Patch-o-matic is not supported upstream nor sidestream;
please use xt_ipv4options from Xtables-addons instead.
References: https://bugzilla.novell.com/490142
---
patches.suse/netfilter-ipv4options | 243 ------------------------------------
series.conf | 1 -
2 files changed, 0 insertions(+), 244 deletions(-)
delete mode 100644 patches.suse/netfilter-ipv4options
diff --git a/patches.suse/netfilter-ipv4options b/patches.suse/netfilter-ipv4options
deleted file mode 100644
index 2636b50..0000000
--- a/patches.suse/netfilter-ipv4options
+++ /dev/null
@@ -1,243 +0,0 @@
-From: Fabrice MARIE
-From: Harald Welte
-Subject: netfilter ipv4options match from patch-o-matic-ng
-References: bnc#131728 - FATE#182
-Patch-mainline: no
-
-This is a module which is used to match ipv4 options.
-
-Updated-by: Jeff Mahoney
-
-Acked-by: Olaf Kirch
-Acked-by: Jaroslav Kysela
-Updated-by: Jiri Bohac
-
-Index: work/include/linux/netfilter_ipv4/ipt_ipv4options.h
-===================================================================
---- /dev/null 1970-01-01 00:00:00.000000000 +0000
-+++ work/include/linux/netfilter_ipv4/ipt_ipv4options.h 2009-12-04 21:35:30.000000000 +0100
-@@ -0,0 +1,21 @@
-+#ifndef __ipt_ipv4options_h_included__
-+#define __ipt_ipv4options_h_included__
-+
-+#define IPT_IPV4OPTION_MATCH_SSRR 0x01 /* For strict source routing */
-+#define IPT_IPV4OPTION_MATCH_LSRR 0x02 /* For loose source routing */
-+#define IPT_IPV4OPTION_DONT_MATCH_SRR 0x04 /* any source routing */
-+#define IPT_IPV4OPTION_MATCH_RR 0x08 /* For Record route */
-+#define IPT_IPV4OPTION_DONT_MATCH_RR 0x10
-+#define IPT_IPV4OPTION_MATCH_TIMESTAMP 0x20 /* For timestamp request */
-+#define IPT_IPV4OPTION_DONT_MATCH_TIMESTAMP 0x40
-+#define IPT_IPV4OPTION_MATCH_ROUTER_ALERT 0x80 /* For router-alert */
-+#define IPT_IPV4OPTION_DONT_MATCH_ROUTER_ALERT 0x100
-+#define IPT_IPV4OPTION_MATCH_ANY_OPT 0x200 /* match packet with any option */
-+#define IPT_IPV4OPTION_DONT_MATCH_ANY_OPT 0x400 /* match packet with no option */
-+
-+struct ipt_ipv4options_info {
-+ u_int16_t options;
-+};
-+
-+
-+#endif /* __ipt_ipv4options_h_included__ */
-Index: work/net/ipv4/netfilter/Kconfig
-===================================================================
---- work.orig/net/ipv4/netfilter/Kconfig 2009-12-03 04:51:21.000000000 +0100
-+++ work/net/ipv4/netfilter/Kconfig 2009-12-04 21:35:30.000000000 +0100
-@@ -101,6 +101,20 @@ config IP_NF_MATCH_TTL
- (e.g. when running oldconfig). It selects
- CONFIG_NETFILTER_XT_MATCH_HL.
-
-+config IP_NF_MATCH_IPV4OPTIONS
-+ tristate 'IPV4OPTIONS match support'
-+ depends on IP_NF_IPTABLES
-+ help
-+ This option adds a IPV4OPTIONS match.
-+ It allows you to filter options like source routing,
-+ record route, timestamp and router-altert.
-+
-+ If you say Y here, try iptables -m ipv4options --help for more information.
-+
-+ If you want to compile it as a module, say M here and read
-+ Documentation/modules.txt. If unsure, say 'N'.
