pknock: fit to Xtables-addons API

extensions/xt_pknock.c

@@ -31,6 +31,7 @@
 #include <linux/netfilter_ipv4/ip_tables.h>
 //#include <linux/netfilter_ipv4/ipt_pknock.h>
 #include "xt_pknock.h"
+#include "compat_xtables.h"
 
 MODULE_LICENSE("GPL");
 MODULE_AUTHOR("J. Federico Hernandez Scarso, Luis A. Floreani");
@@ -900,72 +901,25 @@ is_close_knock(const struct peer *peer, const struct ipt_pknock *info,
 	return false;
 }
 
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23)
+static bool match(const struct sk_buff *skb, const struct xt_match_param *par)
-static bool
-#else
-static int
-#endif
-match(const struct sk_buff *skb,
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,28)
-	const struct xt_match_param *par
-#else
-	const struct net_device *in,
-	const struct net_device *out,
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17)
-	const struct xt_match *match,
-#endif
-	const void *matchinfo,
-	int offset,
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,16)
-	unsigned int protoff,
-#endif
-	bool *hotdrop
-#endif
-)
 {
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,28)
 	const struct ipt_pknock *info = par->matchinfo;
-#else
-	const struct ipt_pknock *info = matchinfo;
-#endif
 	struct ipt_pknock_rule *rule = NULL;
 	struct peer *peer = NULL;
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22)
 	struct iphdr *iph = ip_hdr(skb);
-#else
-	struct iphdr *iph = skb->nh.iph;
-#endif
 	int hdr_len = 0;
 	__be16 _ports[2], *pptr = NULL;
 	struct transport_data hdr = {0, 0, 0, NULL};
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23)
 	bool ret = false;
-#else
-	int ret = 0;
-#endif
 
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,28)
 	pptr = skb_header_pointer(skb, par->thoff, sizeof _ports, &_ports);
-#else
-	pptr = skb_header_pointer(skb, protoff, sizeof _ports, &_ports);
-#endif
-
 	if (pptr == NULL) {
 		/* We've been asked to examine this packet, and we
 		 * can't. Hence, no choice but to drop.
 		 */
 		duprintf("Dropping evil offset=0 tinygram.\n");
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23)
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,28)
 		*par->hotdrop = true;
-#else
-		*hotdrop = true;
-#endif
 		return false;
-#else
-		*hotdrop = 1;
-		return 0;
-#endif
 	}
 
 	hdr.port = ntohs(pptr[1]);
@@ -1015,11 +969,7 @@ match(const struct sk_buff *skb,
 				if (is_close_knock(peer, info, hdr.payload, hdr.payload_len))
 				{
 					reset_knock_status(peer);
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23)
 					ret = false;
-#else
-					ret = 0;
-#endif
 				}
 			}
 				goto out;
@@ -1043,43 +993,11 @@ out:
 	return ret;
 }
 
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23)
 #define RETURN_ERR(err) do { printk(KERN_ERR PKNOCK err); return false; } while (0)
-#else
-#define RETURN_ERR(err) do { printk(KERN_ERR PKNOCK err); return 0; } while (0)
-#endif
 
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23)
+static bool checkentry(const struct xt_mtchk_param *par)
-static bool
-#else
-static int
-#endif
-checkentry(
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,28)
-	const struct xt_mtchk_param *par
-#else
-	const char *tablename,
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,16)
-	const void *ip,
-#else
-	const struct ipt_ip *ip,
-#endif
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17)	
-        const struct xt_match *match,
-#endif
-	void *matchinfo,
-#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17)
-	unsigned int matchsize,
-#endif
-	unsigned int hook_mask
-#endif
-)
 {
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,28)
 	struct ipt_pknock *info = par->matchinfo;
-#else
-	struct ipt_pknock *info = matchinfo;
-#endif
 
 	/* Singleton. */
 	if (!rule_hashtable) {
@@ -1139,43 +1057,20 @@ checkentry(
 		}
 	}
 
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23)
 	return true;
-#else
-	return 1;
-#endif
 }
 
-static void
+static void destroy(const struct xt_mtdtor_param *par)
-destroy(
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,28)
-	const struct xt_mtdtor_param *par
-#else
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17)
-	const struct xt_match *match, void *matchinfo
-#else
-	void *matchinfo, unsigned int matchsize
-#endif
-#endif
-)
 {
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,28)
 	struct ipt_pknock *info = par->matchinfo;
-#else
-	struct ipt_pknock *info = matchinfo;
-#endif
 	/* Removes a rule only if it exits and ref_count is equal to 0. */
 	remove_rule(info);
 }
 
 static struct xt_match ipt_pknock_match __read_mostly = {
 	.name		= "pknock",
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,21)	
 	.family		= NFPROTO_IPV4,
-#endif
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17)	
 	.matchsize	= sizeof (struct ipt_pknock),
-#endif
 	.match		= match,
 	.checkentry	= checkentry,
 	.destroy	= destroy,
@@ -1204,34 +1099,18 @@ static int __init ipt_pknock_init(void)
 	crypto.desc.tfm = crypto.tfm;
 	crypto.desc.flags = 0;
 
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,24)
+	if (!(pde = proc_mkdir("ipt_pknock", init_net__proc_net))) {
-	if (!(pde = proc_mkdir("ipt_pknock", init_net.proc_net))) {
-#else
-	if (!(pde = proc_mkdir("ipt_pknock", proc_net))) {
-#endif
 		printk(KERN_ERR PKNOCK "proc_mkdir() error in _init().\n");
 		return -1;
 	}
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,21)
 	return xt_register_match(&ipt_pknock_match);
-#else
-	return ipt_register_match(&ipt_pknock_match);
-#endif
 }
 
 static void __exit ipt_pknock_fini(void)
 {
 	printk(KERN_INFO PKNOCK "unregister.\n");
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,24)
+	remove_proc_entry("ipt_pknock", init_net__proc_net);
-	remove_proc_entry("ipt_pknock", init_net.proc_net);
-#else
-	remove_proc_entry("ipt_pknock", proc_net);
-#endif
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,21)
 	xt_unregister_match(&ipt_pknock_match);
-#else
-	ipt_unregister_match(&ipt_pknock_match);
-#endif
 	kfree(rule_hashtable);
 
 	if (crypto.tfm != NULL) crypto_free_hash(crypto.tfm);