KBUILD_MODNAME ": SysRq %c\n", data[i]);
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 36) #if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 36)
handle_sysrq(data[i]); handle_sysrq(data[i]);
#elif LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 19)
handle_sysrq(data[i], NULL);
#else #else
handle_sysrq(data[i], NULL, NULL); handle_sysrq(data[i], NULL);
#endif #endif
} }
return NF_ACCEPT; return NF_ACCEPT;
@@ -193,10 +190,8 @@ static unsigned int sysrq_tg(const void *pdata, uint16_t len)
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 36) #if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 36)
handle_sysrq(c); handle_sysrq(c);
#elif LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 19)
handle_sysrq(c, NULL);
#else #else
handle_sysrq(c, NULL, NULL); handle_sysrq(c, NULL);
#endif #endif
return NF_ACCEPT; return NF_ACCEPT;
} }
@@ -364,8 +359,9 @@ static int __init sysrq_crypto_init(void)
fail: fail:
sysrq_crypto_exit(); sysrq_crypto_exit();
return ret; return ret;
#elif LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 19) #else
printk(KERN_WARNING "xt_SYSRQ does not provide crypto for < 2.6.19\n"); printk(KERN_WARNING "Kernel was compiled without crypto, "
"so xt_SYSRQ won't use crypto.\n");
#endif #endif
return -EINVAL; return -EINVAL;
} }