-+
-+
- # `filter', generic and specific targets
- config IP_NF_FILTER
- tristate "Packet filtering"
-Index: work/net/ipv4/netfilter/Makefile
-===================================================================
---- work.orig/net/ipv4/netfilter/Makefile 2009-12-03 04:51:21.000000000 +0100
-+++ work/net/ipv4/netfilter/Makefile 2009-12-04 21:35:30.000000000 +0100
-@@ -51,6 +51,7 @@ obj-$(CONFIG_IP_NF_SECURITY) += iptable_
- obj-$(CONFIG_IP_NF_MATCH_ADDRTYPE) += ipt_addrtype.o
- obj-$(CONFIG_IP_NF_MATCH_AH) += ipt_ah.o
- obj-$(CONFIG_IP_NF_MATCH_ECN) += ipt_ecn.o
-+obj-$(CONFIG_IP_NF_MATCH_IPV4OPTIONS) += ipt_ipv4options.o
-
- # targets
- obj-$(CONFIG_IP_NF_TARGET_CLUSTERIP) += ipt_CLUSTERIP.o
-Index: work/net/ipv4/netfilter/ipt_ipv4options.c
-===================================================================
---- /dev/null 1970-01-01 00:00:00.000000000 +0000
-+++ work/net/ipv4/netfilter/ipt_ipv4options.c 2009-12-04 21:44:21.000000000 +0100
-@@ -0,0 +1,161 @@
-+/*
-+ This is a module which is used to match ipv4 options.
-+ This file is distributed under the terms of the GNU General Public
-+ License (GPL). Copies of the GPL can be obtained from:
-+ ftp://prep.ai.mit.edu/pub/gnu/GPL
-+
-+ 11-mars-2001 Fabrice MARIE : initial development.
-+ 12-july-2001 Fabrice MARIE : added router-alert otions matching. Fixed a bug with no-srr
-+ 12-august-2001 Imran Patel : optimization of the match.
-+ 18-november-2001 Fabrice MARIE : added [!] 'any' option match.
-+ 19-february-2004 Harald Welte : merge with 2.6.x
-+*/
-+
-+#include
-+#include
-+#include
-+
-+#include
-+#include
-+
-+MODULE_LICENSE("GPL");
-+MODULE_AUTHOR("Fabrice Marie ");
-+
-+static bool
-+match(const struct sk_buff *skb, const struct xt_match_param *par)
-+{
-+ const struct ipt_ipv4options_info *info = par->matchinfo; /* match info for rule */
-+ const struct iphdr *iph = ip_hdr(skb);
-+ const struct ip_options *opt;
-+
-+ if (iph->ihl * 4 == sizeof(struct iphdr)) {
-+ /* No options, so we match only the "DONTs" and the "IGNOREs" */
-+
-+ if (((info->options & IPT_IPV4OPTION_MATCH_ANY_OPT) == IPT_IPV4OPTION_MATCH_ANY_OPT) ||
-+ ((info->options & IPT_IPV4OPTION_MATCH_SSRR) == IPT_IPV4OPTION_MATCH_SSRR) ||
-+ ((info->options & IPT_IPV4OPTION_MATCH_LSRR) == IPT_IPV4OPTION_MATCH_LSRR) ||
-+ ((info->options & IPT_IPV4OPTION_MATCH_RR) == IPT_IPV4OPTION_MATCH_RR) ||
-+ ((info->options & IPT_IPV4OPTION_MATCH_TIMESTAMP) == IPT_IPV4OPTION_MATCH_TIMESTAMP) ||
-+ ((info->options & IPT_IPV4OPTION_MATCH_ROUTER_ALERT) == IPT_IPV4OPTION_MATCH_ROUTER_ALERT))
-+ return 0;
-+ return 1;
-+ }
-+ else {
-+ if ((info->options & IPT_IPV4OPTION_MATCH_ANY_OPT) == IPT_IPV4OPTION_MATCH_ANY_OPT)
