From 66f213e32449f0ee7e769eb458d6a13fb379e9c9 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Mon, 15 Oct 2012 20:51:19 +0200 Subject: [PATCH] build: remove support for Linux 2.6.18 --- doc/changelog.txt | 2 +- extensions/compat_xtables.c | 36 +++++------------------------------ extensions/compat_xtables.h | 4 ++-- extensions/compat_xtnu.h | 4 ---- extensions/ip6table_rawpost.c | 4 ---- extensions/iptable_rawpost.c | 4 ---- extensions/pknock/xt_pknock.c | 28 --------------------------- extensions/xt_CHAOS.c | 9 ++------- extensions/xt_RAWNAT.c | 4 ---- extensions/xt_SYSRQ.c | 16 ++++++---------- 10 files changed, 16 insertions(+), 95 deletions(-) diff --git a/doc/changelog.txt b/doc/changelog.txt index 1f1f6a0..4aceb50 100644 --- a/doc/changelog.txt +++ b/doc/changelog.txt @@ -2,7 +2,7 @@ HEAD ==== Changes: -- remove support for Linux 2.6.17 +- remove support for Linux 2.6.17--2.6.18 v1.47.1 (2010-10-15) diff --git a/extensions/compat_xtables.c b/extensions/compat_xtables.c index 00b3e41..6b8c649 100644 --- a/extensions/compat_xtables.c +++ b/extensions/compat_xtables.c @@ -88,11 +88,7 @@ static bool xtnu_match_run(const struct sk_buff *skb, } #endif -#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 18) -static int xtnu_match_check(const char *table, const void *entry, - const struct xt_match *cm, void *matchinfo, unsigned int matchinfosize, - unsigned int hook_mask) -#elif LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 22) +#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 22) static int xtnu_match_check(const char *table, const void *entry, const struct xt_match *cm, void *matchinfo, unsigned int hook_mask) #elif LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 27) @@ -132,10 +128,7 @@ static bool xtnu_match_check(const struct xt_mtchk_param *par) } #endif -#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 18) -static void xtnu_match_destroy(const struct xt_match *cm, void *matchinfo, - unsigned int matchinfosize) -#elif LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 27) +#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 27) static void xtnu_match_destroy(const struct xt_match *cm, void *matchinfo) #endif #if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 27) @@ -232,12 +225,7 @@ void xtnu_unregister_matches(struct xtnu_match *nt, unsigned int num) EXPORT_SYMBOL_GPL(xtnu_unregister_matches); #endif -#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 18) -static unsigned int xtnu_target_run(struct sk_buff **pskb, - const struct net_device *in, const struct net_device *out, - unsigned int hooknum, const struct xt_target *ct, const void *targinfo, - void *userdata) -#elif LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 23) +#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 23) static unsigned int xtnu_target_run(struct sk_buff **pskb, const struct net_device *in, const struct net_device *out, unsigned int hooknum, const struct xt_target *ct, const void *targinfo) @@ -295,11 +283,7 @@ xtnu_target_run(struct sk_buff *skb, const struct xt_action_param *par) } #endif -#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 18) -static int xtnu_target_check(const char *table, const void *entry, - const struct xt_target *ct, void *targinfo, - unsigned int targinfosize, unsigned int hook_mask) -#elif LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 22) +#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 22) static int xtnu_target_check(const char *table, const void *entry, const struct xt_target *ct, void *targinfo, unsigned int hook_mask) #elif LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 27) @@ -341,13 +325,8 @@ static bool xtnu_target_check(const struct xt_tgchk_param *par) } #endif -#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 18) -static void xtnu_target_destroy(const struct xt_target *ct, void *targinfo, - unsigned int targinfosize) -#elif LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 27) -static void xtnu_target_destroy(const struct xt_target *ct, void *targinfo) -#endif #if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 27) +static void xtnu_target_destroy(const struct xt_target *ct, void *targinfo) { struct xtnu_target *nt = xtcompat_nutarget(ct); struct xt_tgdtor_param local_par = { @@ -540,7 +519,6 @@ void xtnu_proto_csum_replace4(__sum16 *sum, struct sk_buff *skb, __be32 diff[] = {~from, to}; const void *dv = diff; /* kludge for < v2.6.19-555-g72685fc */ -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 19) if (skb->ip_summed != CHECKSUM_PARTIAL) { *sum = csum_fold(csum_partial(dv, sizeof(diff), ~csum_unfold(*sum))); @@ -551,10 +529,6 @@ void xtnu_proto_csum_replace4(__sum16 *sum, struct sk_buff *skb, *sum = ~csum_fold(csum_partial(dv, sizeof(diff), csum_unfold(*sum))); } -#else - *sum = csum_fold(csum_partial(dv, sizeof(diff), - ~csum_unfold(*sum))); -#endif } EXPORT_SYMBOL_GPL(xtnu_proto_csum_replace4); #endif diff --git a/extensions/compat_xtables.h b/extensions/compat_xtables.h index 45a9a02..d98203b 100644 --- a/extensions/compat_xtables.h +++ b/extensions/compat_xtables.h @@ -8,8 +8,8 @@ #define DEBUGP Use__pr_debug__instead -#if LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 18) -# warning Kernels below 2.6.18 not supported. +#if LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 19) +# warning Kernels below 2.6.19 not supported. #endif #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) diff --git a/extensions/compat_xtnu.h b/extensions/compat_xtnu.h index 98e8eaf..71e5946 100644 --- a/extensions/compat_xtnu.h +++ b/extensions/compat_xtnu.h @@ -5,10 +5,6 @@ #include #include -#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 18) -typedef _Bool bool; -enum { false = 0, true = 1, }; -#endif #if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 19) typedef __u16 __bitwise __sum16; typedef __u32 __bitwise __wsum; diff --git a/extensions/ip6table_rawpost.c b/extensions/ip6table_rawpost.c index 1cd9b26..abc16bb 100644 --- a/extensions/ip6table_rawpost.c +++ b/extensions/ip6table_rawpost.c @@ -50,11 +50,7 @@ static unsigned int rawpost6_hook_fn(unsigned int hook, sk_buff_t *skb, const struct net_device *in, const struct net_device *out, int (*okfn)(struct sk_buff *)) { -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 19) return ip6t_do_table(skb, hook, in, out, rawpost6_ptable); -#else - return ip6t_do_table(skb, hook, in, out, rawpost6_ptable, NULL); -#endif } static struct nf_hook_ops rawpost6_hook_ops __read_mostly = { diff --git a/extensions/iptable_rawpost.c b/extensions/iptable_rawpost.c index a266c8e..50a45c4 100644 --- a/extensions/iptable_rawpost.c +++ b/extensions/iptable_rawpost.c @@ -51,11 +51,7 @@ static unsigned int rawpost4_hook_fn(unsigned int hook, sk_buff_t *skb, const struct net_device *in, const struct net_device *out, int (*okfn)(struct sk_buff *)) { -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 19) return ipt_do_table(skb, hook, in, out, rawpost4_ptable); -#else - return ipt_do_table(skb, hook, in, out, rawpost4_ptable, NULL); -#endif } static struct nf_hook_ops rawpost4_hook_ops __read_mostly = { diff --git a/extensions/pknock/xt_pknock.c b/extensions/pknock/xt_pknock.c index 8ef9ce3..f0026ea 100644 --- a/extensions/pknock/xt_pknock.c +++ b/extensions/pknock/xt_pknock.c @@ -32,10 +32,6 @@ #include "xt_pknock.h" #include "compat_xtables.h" -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 19) -# define PK_CRYPTO 1 -#endif - enum status { ST_INIT = 1, ST_MATCHING, @@ -113,7 +109,6 @@ static struct proc_dir_entry *pde; static DEFINE_SPINLOCK(list_lock); -#ifdef PK_CRYPTO static struct { const char *algo; struct crypto_hash *tfm; @@ -124,7 +119,6 @@ static struct { .tfm = NULL, .size = 0 }; -#endif module_param(rule_hashsize, int, S_IRUGO); MODULE_PARM_DESC(rule_hashsize, "Buckets in rule hash table (default: 8)"); @@ -719,7 +713,6 @@ msg_to_userspace_nl(const struct xt_pknock_mtinfo *info, return true; } -#ifdef PK_CRYPTO /** * Transforms a sequence of characters to hexadecimal. * @@ -818,7 +811,6 @@ has_secret(const unsigned char *secret, unsigned int secret_len, uint32_t ipsrc, kfree(hexresult); return fret; } -#endif /* PK_CRYPTO */ /** * If the peer pass the security policy. @@ -841,13 +833,11 @@ pass_security(struct peer *peer, const struct xt_pknock_mtinfo *info, pk_debug("DENIED (anti-spoof protection)", peer); return false; } -#ifdef PK_CRYPTO /* Check for OPEN secret */ if (has_secret(info->open_secret, info->open_secret_len, peer->ip, payload, payload_len)) return true; -#endif return false; } @@ -939,7 +929,6 @@ static bool is_close_knock(const struct peer *peer, const struct xt_pknock_mtinfo *info, const unsigned char *payload, unsigned int payload_len) { -#ifdef PK_CRYPTO /* Check for CLOSE secret. */ if (has_secret(info->close_secret, info->close_secret_len, peer->ip, @@ -948,7 +937,6 @@ is_close_knock(const struct peer *peer, const struct xt_pknock_mtinfo *info, pk_debug("BLOCKED", peer); return true; } -#endif return false; } @@ -983,14 +971,8 @@ static bool pknock_mt(const struct sk_buff *skb, case IPPROTO_UDP: case IPPROTO_UDPLITE: -#ifdef PK_CRYPTO hdr_len = (iph->ihl * 4) + sizeof(struct udphdr); break; -#else - pr_debug("UDP protocol not supported\n"); - return false; -#endif - default: pr_debug("IP payload protocol is neither tcp nor udp.\n"); return false; @@ -1079,12 +1061,9 @@ static int pknock_mt_check(const struct xt_mtchk_param *par) if (!(info->option & XT_PKNOCK_NAME)) RETURN_ERR("You must specify --name option.\n"); - -#ifndef PK_CRYPTO if (info->option & (XT_PKNOCK_OPENSECRET | XT_PKNOCK_CLOSESECRET)) RETURN_ERR("No crypto support available; " "cannot use opensecret/closescret\n"); -#endif if (info->option & XT_PKNOCK_OPENSECRET && info->ports_count != 1) RETURN_ERR("--opensecret must have just one knock port\n"); if (info->option & XT_PKNOCK_KNOCKPORT) { @@ -1154,7 +1133,6 @@ static int __init xt_pknock_mt_init(void) if (gc_expir_time < DEFAULT_GC_EXPIRATION_TIME) gc_expir_time = DEFAULT_GC_EXPIRATION_TIME; -#ifdef PK_CRYPTO if (request_module(crypto.algo) < 0) { printk(KERN_ERR PKNOCK "request_module('%s') error.\n", crypto.algo); @@ -1171,9 +1149,6 @@ static int __init xt_pknock_mt_init(void) crypto.size = crypto_hash_digestsize(crypto.tfm); crypto.desc.tfm = crypto.tfm; crypto.desc.flags = 0; -#else - pr_info("No crypto support for < 2.6.19\n"); -#endif pde = proc_mkdir("xt_pknock", init_net__proc_net); if (pde == NULL) { @@ -1188,11 +1163,8 @@ static void __exit xt_pknock_mt_exit(void) remove_proc_entry("xt_pknock", init_net__proc_net); xt_unregister_match(&xt_pknock_mt_reg); kfree(rule_hashtable); - -#ifdef PK_CRYPTO if (crypto.tfm != NULL) crypto_free_hash(crypto.tfm); -#endif } module_init(xt_pknock_mt_init); diff --git a/extensions/xt_CHAOS.c b/extensions/xt_CHAOS.c index a3b7b47..7c76d6e 100644 --- a/extensions/xt_CHAOS.c +++ b/extensions/xt_CHAOS.c @@ -94,9 +94,7 @@ xt_chaos_total(struct sk_buff *skb, const struct xt_action_param *par) return; destiny = (info->variant == XTCHAOS_TARPIT) ? xt_tarpit : xt_delude; -#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 18) - destiny->target(&skb, par->in, par->out, par->hooknum, destiny, NULL, NULL); -#elif LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 23) +#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 23) destiny->target(&skb, par->in, par->out, par->hooknum, destiny, NULL); #elif LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 27) destiny->target(skb, par->in, par->out, par->hooknum, destiny, NULL); @@ -142,10 +140,7 @@ chaos_tg(struct sk_buff **pskb, const struct xt_action_param *par) const struct iphdr *iph = ip_hdr(skb); if ((unsigned int)net_random() <= reject_percentage) { -#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 18) - return xt_reject->target(pskb, par->in, par->out, par->hooknum, - xt_reject, &reject_params, NULL); -#elif LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 23) +#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 23) return xt_reject->target(pskb, par->in, par->out, par->hooknum, xt_reject, &reject_params); #elif LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 27) diff --git a/extensions/xt_RAWNAT.c b/extensions/xt_RAWNAT.c index c15b5e5..e987776 100644 --- a/extensions/xt_RAWNAT.c +++ b/extensions/xt_RAWNAT.c @@ -96,9 +96,7 @@ static void rawnat4_update_l4(struct sk_buff *skb, __be32 oldip, __be32 newip) case IPPROTO_UDPLITE: udph = transport_hdr; cond = udph->check != 0; -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 19) cond |= skb->ip_summed == CHECKSUM_PARTIAL; -#endif if (cond) { inet_proto_csum_replace4(&udph->check, skb, oldip, newip, true); @@ -225,9 +223,7 @@ static void rawnat6_update_l4(struct sk_buff *skb, unsigned int l4proto, case IPPROTO_UDPLITE: udph = (void *)iph + l4offset; cond = udph->check; -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 19) cond |= skb->ip_summed == CHECKSUM_PARTIAL; -#endif if (cond) { for (i = 0; i < 4; ++i) inet_proto_csum_replace4(&udph->check, skb, diff --git a/extensions/xt_SYSRQ.c b/extensions/xt_SYSRQ.c index 9b59313..ab17bd8 100644 --- a/extensions/xt_SYSRQ.c +++ b/extensions/xt_SYSRQ.c @@ -26,8 +26,7 @@ #include #include "compat_xtables.h" -#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 19) && \ - (defined(CONFIG_CRYPTO) || defined(CONFIG_CRYPTO_MODULE)) +#if defined(CONFIG_CRYPTO) || defined(CONFIG_CRYPTO_MODULE) # define WITH_CRYPTO 1 #endif #if defined(CONFIG_IP6_NF_IPTABLES) || defined(CONFIG_IP6_NF_IPTABLES_MODULE) @@ -156,10 +155,8 @@ static unsigned int sysrq_tg(const void *pdata, uint16_t len) printk(KERN_INFO KBUILD_MODNAME ": SysRq %c\n", data[i]); #if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 36) handle_sysrq(data[i]); -#elif LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 19) - handle_sysrq(data[i], NULL); #else - handle_sysrq(data[i], NULL, NULL); + handle_sysrq(data[i], NULL); #endif } return NF_ACCEPT; @@ -193,10 +190,8 @@ static unsigned int sysrq_tg(const void *pdata, uint16_t len) #if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 36) handle_sysrq(c); -#elif LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 19) - handle_sysrq(c, NULL); #else - handle_sysrq(c, NULL, NULL); + handle_sysrq(c, NULL); #endif return NF_ACCEPT; } @@ -364,8 +359,9 @@ static int __init sysrq_crypto_init(void) fail: sysrq_crypto_exit(); return ret; -#elif LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 19) - printk(KERN_WARNING "xt_SYSRQ does not provide crypto for < 2.6.19\n"); +#else + printk(KERN_WARNING "Kernel was compiled without crypto, " + "so xt_SYSRQ won't use crypto.\n"); #endif return -EINVAL; } -- 2.47.2