From af2bbf03525a882db14fbfe5d08401e2452250ff Mon Sep 17 00:00:00 2001 From: Jan Rafaj Date: Tue, 1 Sep 2009 19:52:48 +0200 Subject: [PATCH] pknock: fit to Xtables-addons API --- extensions/xt_pknock.c | 133 ++--------------------------------------- 1 file changed, 6 insertions(+), 127 deletions(-) diff --git a/extensions/xt_pknock.c b/extensions/xt_pknock.c index da4c170..fdacad8 100644 --- a/extensions/xt_pknock.c +++ b/extensions/xt_pknock.c @@ -31,6 +31,7 @@ #include //#include #include "xt_pknock.h" +#include "compat_xtables.h" MODULE_LICENSE("GPL"); MODULE_AUTHOR("J. Federico Hernandez Scarso, Luis A. Floreani"); @@ -900,72 +901,25 @@ is_close_knock(const struct peer *peer, const struct ipt_pknock *info, return false; } -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23) -static bool -#else -static int -#endif -match(const struct sk_buff *skb, -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,28) - const struct xt_match_param *par -#else - const struct net_device *in, - const struct net_device *out, -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17) - const struct xt_match *match, -#endif - const void *matchinfo, - int offset, -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,16) - unsigned int protoff, -#endif - bool *hotdrop -#endif -) +static bool match(const struct sk_buff *skb, const struct xt_match_param *par) { -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,28) const struct ipt_pknock *info = par->matchinfo; -#else - const struct ipt_pknock *info = matchinfo; -#endif struct ipt_pknock_rule *rule = NULL; struct peer *peer = NULL; -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22) struct iphdr *iph = ip_hdr(skb); -#else - struct iphdr *iph = skb->nh.iph; -#endif int hdr_len = 0; __be16 _ports[2], *pptr = NULL; struct transport_data hdr = {0, 0, 0, NULL}; -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23) bool ret = false; -#else - int ret = 0; -#endif -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,28) pptr = skb_header_pointer(skb, par->thoff, sizeof _ports, &_ports); -#else - pptr = skb_header_pointer(skb, protoff, sizeof _ports, &_ports); -#endif - if (pptr == NULL) { /* We've been asked to examine this packet, and we * can't. Hence, no choice but to drop. */ duprintf("Dropping evil offset=0 tinygram.\n"); -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23) -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,28) *par->hotdrop = true; -#else - *hotdrop = true; -#endif return false; -#else - *hotdrop = 1; - return 0; -#endif } hdr.port = ntohs(pptr[1]); @@ -1015,11 +969,7 @@ match(const struct sk_buff *skb, if (is_close_knock(peer, info, hdr.payload, hdr.payload_len)) { reset_knock_status(peer); -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23) ret = false; -#else - ret = 0; -#endif } } goto out; @@ -1043,43 +993,11 @@ out: return ret; } -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23) #define RETURN_ERR(err) do { printk(KERN_ERR PKNOCK err); return false; } while (0) -#else -#define RETURN_ERR(err) do { printk(KERN_ERR PKNOCK err); return 0; } while (0) -#endif -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23) -static bool -#else -static int -#endif -checkentry( -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,28) - const struct xt_mtchk_param *par -#else - const char *tablename, -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,16) - const void *ip, -#else - const struct ipt_ip *ip, -#endif -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17) - const struct xt_match *match, -#endif - void *matchinfo, -#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17) - unsigned int matchsize, -#endif - unsigned int hook_mask -#endif -) +static bool checkentry(const struct xt_mtchk_param *par) { -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,28) struct ipt_pknock *info = par->matchinfo; -#else - struct ipt_pknock *info = matchinfo; -#endif /* Singleton. */ if (!rule_hashtable) { @@ -1139,43 +1057,20 @@ checkentry( } } -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23) return true; -#else - return 1; -#endif } -static void -destroy( -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,28) - const struct xt_mtdtor_param *par -#else -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17) - const struct xt_match *match, void *matchinfo -#else - void *matchinfo, unsigned int matchsize -#endif -#endif -) +static void destroy(const struct xt_mtdtor_param *par) { -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,28) struct ipt_pknock *info = par->matchinfo; -#else - struct ipt_pknock *info = matchinfo; -#endif /* Removes a rule only if it exits and ref_count is equal to 0. */ remove_rule(info); } static struct xt_match ipt_pknock_match __read_mostly = { .name = "pknock", -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,21) .family = NFPROTO_IPV4, -#endif -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17) .matchsize = sizeof (struct ipt_pknock), -#endif .match = match, .checkentry = checkentry, .destroy = destroy, @@ -1204,34 +1099,18 @@ static int __init ipt_pknock_init(void) crypto.desc.tfm = crypto.tfm; crypto.desc.flags = 0; -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,24) - if (!(pde = proc_mkdir("ipt_pknock", init_net.proc_net))) { -#else - if (!(pde = proc_mkdir("ipt_pknock", proc_net))) { -#endif + if (!(pde = proc_mkdir("ipt_pknock", init_net__proc_net))) { printk(KERN_ERR PKNOCK "proc_mkdir() error in _init().\n"); return -1; } -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,21) return xt_register_match(&ipt_pknock_match); -#else - return ipt_register_match(&ipt_pknock_match); -#endif } static void __exit ipt_pknock_fini(void) { printk(KERN_INFO PKNOCK "unregister.\n"); -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,24) - remove_proc_entry("ipt_pknock", init_net.proc_net); -#else - remove_proc_entry("ipt_pknock", proc_net); -#endif -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,21) + remove_proc_entry("ipt_pknock", init_net__proc_net); xt_unregister_match(&ipt_pknock_match); -#else - ipt_unregister_match(&ipt_pknock_match); -#endif kfree(rule_hashtable); if (crypto.tfm != NULL) crypto_free_hash(crypto.tfm);