kernel-netlink: Check existence of linux/fib_rules.h, don't include it in distribution

This reverts commit b0761f1f0a5abd225edc291c8285f99a538e6a66.

diff --git a/configure.ac b/configure.ac
index 82c530424a5a35ed00d83967867ab38edd782e59..ffcb7a5479369a37b10bd5bac49d0567e67b0b1a 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -490,7 +490,7 @@ AC_CHECK_FUNC(
 
 AC_CHECK_FUNCS(prctl mallinfo getpass closefrom getpwnam_r getgrnam_r getpwuid_r)
 
-AC_CHECK_HEADERS(sys/sockio.h glob.h net/if_tun.h)
+AC_CHECK_HEADERS(sys/sockio.h glob.h net/if_tun.h linux/fib_rules.h)
 AC_CHECK_HEADERS(net/pfkeyv2.h netipsec/ipsec.h netinet6/ipsec.h linux/udp.h)
 AC_CHECK_HEADERS(netinet/ip6.h, [], [],
 [

diff --git a/src/include/Makefile.am b/src/include/Makefile.am
index e0bd43dccc98f3298d0d56ed1fb9bea73281e583..5de7131437662679786fea7556da8918dd8a0675 100644 (file)
--- a/src/include/Makefile.am
+++ b/src/include/Makefile.am
@@ -1,3 +1,3 @@
-EXTRA_DIST = linux/fib_rules.h linux/if_alg.h linux/ipsec.h linux/netlink.h \
-                        linux/rtnetlink.h linux/pfkeyv2.h linux/udp.h linux/xfrm.h \
-                        linux/types.h sys/queue.h
+EXTRA_DIST = linux/if_alg.h linux/ipsec.h linux/netlink.h linux/rtnetlink.h \
+             linux/pfkeyv2.h linux/udp.h linux/xfrm.h linux/types.h \
+             sys/queue.h

diff --git a/src/include/linux/fib_rules.h b/src/include/linux/fib_rules.h
deleted file mode 100644 (file)
index 51da65b..0000000
--- a/src/include/linux/fib_rules.h
+++ /dev/null
@@ -1,72 +0,0 @@
-#ifndef __LINUX_FIB_RULES_H
-#define __LINUX_FIB_RULES_H
-
-#include <linux/types.h>
-#include <linux/rtnetlink.h>
-
-/* rule is permanent, and cannot be deleted */
-#define FIB_RULE_PERMANENT     0x00000001
-#define FIB_RULE_INVERT                0x00000002
-#define FIB_RULE_UNRESOLVED    0x00000004
-#define FIB_RULE_IIF_DETACHED  0x00000008
-#define FIB_RULE_DEV_DETACHED  FIB_RULE_IIF_DETACHED
-#define FIB_RULE_OIF_DETACHED  0x00000010
-
-/* try to find source address in routing lookups */
-#define FIB_RULE_FIND_SADDR    0x00010000
-
-struct fib_rule_hdr {
-       __u8            family;
-       __u8            dst_len;
-       __u8            src_len;
-       __u8            tos;
-
-       __u8            table;
-       __u8            res1;   /* reserved */
-       __u8            res2;   /* reserved */
-       __u8            action;
-
-       __u32           flags;
-};
-
-enum {
-       FRA_UNSPEC,
-       FRA_DST,        /* destination address */
-       FRA_SRC,        /* source address */
-       FRA_IIFNAME,    /* interface name */
-#define FRA_IFNAME     FRA_IIFNAME
-       FRA_GOTO,       /* target to jump to (FR_ACT_GOTO) */
-       FRA_UNUSED2,
-       FRA_PRIORITY,   /* priority/preference */
-       FRA_UNUSED3,
-       FRA_UNUSED4,
-       FRA_UNUSED5,
-       FRA_FWMARK,     /* mark */
-       FRA_FLOW,       /* flow/class id */
-       FRA_UNUSED6,
-       FRA_UNUSED7,
-       FRA_UNUSED8,
-       FRA_TABLE,      /* Extended table id */
-       FRA_FWMASK,     /* mask for netfilter mark */
-       FRA_OIFNAME,
-       __FRA_MAX
-};
-
-#define FRA_MAX (__FRA_MAX - 1)
-
-enum {
-       FR_ACT_UNSPEC,
-       FR_ACT_TO_TBL,          /* Pass to fixed table */
-       FR_ACT_GOTO,            /* Jump to another rule */
-       FR_ACT_NOP,             /* No operation */
-       FR_ACT_RES3,
-       FR_ACT_RES4,
-       FR_ACT_BLACKHOLE,       /* Drop without notification */
-       FR_ACT_UNREACHABLE,     /* Drop with ENETUNREACH */
-       FR_ACT_PROHIBIT,        /* Drop with EACCES */
-       __FR_ACT_MAX,
-};
-
-#define FR_ACT_MAX (__FR_ACT_MAX - 1)
-
-#endif

diff --git a/src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c b/src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c
index 04dc22c00390091e57fb1f19080425817664751d..d270750825eeccb70135facdb30f257915f63b71 100644 (file)
--- a/src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c
+++ b/src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c
@@ -44,7 +44,9 @@
 #include <unistd.h>
 #include <errno.h>
 #include <net/if.h>
+#ifdef HAVE_LINUX_FIB_RULES_H
 #include <linux/fib_rules.h>
+#endif
 
 #include "kernel_netlink_net.h"
 #include "kernel_netlink_shared.h"
@@ -2098,7 +2100,6 @@ static status_t manage_rule(private_kernel_netlink_net_t *this, int nlmsg_type,
        struct rtmsg *msg;
        chunk_t chunk;
        char *fwmark;
-       mark_t mark;
 
        memset(&request, 0, sizeof(request));
        hdr = (struct nlmsghdr*)request;
@@ -2124,6 +2125,9 @@ static status_t manage_rule(private_kernel_netlink_net_t *this, int nlmsg_type,
                                        "%s.plugins.kernel-netlink.fwmark", NULL, hydra->daemon);
        if (fwmark)
        {
+#ifdef HAVE_LINUX_FIB_RULES_H
+               mark_t mark;
+
                if (fwmark[0] == '!')
                {
                        msg->rtm_flags |= FIB_RULE_INVERT;
@@ -2136,6 +2140,9 @@ static status_t manage_rule(private_kernel_netlink_net_t *this, int nlmsg_type,
                        chunk = chunk_from_thing(mark.mask);
                        netlink_add_attribute(hdr, FRA_FWMASK, chunk, sizeof(request));
                }
+#else
+               DBG1(DBG_KNL, "setting firewall mark on routing rule is not supported");
+#endif
        }
        return this->socket->send_ack(this->socket, hdr);
 }