#include <linux/netfilter_ipv4/ip_tables.h>
//#include <linux/netfilter_ipv4/ipt_pknock.h>
#include "xt_pknock.h"
+#include "compat_xtables.h"
MODULE_LICENSE("GPL");
MODULE_AUTHOR("J. Federico Hernandez Scarso, Luis A. Floreani");
return false;
}
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23)
-static bool
-#else
-static int
-#endif
-match(const struct sk_buff *skb,
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,28)
- const struct xt_match_param *par
-#else
- const struct net_device *in,
- const struct net_device *out,
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17)
- const struct xt_match *match,
-#endif
- const void *matchinfo,
- int offset,
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,16)
- unsigned int protoff,
-#endif
- bool *hotdrop
-#endif
-)
+static bool match(const struct sk_buff *skb, const struct xt_match_param *par)
{
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,28)
const struct ipt_pknock *info = par->matchinfo;
-#else
- const struct ipt_pknock *info = matchinfo;
-#endif
struct ipt_pknock_rule *rule = NULL;
struct peer *peer = NULL;
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22)
struct iphdr *iph = ip_hdr(skb);
-#else
- struct iphdr *iph = skb->nh.iph;
-#endif
int hdr_len = 0;
__be16 _ports[2], *pptr = NULL;
struct transport_data hdr = {0, 0, 0, NULL};
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23)
bool ret = false;
-#else
- int ret = 0;
-#endif
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,28)
pptr = skb_header_pointer(skb, par->thoff, sizeof _ports, &_ports);
-#else
- pptr = skb_header_pointer(skb, protoff, sizeof _ports, &_ports);
-#endif
-
if (pptr == NULL) {
/* We've been asked to examine this packet, and we
* can't. Hence, no choice but to drop.
*/
duprintf("Dropping evil offset=0 tinygram.\n");
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23)
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,28)
*par->hotdrop = true;
-#else
- *hotdrop = true;
-#endif
return false;
-#else
- *hotdrop = 1;
- return 0;
-#endif
}
hdr.port = ntohs(pptr[1]);
if (is_close_knock(peer, info, hdr.payload, hdr.payload_len))
{
reset_knock_status(peer);
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23)
ret = false;
-#else
- ret = 0;
-#endif
}
}
goto out;
return ret;
}
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23)
#define RETURN_ERR(err) do { printk(KERN_ERR PKNOCK err); return false; } while (0)
-#else
-#define RETURN_ERR(err) do { printk(KERN_ERR PKNOCK err); return 0; } while (0)
-#endif
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23)
-static bool
-#else
-static int
-#endif
-checkentry(
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,28)
- const struct xt_mtchk_param *par
-#else
- const char *tablename,
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,16)
- const void *ip,
-#else
- const struct ipt_ip *ip,
-#endif
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17)
- const struct xt_match *match,
-#endif
- void *matchinfo,
-#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17)
- unsigned int matchsize,
-#endif
- unsigned int hook_mask
-#endif
-)
+static bool checkentry(const struct xt_mtchk_param *par)
{
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,28)
struct ipt_pknock *info = par->matchinfo;
-#else
- struct ipt_pknock *info = matchinfo;
-#endif
/* Singleton. */
if (!rule_hashtable) {
}
}
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23)
return true;
-#else
- return 1;
-#endif
}
-static void
-destroy(
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,28)
- const struct xt_mtdtor_param *par
-#else
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17)
- const struct xt_match *match, void *matchinfo
-#else
- void *matchinfo, unsigned int matchsize
-#endif
-#endif
-)
+static void destroy(const struct xt_mtdtor_param *par)
{
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,28)
struct ipt_pknock *info = par->matchinfo;
-#else
- struct ipt_pknock *info = matchinfo;
-#endif
/* Removes a rule only if it exits and ref_count is equal to 0. */
remove_rule(info);
}
static struct xt_match ipt_pknock_match __read_mostly = {
.name = "pknock",
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,21)
.family = NFPROTO_IPV4,
-#endif
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17)
.matchsize = sizeof (struct ipt_pknock),
-#endif
.match = match,
.checkentry = checkentry,
.destroy = destroy,
crypto.desc.tfm = crypto.tfm;
crypto.desc.flags = 0;
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,24)
- if (!(pde = proc_mkdir("ipt_pknock", init_net.proc_net))) {
-#else
- if (!(pde = proc_mkdir("ipt_pknock", proc_net))) {
-#endif
+ if (!(pde = proc_mkdir("ipt_pknock", init_net__proc_net))) {
printk(KERN_ERR PKNOCK "proc_mkdir() error in _init().\n");
return -1;
}
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,21)
return xt_register_match(&ipt_pknock_match);
-#else
- return ipt_register_match(&ipt_pknock_match);
-#endif
}
static void __exit ipt_pknock_fini(void)
{
printk(KERN_INFO PKNOCK "unregister.\n");
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,24)
- remove_proc_entry("ipt_pknock", init_net.proc_net);
-#else
- remove_proc_entry("ipt_pknock", proc_net);
-#endif
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,21)
+ remove_proc_entry("ipt_pknock", init_net__proc_net);
xt_unregister_match(&ipt_pknock_match);
-#else
- ipt_unregister_match(&ipt_pknock_match);
-#endif
kfree(rule_hashtable);
if (crypto.tfm != NULL) crypto_free_hash(crypto.tfm);
projects / thirdparty / xtables-addons.git / commitdiff
