HEAD
====
Changes:
-- remove support for Linux 2.6.17
+- remove support for Linux 2.6.17--2.6.18
v1.47.1 (2010-10-15)
}
#endif
-#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 18)
-static int xtnu_match_check(const char *table, const void *entry,
- const struct xt_match *cm, void *matchinfo, unsigned int matchinfosize,
- unsigned int hook_mask)
-#elif LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 22)
+#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 22)
static int xtnu_match_check(const char *table, const void *entry,
const struct xt_match *cm, void *matchinfo, unsigned int hook_mask)
#elif LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 27)
}
#endif
-#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 18)
-static void xtnu_match_destroy(const struct xt_match *cm, void *matchinfo,
- unsigned int matchinfosize)
-#elif LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 27)
+#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 27)
static void xtnu_match_destroy(const struct xt_match *cm, void *matchinfo)
#endif
#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 27)
EXPORT_SYMBOL_GPL(xtnu_unregister_matches);
#endif
-#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 18)
-static unsigned int xtnu_target_run(struct sk_buff **pskb,
- const struct net_device *in, const struct net_device *out,
- unsigned int hooknum, const struct xt_target *ct, const void *targinfo,
- void *userdata)
-#elif LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 23)
+#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 23)
static unsigned int xtnu_target_run(struct sk_buff **pskb,
const struct net_device *in, const struct net_device *out,
unsigned int hooknum, const struct xt_target *ct, const void *targinfo)
}
#endif
-#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 18)
-static int xtnu_target_check(const char *table, const void *entry,
- const struct xt_target *ct, void *targinfo,
- unsigned int targinfosize, unsigned int hook_mask)
-#elif LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 22)
+#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 22)
static int xtnu_target_check(const char *table, const void *entry,
const struct xt_target *ct, void *targinfo, unsigned int hook_mask)
#elif LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 27)
}
#endif
-#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 18)
-static void xtnu_target_destroy(const struct xt_target *ct, void *targinfo,
- unsigned int targinfosize)
-#elif LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 27)
-static void xtnu_target_destroy(const struct xt_target *ct, void *targinfo)
-#endif
#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 27)
+static void xtnu_target_destroy(const struct xt_target *ct, void *targinfo)
{
struct xtnu_target *nt = xtcompat_nutarget(ct);
struct xt_tgdtor_param local_par = {
__be32 diff[] = {~from, to};
const void *dv = diff; /* kludge for < v2.6.19-555-g72685fc */
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 19)
if (skb->ip_summed != CHECKSUM_PARTIAL) {
*sum = csum_fold(csum_partial(dv, sizeof(diff),
~csum_unfold(*sum)));
*sum = ~csum_fold(csum_partial(dv, sizeof(diff),
csum_unfold(*sum)));
}
-#else
- *sum = csum_fold(csum_partial(dv, sizeof(diff),
- ~csum_unfold(*sum)));
-#endif
}
EXPORT_SYMBOL_GPL(xtnu_proto_csum_replace4);
#endif
#define DEBUGP Use__pr_debug__instead
-#if LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 18)
-# warning Kernels below 2.6.18 not supported.
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 19)
+# warning Kernels below 2.6.19 not supported.
#endif
#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
#include <linux/netfilter/x_tables.h>
#include <linux/spinlock.h>
-#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 18)
-typedef _Bool bool;
-enum { false = 0, true = 1, };
-#endif
#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 19)
typedef __u16 __bitwise __sum16;
typedef __u32 __bitwise __wsum;
const struct net_device *in, const struct net_device *out,
int (*okfn)(struct sk_buff *))
{
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 19)
return ip6t_do_table(skb, hook, in, out, rawpost6_ptable);
-#else
- return ip6t_do_table(skb, hook, in, out, rawpost6_ptable, NULL);
-#endif
}
static struct nf_hook_ops rawpost6_hook_ops __read_mostly = {
const struct net_device *in, const struct net_device *out,
int (*okfn)(struct sk_buff *))
{
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 19)
return ipt_do_table(skb, hook, in, out, rawpost4_ptable);
-#else
- return ipt_do_table(skb, hook, in, out, rawpost4_ptable, NULL);
-#endif
}
static struct nf_hook_ops rawpost4_hook_ops __read_mostly = {
#include "xt_pknock.h"
#include "compat_xtables.h"
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 19)
-# define PK_CRYPTO 1
-#endif
-
enum status {
ST_INIT = 1,
ST_MATCHING,
static DEFINE_SPINLOCK(list_lock);
-#ifdef PK_CRYPTO
static struct {
const char *algo;
struct crypto_hash *tfm;
.tfm = NULL,
.size = 0
};
-#endif
module_param(rule_hashsize, int, S_IRUGO);
MODULE_PARM_DESC(rule_hashsize, "Buckets in rule hash table (default: 8)");
return true;
}
-#ifdef PK_CRYPTO
/**
* Transforms a sequence of characters to hexadecimal.
