[opensuse-kernel] pull: remove ipv4options, again
Please merge. The following changes since commit 977110531839e53cc4832b8f35d8afd12668ca5e: Nick Piggin (1): - patches.suse/slab-handle-memoryless-nodes-v2a.patch: slab are available in the git repository at: git://dev.medozas.de/suse-kernel ipv4options Jan Engelhardt (1): series: remove patch-o-matic patches, again patches.suse/netfilter-ipv4options | 243 ------------------------------------ series.conf | 1 - 2 files changed, 0 insertions(+), 244 deletions(-) delete mode 100644 patches.suse/netfilter-ipv4options -- To unsubscribe, e-mail: opensuse-kernel+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-kernel+help@opensuse.org
Patch-o-matic is not supported upstream nor sidestream; please use xt_ipv4options from Xtables-addons instead. References: https://bugzilla.novell.com/490142 --- patches.suse/netfilter-ipv4options | 243 ------------------------------------ series.conf | 1 - 2 files changed, 0 insertions(+), 244 deletions(-) delete mode 100644 patches.suse/netfilter-ipv4options diff --git a/patches.suse/netfilter-ipv4options b/patches.suse/netfilter-ipv4options deleted file mode 100644 index 2636b50..0000000 --- a/patches.suse/netfilter-ipv4options +++ /dev/null @@ -1,243 +0,0 @@ -From: Fabrice MARIE <fabrice@netfilter.org> -From: Harald Welte <laforge@netfilter.org> -Subject: netfilter ipv4options match from patch-o-matic-ng -References: bnc#131728 - FATE#182 -Patch-mainline: no - -This is a module which is used to match ipv4 options. - -Updated-by: Jeff Mahoney <jeffm@suse.com> - -Acked-by: Olaf Kirch <okir@suse.de> -Acked-by: Jaroslav Kysela <perex@suse.de> -Updated-by: Jiri Bohac <jbohac@suse.cz> - -Index: work/include/linux/netfilter_ipv4/ipt_ipv4options.h -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ work/include/linux/netfilter_ipv4/ipt_ipv4options.h 2009-12-04 21:35:30.000000000 +0100 -@@ -0,0 +1,21 @@ -+#ifndef __ipt_ipv4options_h_included__ -+#define __ipt_ipv4options_h_included__ -+ -+#define IPT_IPV4OPTION_MATCH_SSRR 0x01 /* For strict source routing */ -+#define IPT_IPV4OPTION_MATCH_LSRR 0x02 /* For loose source routing */ -+#define IPT_IPV4OPTION_DONT_MATCH_SRR 0x04 /* any source routing */ -+#define IPT_IPV4OPTION_MATCH_RR 0x08 /* For Record route */ -+#define IPT_IPV4OPTION_DONT_MATCH_RR 0x10 -+#define IPT_IPV4OPTION_MATCH_TIMESTAMP 0x20 /* For timestamp request */ -+#define IPT_IPV4OPTION_DONT_MATCH_TIMESTAMP 0x40 -+#define IPT_IPV4OPTION_MATCH_ROUTER_ALERT 0x80 /* For router-alert */ -+#define IPT_IPV4OPTION_DONT_MATCH_ROUTER_ALERT 0x100 -+#define IPT_IPV4OPTION_MATCH_ANY_OPT 0x200 /* match packet with any option */ -+#define IPT_IPV4OPTION_DONT_MATCH_ANY_OPT 0x400 /* match packet with no option */ -+ -+struct ipt_ipv4options_info { -+ u_int16_t options; -+}; -+ -+ -+#endif /* __ipt_ipv4options_h_included__ */ -Index: work/net/ipv4/netfilter/Kconfig -=================================================================== ---- work.orig/net/ipv4/netfilter/Kconfig 2009-12-03 04:51:21.000000000 +0100 -+++ work/net/ipv4/netfilter/Kconfig 2009-12-04 21:35:30.000000000 +0100 -@@ -101,6 +101,20 @@ config IP_NF_MATCH_TTL - (e.g. when running oldconfig). It selects - CONFIG_NETFILTER_XT_MATCH_HL. - -+config IP_NF_MATCH_IPV4OPTIONS -+ tristate 'IPV4OPTIONS match support' -+ depends on IP_NF_IPTABLES -+ help -+ This option adds a IPV4OPTIONS match. -+ It allows you to filter options like source routing, -+ record route, timestamp and router-altert. -+ -+ If you say Y here, try iptables -m ipv4options --help for more information. -+ -+ If you want to compile it as a module, say M here and read -+ Documentation/modules.txt. If unsure, say 'N'. -+ -+ - # `filter', generic and specific targets - config IP_NF_FILTER - tristate "Packet filtering" -Index: work/net/ipv4/netfilter/Makefile -=================================================================== ---- work.orig/net/ipv4/netfilter/Makefile 2009-12-03 04:51:21.000000000 +0100 -+++ work/net/ipv4/netfilter/Makefile 2009-12-04 21:35:30.000000000 +0100 -@@ -51,6 +51,7 @@ obj-$(CONFIG_IP_NF_SECURITY) += iptable_ - obj-$(CONFIG_IP_NF_MATCH_ADDRTYPE) += ipt_addrtype.o - obj-$(CONFIG_IP_NF_MATCH_AH) += ipt_ah.o - obj-$(CONFIG_IP_NF_MATCH_ECN) += ipt_ecn.o -+obj-$(CONFIG_IP_NF_MATCH_IPV4OPTIONS) += ipt_ipv4options.o - - # targets - obj-$(CONFIG_IP_NF_TARGET_CLUSTERIP) += ipt_CLUSTERIP.o -Index: work/net/ipv4/netfilter/ipt_ipv4options.c -=================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ work/net/ipv4/netfilter/ipt_ipv4options.c 2009-12-04 21:44:21.000000000 +0100 -@@ -0,0 +1,161 @@ -+/* -+ This is a module which is used to match ipv4 options. -+ This file is distributed under the terms of the GNU General Public -+ License (GPL). Copies of the GPL can be obtained from: -+ ftp://prep.ai.mit.edu/pub/gnu/GPL -+ -+ 11-mars-2001 Fabrice MARIE <fabrice@netfilter.org> : initial development. -+ 12-july-2001 Fabrice MARIE <fabrice@netfilter.org> : added router-alert otions matching. Fixed a bug with no-srr -+ 12-august-2001 Imran Patel <ipatel@crosswinds.net> : optimization of the match. -+ 18-november-2001 Fabrice MARIE <fabrice@netfilter.org> : added [!] 'any' option match. -+ 19-february-2004 Harald Welte <laforge@netfilter.org> : merge with 2.6.x -+*/ -+ -+#include <linux/module.h> -+#include <linux/skbuff.h> -+#include <net/ip.h> -+ -+#include <linux/netfilter_ipv4/ip_tables.h> -+#include <linux/netfilter_ipv4/ipt_ipv4options.h> -+ -+MODULE_LICENSE("GPL"); -+MODULE_AUTHOR("Fabrice Marie <fabrice@netfilter.org>"); -+ -+static bool -+match(const struct sk_buff *skb, const struct xt_match_param *par) -+{ -+ const struct ipt_ipv4options_info *info = par->matchinfo; /* match info for rule */ -+ const struct iphdr *iph = ip_hdr(skb); -+ const struct ip_options *opt; -+ -+ if (iph->ihl * 4 == sizeof(struct iphdr)) { -+ /* No options, so we match only the "DONTs" and the "IGNOREs" */ -+ -+ if (((info->options & IPT_IPV4OPTION_MATCH_ANY_OPT) == IPT_IPV4OPTION_MATCH_ANY_OPT) || -+ ((info->options & IPT_IPV4OPTION_MATCH_SSRR) == IPT_IPV4OPTION_MATCH_SSRR) || -+ ((info->options & IPT_IPV4OPTION_MATCH_LSRR) == IPT_IPV4OPTION_MATCH_LSRR) || -+ ((info->options & IPT_IPV4OPTION_MATCH_RR) == IPT_IPV4OPTION_MATCH_RR) || -+ ((info->options & IPT_IPV4OPTION_MATCH_TIMESTAMP) == IPT_IPV4OPTION_MATCH_TIMESTAMP) || -+ ((info->options & IPT_IPV4OPTION_MATCH_ROUTER_ALERT) == IPT_IPV4OPTION_MATCH_ROUTER_ALERT)) -+ return 0; -+ return 1; -+ } -+ else { -+ if ((info->options & IPT_IPV4OPTION_MATCH_ANY_OPT) == IPT_IPV4OPTION_MATCH_ANY_OPT) -+ /* there are options, and we don't need to care which one */ -+ return 1; -+ else { -+ if ((info->options & IPT_IPV4OPTION_DONT_MATCH_ANY_OPT) == IPT_IPV4OPTION_DONT_MATCH_ANY_OPT) -+ /* there are options but we don't want any ! */ -+ return 0; -+ } -+ } -+ -+ opt = &(IPCB(skb)->opt); -+ -+ /* source routing */ -+ if ((info->options & IPT_IPV4OPTION_MATCH_SSRR) == IPT_IPV4OPTION_MATCH_SSRR) { -+ if (!