xt_pknock: fix pknock in UDP SPA mode

When the PK_CRYPTO pre-processor flag got removed in
v1.47.1-2-g66f213e, one of the removal cases was misapplied; the body
of an "#ifndef PK_CRYPTO" was left in rather than the whole section
being removed.

diff --git a/doc/changelog.txt b/doc/changelog.txt
index f2e7d518129eea1e37eb054b0fb2efd3ad62afc4..685a9f3ee16438f7129d1d8772eaf38be9149d3c 100644 (file)
--- a/doc/changelog.txt
+++ b/doc/changelog.txt
@@ -1,6 +1,9 @@
 
 HEAD
 ====
+Fixes:
+- xt_pknock: UDP SPA mode erroneously returned an error saying
+  crypto was unavailable
 
 
 v2.5 (2014-04-18)

diff --git a/extensions/pknock/xt_pknock.c b/extensions/pknock/xt_pknock.c
index f7545684601c124989f9bf9a7bb60bfee9b65090..1acc75c27dc220d9a6a14201efa7ad844bff9bee 100644 (file)
--- a/extensions/pknock/xt_pknock.c
+++ b/extensions/pknock/xt_pknock.c
@@ -1058,9 +1058,6 @@ static int pknock_mt_check(const struct xt_mtchk_param *par)
 
        if (!(info->option & XT_PKNOCK_NAME))
                RETURN_ERR("You must specify --name option.\n");
-       if (info->option & (XT_PKNOCK_OPENSECRET | XT_PKNOCK_CLOSESECRET))
-               RETURN_ERR("No crypto support available; "
-                       "cannot use opensecret/closescret\n");
        if (info->option & XT_PKNOCK_OPENSECRET && info->ports_count != 1)
                RETURN_ERR("--opensecret must have just one knock port\n");
        if (info->option & XT_PKNOCK_KNOCKPORT) {