xt_mp2t: fix compile error from v1.30-9-gff80812

libxt_mp2t.c: In function ‘mp2t_mt_help’:
libxt_mp2t.c:50:3: error: ‘version’ undeclared (first use in this function)

It is almost impossible to properly keep version numbers in sync
between kernel and userland components (especially when they are
separated from another), so just remove it.

extensions/Kbuild

@@ -30,6 +30,7 @@ obj-${build_ipset}       += ipset/
 obj-${build_ipv4options} += xt_ipv4options.o
 obj-${build_length2}     += xt_length2.o
 obj-${build_lscan}       += xt_lscan.o
+obj-${build_mp2t}        += xt_mp2t.o
 obj-${build_pknock}      += pknock/
 obj-${build_psd}         += xt_psd.o
 obj-${build_quota2}      += xt_quota2.o

extensions/Mbuild

@@ -22,6 +22,7 @@ obj-${build_ipset}       += ipset/
 obj-${build_ipv4options} += libxt_ipv4options.so
 obj-${build_length2}     += libxt_length2.so
 obj-${build_lscan}       += libxt_lscan.so
+obj-${build_mp2t}        += libxt_mp2t.so
 obj-${build_pknock}      += pknock/
 obj-${build_psd}         += libxt_psd.so
 obj-${build_quota2}      += libxt_quota2.so

extensions/libxt_mp2t.c

@@ -0,0 +1,189 @@
+/*
+ * Userspace interface for MPEG2 TS match extension "mp2t" for Xtables.
+ *
+ * Copyright (c) Jesper Dangaard Brouer <jdb@comx.dk>, 2009+
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License; either
+ * version 2 of the License, or any later version, as published by the
+ * Free Software Foundation.
+ *
+ */
+
+#include <getopt.h>
+#include <netdb.h>
+#include <stdbool.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stddef.h>
+
+#include <xtables.h>
+#include "xt_mp2t.h"
+
+/*
+ * Userspace iptables/xtables interface for mp2t module.
+ */
+
+/* FIXME: don't think this compat check does not cover all versions */
+#ifndef XTABLES_VERSION
+#define xtables_error exit_error
+#endif
+
+static const struct option mp2t_mt_opts[] = {
+	{.name = "name",	.has_arg = true,  .val = 'n'},
+	{.name = "drop",	.has_arg = false, .val = 'd'},
+	{.name = "drop-detect",	.has_arg = false, .val = 'd'},
+	{.name = "max",		.has_arg = true,  .val = 'x'},
+	{.name = "max-streams",	.has_arg = true,  .val = 'x'},
+	{NULL},
+};
+
+static void mp2t_mt_help(void)
+{
+	printf(
+"mp2t (MPEG2 Transport Stream) match options:\n"
+"   [--name <name>]        Name for proc file /proc/net/xt_mp2t/rule_NAME\n"
+"   [--drop-detect]        Match lost TS frames (occured before this packet)\n"
+"   [--max-streams <num>]  Track 'max' number of streams (per rule)\n"
+		);
+}
+
+static void mp2t_mt_init(struct xt_entry_match *match)
+{
+	struct xt_mp2t_mtinfo *info = (void *)match->data;
+	/* Enable drop detection per default */
+	info->flags = XT_MP2T_DETECT_DROP;
+}
+
+static int mp2t_mt_parse(int c, char **argv, int invert, unsigned int *flags,
+			 const void *entry, struct xt_entry_match **match)
+{
+	struct xt_mp2t_mtinfo *info = (void *)(*match)->data;
+	uint32_t num;
+
+	switch (c) {
+	case 'n': /* --name */
+		xtables_param_act(XTF_ONLY_ONCE, "mp2t", "--name",
+				  *flags & XT_MP2T_PARAM_NAME);
+		if (invert)
+			xtables_error(PARAMETER_PROBLEM, "Inverting name?");
+		if (strlen(optarg) == 0)
+			xtables_error(PARAMETER_PROBLEM, "Zero-length name?");
+		if (strchr(optarg, '"') != NULL)
+			xtables_error(PARAMETER_PROBLEM,
+				      "Illegal character in name (\")!");
+		strncpy(info->rule_name, optarg, sizeof(info->rule_name));
+		info->flags |= XT_MP2T_PARAM_NAME;
+		*flags |= XT_MP2T_PARAM_NAME;
+		break;
+
+	case 'd': /* --drop-detect */
+		if (*flags & XT_MP2T_DETECT_DROP)
+			xtables_error(PARAMETER_PROBLEM,
+				      "Can't specify --drop option twice");
+		*flags |= XT_MP2T_DETECT_DROP;
+
+		if (invert)
+			info->flags &= ~XT_MP2T_DETECT_DROP;
+		else
+			info->flags |= XT_MP2T_DETECT_DROP;
+
+		break;
+
+	case 'x': /* --max-streams */
+		if (*flags & XT_MP2T_MAX_STREAMS)
+			xtables_error(PARAMETER_PROBLEM,
+				"Can't specify --max-streams option twice");
+		*flags |= XT_MP2T_MAX_STREAMS;
+
+		if (invert) {
+			info->cfg.max = 0;
+			/* printf("inverted\n"); */
+			break;
+		}
+
+		/* OLD iptables style
+		if (string_to_number(optarg, 0, 0xffffffff, &num) == -1)
+			xtables_error(PARAMETER_PROBLEM,
+				      "bad --max-stream: `%s'", optarg);
+		*/
+
+		/* C-style
+		char *end;
+		num = strtoul(optarg, &end, 0);
+		*/
+
+		/* New xtables style */
+		if (!xtables_strtoui(optarg, NULL, &num, 0, UINT32_MAX))
+			xtables_error(PARAMETER_PROBLEM,
+				      "bad --max-stream: `%s'", optarg);
+
+		/* DEBUG: printf("--max-stream=%lu\n", num); */
+		info->flags |= XT_MP2T_MAX_STREAMS;
+		info->cfg.max = num;
+
+		break;
+
+	default:
+		return false;
+	}
+
+	return true;
+}
+
+static void mp2t_mt_print(const void *entry,
+			  const struct xt_entry_match *match, int numeric)
+{
+	const struct xt_mp2t_mtinfo *info = (const void *)(match->data);
+
+	/* Always indicate this is a mp2t match rule */
+	printf("mp2t match");
+
+	if (info->flags & XT_MP2T_PARAM_NAME)
+		printf(" name:\"%s\"", info->rule_name);
+
+	if (!(info->flags & XT_MP2T_DETECT_DROP))
+		printf(" !drop-detect");
+
+	if (info->flags & XT_MP2T_MAX_STREAMS)
+		printf(" max-streams:%u ", info->cfg.max);
+}
+
+static void mp2t_mt_save(const void *entry,
+			 const struct xt_entry_match *match)
+{
+	const struct xt_mp2t_mtinfo *info = (const void *)(match->data);
+
+	/* We need to handle --name, --drop-detect, and --max-streams. */
+	if (info->flags & XT_MP2T_PARAM_NAME)
+		printf("--name \"%s\" ",  info->rule_name);
+
+	if (!(info->flags & XT_MP2T_DETECT_DROP))
+		printf("! --drop-detect ");
+
+	if (info->flags & XT_MP2T_MAX_STREAMS)
+		printf("--max-streams %u ", info->cfg.max);
+
+}
+
+static struct xtables_match mp2t_mt_reg = {
+	.version        = XTABLES_VERSION,
+	.name           = "mp2t",
+	.revision       = 0,
+	.family         = PF_UNSPEC,
+	.size           = XT_ALIGN(sizeof(struct xt_mp2t_mtinfo)),
+	.userspacesize  = offsetof(struct xt_mp2t_mtinfo, hinfo),
+	.init           = mp2t_mt_init,
+	.help           = mp2t_mt_help,
+	.parse          = mp2t_mt_parse,
+/*	.final_check    = mp2t_mt_check,*/
+	.print          = mp2t_mt_print,
+	.save           = mp2t_mt_save,
+	.extra_opts     = mp2t_mt_opts,
+};
+
+static void _init(void)
+{
+	xtables_register_match(&mp2t_mt_reg);
+}