((opt->srr) && (opt->is_strictroute))) -+ return 0; -+ } -+ else if ((info->options & IPT_IPV4OPTION_MATCH_LSRR) == IPT_IPV4OPTION_MATCH_LSRR) { -+ if (!((opt->srr) && (!opt->is_strictroute))) -+ return 0; -+ } -+ else if ((info->options & IPT_IPV4OPTION_DONT_MATCH_SRR) == IPT_IPV4OPTION_DONT_MATCH_SRR) { -+ if (opt->srr) -+ return 0; -+ } -+ /* record route */ -+ if ((info->options & IPT_IPV4OPTION_MATCH_RR) == IPT_IPV4OPTION_MATCH_RR) { -+ if (!opt->rr) -+ return 0; -+ } -+ else if ((info->options & IPT_IPV4OPTION_DONT_MATCH_RR) == IPT_IPV4OPTION_DONT_MATCH_RR) { -+ if (opt->rr) -+ return 0; -+ } -+ /* timestamp */ -+ if ((info->options & IPT_IPV4OPTION_MATCH_TIMESTAMP) == IPT_IPV4OPTION_MATCH_TIMESTAMP) { -+ if (!opt->ts) -+ return 0; -+ } -+ else if ((info->options & IPT_IPV4OPTION_DONT_MATCH_TIMESTAMP) == IPT_IPV4OPTION_DONT_MATCH_TIMESTAMP) { -+ if (opt->ts) -+ return 0; -+ } -+ /* router-alert option */ -+ if ((info->options & IPT_IPV4OPTION_MATCH_ROUTER_ALERT) == IPT_IPV4OPTION_MATCH_ROUTER_ALERT) { -+ if (!opt->router_alert) -+ return 0; -+ } -+ else if ((info->options & IPT_IPV4OPTION_DONT_MATCH_ROUTER_ALERT) == IPT_IPV4OPTION_DONT_MATCH_ROUTER_ALERT) { -+ if (opt->router_alert) -+ return 0; -+ } -+ -+ /* we match ! */ -+ return 1; -+} -+ -+static bool checkentry(const struct xt_mtchk_param *par) -+{ -+ const struct ipt_ipv4options_info *info = par->matchinfo; /* match info for rule */ -+ /* Now check the coherence of the data ... */ -+ if (((info->options & IPT_IPV4OPTION_MATCH_ANY_OPT) == IPT_IPV4OPTION_MATCH_ANY_OPT) && -+ (((info->options & IPT_IPV4OPTION_DONT_MATCH_SRR) == IPT_IPV4OPTION_DONT_MATCH_SRR) || -+ ((info->options & IPT_IPV4OPTION_DONT_MATCH_RR) == IPT_IPV4OPTION_DONT_MATCH_RR) || -+ ((info->options & IPT_IPV4OPTION_DONT_MATCH_TIMESTAMP) == IPT_IPV4OPTION_DONT_MATCH_TIMESTAMP) || -+ ((info->options & IPT_IPV4OPTION_DONT_MATCH_ROUTER_ALERT) == IPT_IPV4OPTION_DONT_MATCH_ROUTER_ALERT) || -+ ((info->options & IPT_IPV4OPTION_DONT_MATCH_ANY_OPT) == IPT_IPV4OPTION_DONT_MATCH_ANY_OPT))) -+ return 0; /* opposites */ -+ if (((info->options & IPT_IPV4OPTION_DONT_MATCH_ANY_OPT) == IPT_IPV4OPTION_DONT_MATCH_ANY_OPT) && -+ (((info->options & IPT_IPV4OPTION_MATCH_LSRR) == IPT_IPV4OPTION_MATCH_LSRR) || -+ ((info->options & IPT_IPV4OPTION_MATCH_SSRR) == IPT_IPV4OPTION_MATCH_SSRR) || -+ ((info->options & IPT_IPV4OPTION_MATCH_RR) == IPT_IPV4OPTION_MATCH_RR) || -+ ((info->options & IPT_IPV4OPTION_MATCH_TIMESTAMP) == IPT_IPV4OPTION_MATCH_TIMESTAMP) || -+ ((info->options & IPT_IPV4OPTION_MATCH_ROUTER_ALERT) == IPT_IPV4OPTION_MATCH_ROUTER_ALERT) || -+ ((info->options & IPT_IPV4OPTION_MATCH_ANY_OPT) == IPT_IPV4OPTION_MATCH_ANY_OPT))) -+ return 0; /* opposites */ -+ if (((info->options & IPT_IPV4OPTION_MATCH_SSRR) == IPT_IPV4OPTION_MATCH_SSRR) && -+ ((info->options & IPT_IPV4OPTION_MATCH_LSRR) == IPT_IPV4OPTION_MATCH_LSRR)) -+ return 0; /* cannot match in the same time loose and strict source routing */ -+ if ((((info->options & IPT_IPV4OPTION_MATCH_SSRR) == IPT_IPV4OPTION_MATCH_SSRR) || -+ ((info->options & IPT_IPV4OPTION_MATCH_LSRR) == IPT_IPV4OPTION_MATCH_LSRR)) && -+ ((info->options & IPT_IPV4OPTION_DONT_MATCH_SRR) == IPT_IPV4OPTION_DONT_MATCH_SRR)) -+ return 0; /* opposites */ -+ if (((info->options & IPT_IPV4OPTION_MATCH_RR) == IPT_IPV4OPTION_MATCH_RR) && -+ ((info->options & IPT_IPV4OPTION_DONT_MATCH_RR) == IPT_IPV4OPTION_DONT_MATCH_RR)) -+ return 0; /* opposites */ -+ if (((info->options & IPT_IPV4OPTION_MATCH_TIMESTAMP) == IPT_IPV4OPTION_MATCH_TIMESTAMP) && -+ ((info->options & IPT_IPV4OPTION_DONT_MATCH_TIMESTAMP) == IPT_IPV4OPTION_DONT_MATCH_TIMESTAMP)) -+ return 0; /* opposites */ -+ if (((info->options & IPT_IPV4OPTION_MATCH_ROUTER_ALERT) == IPT_IPV4OPTION_MATCH_ROUTER_ALERT) && -+ ((info->options & IPT_IPV4OPTION_DONT_MATCH_ROUTER_ALERT) == IPT_IPV4OPTION_DONT_MATCH_ROUTER_ALERT)) -+ return 0; /* opposites */ -+ -+ /* everything looks ok. */ -+ return 1; -+} -+ -+static struct xt_match ipv4options_match = { -+ .name = "ipv4options", -+ .family = NFPROTO_IPV4, -+ .match = match, -+ .matchsize = sizeof(struct ipt_ipv4options_info), -+ .checkentry = checkentry, -+ .me = THIS_MODULE -+}; -+ -+static int __init init(void) -+{ -+ return xt_register_match(&ipv4options_match); -+} -+ -+static void __exit fini(void) -+{ -+ xt_unregister_match(&ipv4options_match); -+} -+ -+module_init(init); -+module_exit(fini); diff --git a/series.conf b/series.conf index f626095..e9f3c7e 100644 --- a/series.conf +++ b/series.conf @@ -663,7 +663,6 @@ patches.suse/netfilter-ip_conntrack_slp.patch patches.fixes/fix-nf_conntrack_slp patches.fixes/netfilter-remove-pointless-config_nf_ct_acct-warning - patches.suse/netfilter-ipv4options ######################################################## # -- 1.6.6 -- To unsubscribe, e-mail: opensuse-kernel+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-kernel+help@opensuse.org
On Tue, 26 Jan 2010 00:43:13 +0100, Jan Engelhardt wrote:
Patch-o-matic is not supported upstream nor sidestream; please use xt_ipv4options from Xtables-addons instead.
References: https://bugzilla.novell.com/490142
patches.suse/netfilter-ipv4options | 243 ------------------------------------ series.conf | 1 - 2 files changed, 0 insertions(+), 244 deletions(-) delete mode 100644 patches.suse/netfilter-ipv4options
Could you please add a kernel-source.changes entry as well? Thanks! Jiri -- Jiri Benc SUSE Labs -- To unsubscribe, e-mail: opensuse-kernel+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-kernel+help@opensuse.org
On Wednesday 2010-01-27 12:17, Jiri Benc wrote:
On Tue, 26 Jan 2010 00:43:13 +0100, Jan Engelhardt wrote:
Patch-o-matic is not supported upstream nor sidestream; please use xt_ipv4options from Xtables-addons instead.
References: https://bugzilla.novell.com/490142
patches.suse/netfilter-ipv4options | 243 ------------------------------------ series.conf | 1 - 2 files changed, 0 insertions(+), 244 deletions(-) delete mode 100644 patches.suse/netfilter-ipv4options
Could you please add a kernel-source.changes entry as well?
The branch has now been updated. -- To unsubscribe, e-mail: opensuse-kernel+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-kernel+help@opensuse.org
participants (2)
-
Jan Engelhardt -
Jiri Benc