-+ /* there are options, and we don't need to care which one */
-+ return 1;
-+ else {
-+ if ((info->options & IPT_IPV4OPTION_DONT_MATCH_ANY_OPT) == IPT_IPV4OPTION_DONT_MATCH_ANY_OPT)
-+ /* there are options but we don't want any ! */
-+ return 0;
-+ }
-+ }
-+
-+ opt = &(IPCB(skb)->opt);
-+
-+ /* source routing */
-+ if ((info->options & IPT_IPV4OPTION_MATCH_SSRR) == IPT_IPV4OPTION_MATCH_SSRR) {
-+ if (!((opt->srr) && (opt->is_strictroute)))
-+ return 0;
-+ }
-+ else if ((info->options & IPT_IPV4OPTION_MATCH_LSRR) == IPT_IPV4OPTION_MATCH_LSRR) {
-+ if (!((opt->srr) && (!opt->is_strictroute)))
-+ return 0;
-+ }
-+ else if ((info->options & IPT_IPV4OPTION_DONT_MATCH_SRR) == IPT_IPV4OPTION_DONT_MATCH_SRR) {
-+ if (opt->srr)
-+ return 0;
-+ }
-+ /* record route */
-+ if ((info->options & IPT_IPV4OPTION_MATCH_RR) == IPT_IPV4OPTION_MATCH_RR) {
-+ if (!opt->rr)
-+ return 0;
-+ }
-+ else if ((info->options & IPT_IPV4OPTION_DONT_MATCH_RR) == IPT_IPV4OPTION_DONT_MATCH_RR) {
-+ if (opt->rr)
-+ return 0;
-+ }
-+ /* timestamp */
-+ if ((info->options & IPT_IPV4OPTION_MATCH_TIMESTAMP) == IPT_IPV4OPTION_MATCH_TIMESTAMP) {
-+ if (!opt->ts)
-+ return 0;
-+ }
-+ else if ((info->options & IPT_IPV4OPTION_DONT_MATCH_TIMESTAMP) == IPT_IPV4OPTION_DONT_MATCH_TIMESTAMP) {
-+ if (opt->ts)
-+ return 0;
-+ }
-+ /* router-alert option */
-+ if ((info->options & IPT_IPV4OPTION_MATCH_ROUTER_ALERT) == IPT_IPV4OPTION_MATCH_ROUTER_ALERT) {
-+ if (!opt->router_alert)
-+ return 0;
-+ }
-+ else if ((info->options & IPT_IPV4OPTION_DONT_MATCH_ROUTER_ALERT) == IPT_IPV4OPTION_DONT_MATCH_ROUTER_ALERT) {
-+ if (opt->router_alert)
-+ return 0;
-+ }
-+
-+ /* we match ! */
-+ return 1;
-+}
-+
-+static bool checkentry(const struct xt_mtchk_param *par)
-+{
-+ const struct ipt_ipv4options_info *info = par->matchinfo; /* match info for rule */
-+ /* Now check the coherence of the data ... */
-+ if (((info->options & IPT_IPV4OPTION_MATCH_ANY_OPT) == IPT_IPV4OPTION_MATCH_ANY_OPT) &&
-+ (((info->options & IPT_IPV4OPTION_DONT_MATCH_SRR) == IPT_IPV4OPTION_DONT_MATCH_SRR) ||
-+ ((info->options & IPT_IPV4OPTION_DONT_MATCH_RR) == IPT_IPV4OPTION_DONT_MATCH_RR) ||
-+ ((info->options & IPT_IPV4OPTION_DONT_MATCH_TIMESTAMP) == IPT_IPV4OPTION_DONT_MATCH_TIMESTAMP) ||
-+ ((info->options & IPT_IPV4OPTION_DONT_MATCH_ROUTER_ALERT) == IPT_IPV4OPTION_DONT_MATCH_ROUTER_ALERT) ||
-+ ((info->options & IPT_IPV4OPTION_DONT_MATCH_ANY_OPT) == IPT_IPV4OPTION_DONT_MATCH_ANY_OPT)))
-+ return 0; /* opposites */
-+ if (((info->options & IPT_IPV4OPTION_DONT_MATCH_ANY_OPT) == IPT_IPV4OPTION_DONT_MATCH_ANY_OPT) &&
-+ (((info->options & IPT_IPV4OPTION_MATCH_LSRR) == IPT_IPV4OPTION_MATCH_LSRR) ||