extensions/xt_mp2t.h

@@ -0,0 +1,58 @@
+/*
+ * Header file for MPEG2 TS match extension "mp2t" for Xtables.
+ *
+ * Copyright (c) Jesper Dangaard Brouer <jdb@comx.dk>, 2009+
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License; either
+ * version 2 of the License, or any later version, as published by the
+ * Free Software Foundation.
+ *
+ */
+#ifndef _LINUX_NETFILTER_XT_MP2T_MATCH_H
+#define _LINUX_NETFILTER_XT_MP2T_MATCH_H 1
+
+enum {
+	XT_MP2T_DETECT_DROP = 1 << 0,
+	XT_MP2T_MAX_STREAMS = 1 << 1,
+	XT_MP2T_PARAM_NAME  = 1 << 2,
+};
+
+/* Details of this hash structure is hidden in kernel space xt_mp2t.c */
+struct xt_rule_mp2t_conn_htable;
+
+struct mp2t_cfg {
+
+	/* Hash table setup */
+	__u32 size;		/* how many hash buckets */
+	__u32 max;		/* max number of entries */
+	__u32 max_list;	/* warn if list searches exceed this number */
+};
+
+
+struct xt_mp2t_mtinfo {
+	__u16 flags;
+
+	/* FIXME:
+
+	   I need to fix the problem, where I have to reallocated data
+	   each time a single rule change occur.
+
+	   The idea with rule_name and rule_id is that the name is
+	   optional, simply to provide a name in /proc/, the rule_id
+	   is the real lookup-key in the internal kernel list of the
+	   rules associated dynamic-allocated-data.
+
+	 */
+	char rule_name[IFNAMSIZ];
+
+	struct mp2t_cfg cfg;
+
+	/** Below used internally by the kernel **/
+	__u32 rule_id;
+
+	/* Hash table pointer */
+	struct xt_rule_mp2t_conn_htable *hinfo __attribute__((aligned(8)));
+};
+
+#endif /* _LINUX_NETFILTER_XT_MP2T_MATCH_H */

mconfig

@@ -22,6 +22,7 @@ build_ipset=m
 build_ipv4options=m
 build_length2=m
 build_lscan=m
+build_mp2t=m
 build_pknock=m
 build_psd=m
 build_quota2=m