From eb81d2d1629a0ecc62066ca593d55e97485d1408 Mon Sep 17 00:00:00 2001 From: nbd Date: Sat, 26 Jun 2010 20:42:18 +0000 Subject: remove generic linux 2.4 support git-svn-id: svn://svn.openwrt.org/openwrt/trunk@21948 3c298f89-4303-0410-b956-a3cf2f4a3e73 --- .../patches/607-netfilter_connmark.patch | 340 --------------------- 1 file changed, 340 deletions(-) delete mode 100644 target/linux/generic-2.4/patches/607-netfilter_connmark.patch (limited to 'target/linux/generic-2.4/patches/607-netfilter_connmark.patch') diff --git a/target/linux/generic-2.4/patches/607-netfilter_connmark.patch b/target/linux/generic-2.4/patches/607-netfilter_connmark.patch deleted file mode 100644 index 3d3c947da..000000000 --- a/target/linux/generic-2.4/patches/607-netfilter_connmark.patch +++ /dev/null @@ -1,340 +0,0 @@ ---- a/include/linux/netfilter_ipv4/ip_conntrack.h -+++ b/include/linux/netfilter_ipv4/ip_conntrack.h -@@ -218,6 +218,9 @@ struct ip_conntrack - unsigned int app_data_len; - } layer7; - #endif -+#if defined(CONFIG_IP_NF_CONNTRACK_MARK) -+ unsigned long mark; -+#endif - }; - - /* get master conntrack via master expectation */ ---- /dev/null -+++ b/include/linux/netfilter_ipv4/ipt_CONNMARK.h -@@ -0,0 +1,25 @@ -+#ifndef _IPT_CONNMARK_H_target -+#define _IPT_CONNMARK_H_target -+ -+/* Copyright (C) 2002,2004 MARA Systems AB -+ * by Henrik Nordstrom -+ * -+ * This program is free software; you can redistribute it and/or modify -+ * it under the terms of the GNU General Public License as published by -+ * the Free Software Foundation; either version 2 of the License, or -+ * (at your option) any later version. -+ */ -+ -+enum { -+ IPT_CONNMARK_SET = 0, -+ IPT_CONNMARK_SAVE, -+ IPT_CONNMARK_RESTORE -+}; -+ -+struct ipt_connmark_target_info { -+ unsigned long mark; -+ unsigned long mask; -+ u_int8_t mode; -+}; -+ -+#endif /*_IPT_CONNMARK_H_target*/ ---- /dev/null -+++ b/include/linux/netfilter_ipv4/ipt_connmark.h -@@ -0,0 +1,18 @@ -+#ifndef _IPT_CONNMARK_H -+#define _IPT_CONNMARK_H -+ -+/* Copyright (C) 2002,2004 MARA Systems AB -+ * by Henrik Nordstrom -+ * -+ * This program is free software; you can redistribute it and/or modify -+ * it under the terms of the GNU General Public License as published by -+ * the Free Software Foundation; either version 2 of the License, or -+ * (at your option) any later version. -+ */ -+ -+struct ipt_connmark_info { -+ unsigned long mark, mask; -+ u_int8_t invert; -+}; -+ -+#endif /*_IPT_CONNMARK_H*/ ---- a/net/ipv4/netfilter/Config.in -+++ b/net/ipv4/netfilter/Config.in -@@ -6,6 +6,7 @@ comment ' IP: Netfilter Configuration' - - tristate 'Connection tracking (required for masq/NAT)' CONFIG_IP_NF_CONNTRACK - if [ "$CONFIG_IP_NF_CONNTRACK" != "n" ]; then -+ bool ' Connection mark tracking support' CONFIG_IP_NF_CONNTRACK_MARK - dep_tristate ' FTP protocol support' CONFIG_IP_NF_FTP $CONFIG_IP_NF_CONNTRACK - dep_tristate ' Amanda protocol support' CONFIG_IP_NF_AMANDA $CONFIG_IP_NF_CONNTRACK - dep_tristate ' TFTP protocol support' CONFIG_IP_NF_TFTP $CONFIG_IP_NF_CONNTRACK -@@ -40,6 +41,9 @@ if [ "$CONFIG_IP_NF_IPTABLES" != "n" ]; - if [ "$CONFIG_IP_NF_CONNTRACK" != "n" ]; then - dep_tristate ' Connection state match support' CONFIG_IP_NF_MATCH_STATE $CONFIG_IP_NF_CONNTRACK $CONFIG_IP_NF_IPTABLES - dep_tristate ' Connection tracking match support' CONFIG_IP_NF_MATCH_CONNTRACK $CONFIG_IP_NF_CONNTRACK $CONFIG_IP_NF_IPTABLES -+ if [ "$CONFIG_IP_NF_CONNTRACK_MARK" != "n" ]; then -+ dep_tristate ' Connection mark match support' CONFIG_IP_NF_MATCH_CONNMARK $CONFIG_IP_NF_IPTABLES -+ fi - fi - if [ "$CONFIG_EXPERIMENTAL" = "y" ]; then - dep_tristate ' Unclean match support (EXPERIMENTAL)' CONFIG_IP_NF_MATCH_UNCLEAN $CONFIG_IP_NF_IPTABLES -@@ -110,6 +114,9 @@ if [ "$CONFIG_IP_NF_IPTABLES" != "n" ]; - dep_tristate ' MARK target support' CONFIG_IP_NF_TARGET_MARK $CONFIG_IP_NF_MANGLE - dep_tristate ' CLASSIFY target support (EXPERIMENTAL)' CONFIG_IP_NF_TARGET_CLASSIFY $CONFIG_IP_NF_MANGLE - fi -+ if [ "$CONFIG_IP_NF_CONNTRACK_MARK" != "n" ]; then -+ dep_tristate ' CONNMARK target support' CONFIG_IP_NF_TARGET_CONNMARK $CONFIG_IP_NF_IPTABLES -+ fi - dep_tristate ' LOG target support' CONFIG_IP_NF_TARGET_LOG $CONFIG_IP_NF_IPTABLES - dep_tristate ' TTL target support' CONFIG_IP_NF_TARGET_TTL $CONFIG_IP_NF_IPTABLES - dep_tristate ' ULOG target support' CONFIG_IP_NF_TARGET_ULOG $CONFIG_IP_NF_IPTABLES ---- a/net/ipv4/netfilter/Makefile -+++ b/net/ipv4/netfilter/Makefile -@@ -84,6 +84,7 @@ obj-$(CONFIG_IP_NF_MATCH_LENGTH) += ipt_ - - obj-$(CONFIG_IP_NF_MATCH_TTL) += ipt_ttl.o - obj-$(CONFIG_IP_NF_MATCH_STATE) += ipt_state.o -+obj-$(CONFIG_IP_NF_MATCH_CONNMARK) += ipt_connmark.o - obj-$(CONFIG_IP_NF_MATCH_CONNTRACK) += ipt_conntrack.o - obj-$(CONFIG_IP_NF_MATCH_UNCLEAN) += ipt_unclean.o - obj-$(CONFIG_IP_NF_MATCH_TCPMSS) += ipt_tcpmss.o -@@ -102,6 +103,7 @@ obj-$(CONFIG_IP_NF_TARGET_REDIRECT) += i - obj-$(CONFIG_IP_NF_TARGET_NETMAP) += ipt_NETMAP.o - obj-$(CONFIG_IP_NF_NAT_SNMP_BASIC) += ip_nat_snmp_basic.o - obj-$(CONFIG_IP_NF_TARGET_LOG) += ipt_LOG.o -+obj-$(CONFIG_IP_NF_TARGET_CONNMARK) += ipt_CONNMARK.o - obj-$(CONFIG_IP_NF_TARGET_TTL) += ipt_TTL.o - obj-$(CONFIG_IP_NF_TARGET_ULOG) += ipt_ULOG.o - obj-$(CONFIG_IP_NF_TARGET_TCPMSS) += ipt_TCPMSS.o ---- a/net/ipv4/netfilter/ip_conntrack_core.c -+++ b/net/ipv4/netfilter/ip_conntrack_core.c -@@ -750,6 +750,9 @@ init_conntrack(const struct ip_conntrack - __set_bit(IPS_EXPECTED_BIT, &conntrack->status); - conntrack->master = expected; - expected->sibling = conntrack; -+#ifdef CONFIG_IP_NF_CONNTRACK_MARK -+ conntrack->mark = expected->expectant->mark; -+#endif - LIST_DELETE(&ip_conntrack_expect_list, expected); - expected->expectant->expecting--; - nf_conntrack_get(&master_ct(conntrack)->infos[0]); ---- a/net/ipv4/netfilter/ip_conntrack_standalone.c -+++ b/net/ipv4/netfilter/ip_conntrack_standalone.c -@@ -107,6 +107,9 @@ print_conntrack(char *buffer, struct ip_ - len += sprintf(buffer + len, "[ASSURED] "); - len += sprintf(buffer + len, "use=%u ", - atomic_read(&conntrack->ct_general.use)); -+ #if defined(CONFIG_IP_NF_CONNTRACK_MARK) -+ len += sprintf(buffer + len, "mark=%ld ", conntrack->mark); -+ #endif - - #if defined(CONFIG_IP_NF_MATCH_LAYER7) || defined(CONFIG_IP_NF_MATCH_LAYER7_MODULE) - if(conntrack->layer7.app_proto) ---- /dev/null -+++ b/net/ipv4/netfilter/ipt_CONNMARK.c -@@ -0,0 +1,118 @@ -+/* This kernel module is used to modify the connection mark values, or -+ * to optionally restore the skb nfmark from the connection mark -+ * -+ * Copyright (C) 2002,2004 MARA Systems AB -+ * by Henrik Nordstrom -+ * -+ * This program is free software; you can redistribute it and/or modify -+ * it under the terms of the GNU General Public License as published by -+ * the Free Software Foundation; either version 2 of the License, or -+ * (at your option) any later version. -+ * -+ * This program is distributed in the hope that it will be useful, -+ * but WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+ * GNU General Public License for more details. -+ * -+ * You should have received a copy of the GNU General Public License -+ * along with this program; if not, write to the Free Software -+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA -+ */ -+#include -+#include -+#include -+#include -+ -+MODULE_AUTHOR("Henrik Nordstrom "); -+MODULE_DESCRIPTION("IP tables CONNMARK matching module"); -+MODULE_LICENSE("GPL"); -+ -+#include -+#include -+#include -+ -+static unsigned int -+target(struct sk_buff **pskb, -+ unsigned int hooknum, -+ const struct net_device *in, -+ const struct net_device *out, -+ const void *targinfo, -+ void *userinfo) -+{ -+ const struct ipt_connmark_target_info *markinfo = targinfo; -+ unsigned long diff; -+ unsigned long nfmark; -+ unsigned long newmark; -+ -+ enum ip_conntrack_info ctinfo; -+ struct ip_conntrack *ct = ip_conntrack_get((*pskb), &ctinfo); -+ if (ct) { -+ switch(markinfo->mode) { -+ case IPT_CONNMARK_SET: -+ newmark = (ct->mark & ~markinfo->mask) | markinfo->mark; -+ if (newmark != ct->mark) -+ ct->mark = newmark; -+ break; -+ case IPT_CONNMARK_SAVE: -+ newmark = (ct->mark & ~markinfo->mask) | ((*pskb)->nfmark & markinfo->mask); -+ if (ct->mark != newmark) -+ ct->mark = newmark; -+ break; -+ case IPT_CONNMARK_RESTORE: -+ nfmark = (*pskb)->nfmark; -+ diff = (ct->mark ^ nfmark & markinfo->mask); -+ if (diff != 0) { -+ (*pskb)->nfmark = nfmark ^ diff; -+ (*pskb)->nfcache |= NFC_ALTERED; -+ } -+ break; -+ } -+ } -+ -+ return IPT_CONTINUE; -+} -+ -+static int -+checkentry(const char *tablename, -+ const struct ipt_entry *e, -+ void *targinfo, -+ unsigned int targinfosize, -+ unsigned int hook_mask) -+{ -+ struct ipt_connmark_target_info *matchinfo = targinfo; -+ if (targinfosize != IPT_ALIGN(sizeof(struct ipt_connmark_target_info))) { -+ printk(KERN_WARNING "CONNMARK: targinfosize %u != %Zu\n", -+ targinfosize, -+ IPT_ALIGN(sizeof(struct ipt_connmark_target_info))); -+ return 0; -+ } -+ -+ if (matchinfo->mode == IPT_CONNMARK_RESTORE) { -+ if (strcmp(tablename, "mangle") != 0) { -+ printk(KERN_WARNING "CONNMARK: restore can only be called from \"mangle\" table, not \"%s\"\n", tablename); -+ return 0; -+ } -+ } -+ -+ return 1; -+} -+ -+static struct ipt_target ipt_connmark_reg = { -+ .name = "CONNMARK", -+ .target = &target, -+ .checkentry = &checkentry, -+ .me = THIS_MODULE -+}; -+ -+static int __init init(void) -+{ -+ return ipt_register_target(&ipt_connmark_reg); -+} -+ -+static void __exit fini(void) -+{ -+ ipt_unregister_target(&ipt_connmark_reg); -+} -+ -+module_init(init); -+module_exit(fini); ---- /dev/null -+++ b/net/ipv4/netfilter/ipt_connmark.c -@@ -0,0 +1,83 @@ -+/* This kernel module matches connection mark values set by the -+ * CONNMARK target -+ * -+ * Copyright (C) 2002,2004 MARA Systems AB -+ * by Henrik Nordstrom -+ * -+ * This program is free software; you can redistribute it and/or modify -+ * it under the terms of the GNU General Public License as published by -+ * the Free Software Foundation; either version 2 of the License, or -+ * (at your option) any later version. -+ * -+ * This program is distributed in the hope that it will be useful, -+ * but WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+ * GNU General Public License for more details. -+ * -+ * You should have received a copy of the GNU General Public License -+ * along with this program; if not, write to the Free Software -+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA -+ */ -+ -+#include -+#include -+ -+MODULE_AUTHOR("Henrik Nordstrom "); -+MODULE_DESCRIPTION("IP tables connmark match module"); -+MODULE_LICENSE("GPL"); -+ -+#include -+#include -+#include -+ -+static int -+match(const struct sk_buff *skb, -+ const struct net_device *in, -+ const struct net_device *out, -+ const void *matchinfo, -+ int offset, -+ const void *hdr, -+ u_int16_t datalen, -+ int *hotdrop) -+{ -+ const struct ipt_connmark_info *info = matchinfo; -+ enum ip_conntrack_info ctinfo; -+ struct ip_conntrack *ct = ip_conntrack_get((struct sk_buff *)skb, &ctinfo); -+ if (!ct) -+ return 0; -+ -+ return ((ct->mark & info->mask) == info->mark) ^ info->invert; -+} -+ -+static int -+checkentry(const char *tablename, -+ const struct ipt_ip *ip, -+ void *matchinfo, -+ unsigned int matchsize, -+ unsigned int hook_mask) -+{ -+ if (matchsize != IPT_ALIGN(sizeof(struct ipt_connmark_info))) -+ return 0; -+ -+ return 1; -+} -+ -+static struct ipt_match connmark_match = { -+ .name = "connmark", -+ .match = &match, -+ .checkentry = &checkentry, -+ .me = THIS_MODULE -+}; -+ -+static int __init init(void) -+{ -+ return ipt_register_match(&connmark_match); -+} -+ -+static void __exit fini(void) -+{ -+ ipt_unregister_match(&connmark_match); -+} -+ -+module_init(init); -+module_exit(fini); -- cgit v1.2.3