-+ ((info->options & IPT_IPV4OPTION_MATCH_SSRR) == IPT_IPV4OPTION_MATCH_SSRR) ||
-+ ((info->options & IPT_IPV4OPTION_MATCH_RR) == IPT_IPV4OPTION_MATCH_RR) ||
-+ ((info->options & IPT_IPV4OPTION_MATCH_TIMESTAMP) == IPT_IPV4OPTION_MATCH_TIMESTAMP) ||
-+ ((info->options & IPT_IPV4OPTION_MATCH_ROUTER_ALERT) == IPT_IPV4OPTION_MATCH_ROUTER_ALERT) ||
-+ ((info->options & IPT_IPV4OPTION_MATCH_ANY_OPT) == IPT_IPV4OPTION_MATCH_ANY_OPT)))
-+ return 0; /* opposites */
-+ if (((info->options & IPT_IPV4OPTION_MATCH_SSRR) == IPT_IPV4OPTION_MATCH_SSRR) &&
-+ ((info->options & IPT_IPV4OPTION_MATCH_LSRR) == IPT_IPV4OPTION_MATCH_LSRR))
-+ return 0; /* cannot match in the same time loose and strict source routing */
-+ if ((((info->options & IPT_IPV4OPTION_MATCH_SSRR) == IPT_IPV4OPTION_MATCH_SSRR) ||
-+ ((info->options & IPT_IPV4OPTION_MATCH_LSRR) == IPT_IPV4OPTION_MATCH_LSRR)) &&
-+ ((info->options & IPT_IPV4OPTION_DONT_MATCH_SRR) == IPT_IPV4OPTION_DONT_MATCH_SRR))
-+ return 0; /* opposites */
-+ if (((info->options & IPT_IPV4OPTION_MATCH_RR) == IPT_IPV4OPTION_MATCH_RR) &&
-+ ((info->options & IPT_IPV4OPTION_DONT_MATCH_RR) == IPT_IPV4OPTION_DONT_MATCH_RR))
-+ return 0; /* opposites */
-+ if (((info->options & IPT_IPV4OPTION_MATCH_TIMESTAMP) == IPT_IPV4OPTION_MATCH_TIMESTAMP) &&
-+ ((info->options & IPT_IPV4OPTION_DONT_MATCH_TIMESTAMP) == IPT_IPV4OPTION_DONT_MATCH_TIMESTAMP))
-+ return 0; /* opposites */
-+ if (((info->options & IPT_IPV4OPTION_MATCH_ROUTER_ALERT) == IPT_IPV4OPTION_MATCH_ROUTER_ALERT) &&
-+ ((info->options & IPT_IPV4OPTION_DONT_MATCH_ROUTER_ALERT) == IPT_IPV4OPTION_DONT_MATCH_ROUTER_ALERT))
-+ return 0; /* opposites */
-+
-+ /* everything looks ok. */
-+ return 1;
-+}
-+
-+static struct xt_match ipv4options_match = {
-+ .name = "ipv4options",
-+ .family = NFPROTO_IPV4,
-+ .match = match,
-+ .matchsize = sizeof(struct ipt_ipv4options_info),
-+ .checkentry = checkentry,
-+ .me = THIS_MODULE
-+};
-+
-+static int __init init(void)
-+{
-+ return xt_register_match(&ipv4options_match);
-+}
-+
-+static void __exit fini(void)
-+{
-+ xt_unregister_match(&ipv4options_match);
-+}
-+
-+module_init(init);
-+module_exit(fini);
diff --git a/series.conf b/series.conf
index f626095..e9f3c7e 100644
--- a/series.conf
+++ b/series.conf
@@ -663,7 +663,6 @@
patches.suse/netfilter-ip_conntrack_slp.patch
patches.fixes/fix-nf_conntrack_slp
patches.fixes/netfilter-remove-pointless-config_nf_ct_acct-warning
- patches.suse/netfilter-ipv4options
########################################################
#
--
1.6.6
--
To unsubscribe, e-mail: opensuse-kernel+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-kernel+help@opensuse.org
Jan Engelhardt
Jiri Benc