*
kfree(hexresult);
return fret;
}
-#endif /* PK_CRYPTO */
/**
* If the peer pass the security policy.
pk_debug("DENIED (anti-spoof protection)", peer);
return false;
}
-#ifdef PK_CRYPTO
/* Check for OPEN secret */
if (has_secret(info->open_secret,
info->open_secret_len, peer->ip,
payload, payload_len))
return true;
-#endif
return false;
}
is_close_knock(const struct peer *peer, const struct xt_pknock_mtinfo *info,
const unsigned char *payload, unsigned int payload_len)
{
-#ifdef PK_CRYPTO
/* Check for CLOSE secret. */
if (has_secret(info->close_secret,
info->close_secret_len, peer->ip,
pk_debug("BLOCKED", peer);
return true;
}
-#endif
return false;
}
case IPPROTO_UDP:
case IPPROTO_UDPLITE:
-#ifdef PK_CRYPTO
hdr_len = (iph->ihl * 4) + sizeof(struct udphdr);
break;
-#else
- pr_debug("UDP protocol not supported\n");
- return false;
-#endif
-
default:
pr_debug("IP payload protocol is neither tcp nor udp.\n");
return false;
if (!(info->option & XT_PKNOCK_NAME))
RETURN_ERR("You must specify --name option.\n");
-
-#ifndef PK_CRYPTO
if (info->option & (XT_PKNOCK_OPENSECRET | XT_PKNOCK_CLOSESECRET))
RETURN_ERR("No crypto support available; "
"cannot use opensecret/closescret\n");
-#endif
if (info->option & XT_PKNOCK_OPENSECRET && info->ports_count != 1)
RETURN_ERR("--opensecret must have just one knock port\n");
if (info->option & XT_PKNOCK_KNOCKPORT) {
if (gc_expir_time < DEFAULT_GC_EXPIRATION_TIME)
gc_expir_time = DEFAULT_GC_EXPIRATION_TIME;
-#ifdef PK_CRYPTO
if (request_module(crypto.algo) < 0) {
printk(KERN_ERR PKNOCK "request_module('%s') error.\n",
crypto.algo);
crypto.size = crypto_hash_digestsize(crypto.tfm);
crypto.desc.tfm = crypto.tfm;
crypto.desc.flags = 0;
-#else
- pr_info("No crypto support for < 2.6.19\n");
-#endif
pde = proc_mkdir("xt_pknock", init_net__proc_net);
if (pde == NULL) {
remove_proc_entry("xt_pknock", init_net__proc_net);
xt_unregister_match(&xt_pknock_mt_reg);
kfree(rule_hashtable);
-
-#ifdef PK_CRYPTO
if (crypto.tfm != NULL)
crypto_free_hash(crypto.tfm);
-#endif
}
module_init(xt_pknock_mt_init);
return;
destiny = (info->variant == XTCHAOS_TARPIT) ? xt_tarpit : xt_delude;
-#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 18)
- destiny->target(&skb, par->in, par->out, par->hooknum, destiny, NULL, NULL);
-#elif LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 23)
+#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 23)
destiny->target(&skb, par->in, par->out, par->hooknum, destiny, NULL);
#elif LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 27)
destiny->target(skb, par->in, par->out, par->hooknum, destiny, NULL);
const struct iphdr *iph = ip_hdr(skb);
if ((unsigned int)net_random() <= reject_percentage) {
-#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 18)
- return xt_reject->target(pskb, par->in, par->out, par->hooknum,
- xt_reject, &reject_params, NULL);
-#elif LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 23)
+#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 23)
return xt_reject->target(pskb, par->in, par->out, par->hooknum,
xt_reject, &reject_params);
#elif LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 27)
case IPPROTO_UDPLITE:
udph = transport_hdr;
cond = udph->check != 0;
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 19)
cond |= skb->ip_summed == CHECKSUM_PARTIAL;
-#endif
if (cond) {
inet_proto_csum_replace4(&udph->check, skb,
oldip, newip, true);
case IPPROTO_UDPLITE:
udph = (void *)iph + l4offset;
cond = udph->check;
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 19)
cond |= skb->ip_summed == CHECKSUM_PARTIAL;
-#endif
if (cond) {
for (i = 0; i < 4; ++i)
inet_proto_csum_replace4(&udph->check, skb,
#include <net/ip.h>
#include "compat_xtables.h"
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 19) && \
- (defined(CONFIG_CRYPTO) || defined(CONFIG_CRYPTO_MODULE))
+#if defined(CONFIG_CRYPTO) || defined(CONFIG_CRYPTO_MODULE)
# define WITH_CRYPTO 1
#endif
#if defined(CONFIG_IP6_NF_IPTABLES) || defined(CONFIG_IP6_NF_IPTABLES_MODULE)
printk(KERN_INFO KBUILD_MODNAME ": SysRq %c\n", data[i]);
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 36)
handle_sysrq(data[i]);
-#elif LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 19)
- handle_sysrq(data[i], NULL);
#else
- handle_sysrq(data[i], NULL, NULL);
+ handle_sysrq(data[i], NULL);
#endif
}
return NF_ACCEPT;
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 36)
handle_sysrq(c);
-#elif LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 19)
- handle_sysrq(c, NULL);
#else
- handle_sysrq(c, NULL, NULL);
+ handle_sysrq(c, NULL);
#endif
return NF_ACCEPT;
}
fail:
sysrq_crypto_exit();
return ret;
-#elif LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 19)
- printk(KERN_WARNING "xt_SYSRQ does not provide crypto for < 2.6.19\n");
+#else
+ printk(KERN_WARNING "Kernel was compiled without crypto, "
+ "so xt_SYSRQ won't use crypto.\n");
#endif
return -EINVAL;
}
projects / thirdparty / xtables-addons.git / commitdiff
