[NETFILTER 15/49]: ip_tables: remove obsolete SAME target

[Patrick McHardy <kaber@trash.net>]

[NETFILTER]: ip_tables: remove obsolete SAME target

Remove the ipt_SAME target as scheduled in feature-removal-schedule.

Signed-off-by: Patrick McHardy <kaber@trash.net>

---
commit cd5e5ce6b1f5ca260806c7ed72418d4b1a8e9e1f
tree 649ade75a1cdb2c394b95d68488c443d9f3cd630
parent 76a21a5927f267f96a9049c77627d2983652686a
author Patrick McHardy <kaber@trash.net> Tue, 04 Dec 2007 10:47:07 +0100
committer Patrick McHardy <kaber@trash.net> Tue, 04 Dec 2007 11:24:38 +0100

 Documentation/feature-removal-schedule.txt |    9 -
 net/ipv4/netfilter/Kconfig                 |    9 -
 net/ipv4/netfilter/Makefile                |    1 
 net/ipv4/netfilter/ipt_SAME.c              |  174 ----------------------------
 4 files changed, 0 insertions(+), 193 deletions(-)

diff --git a/Documentation/feature-removal-schedule.txt b/Documentation/feature-removal-schedule.txt
index aeaa129..c9c3603 100644
--- a/Documentation/feature-removal-schedule.txt
+++ b/Documentation/feature-removal-schedule.txt
@@ -273,15 +273,6 @@ Who:	Jean Delvare <khali@linux-fr.org>
 
 ---------------------------
 
-What:	iptables SAME target
-When:	1.1. 2008
-Files:	net/ipv4/netfilter/ipt_SAME.c, include/linux/netfilter_ipv4/ipt_SAME.h
-Why:	Obsolete for multiple years now, NAT core provides the same behaviour.
-	Unfixable broken wrt. 32/64 bit cleanness.
-Who:	Patrick McHardy <kaber@trash.net>
-
----------------------------
-
 What: The arch/ppc and include/asm-ppc directories
 When: Jun 2008
 Why:  The arch/powerpc tree is the merged architecture for ppc32 and ppc64
diff --git a/net/ipv4/netfilter/Kconfig b/net/ipv4/netfilter/Kconfig
index b11231d..ad26f66 100644
--- a/net/ipv4/netfilter/Kconfig
+++ b/net/ipv4/netfilter/Kconfig
@@ -211,15 +211,6 @@ config IP_NF_TARGET_NETMAP
 
 	  To compile it as a module, choose M here.  If unsure, say N.
 
-config IP_NF_TARGET_SAME
-	tristate "SAME target support (OBSOLETE)"
-	depends on NF_NAT
-	help
-	  This option adds a `SAME' target, which works like the standard SNAT
-	  target, but attempts to give clients the same IP for all connections.
-
-	  To compile it as a module, choose M here.  If unsure, say N.
-
 config NF_NAT_SNMP_BASIC
 	tristate "Basic SNMP-ALG support (EXPERIMENTAL)"
 	depends on EXPERIMENTAL && NF_NAT
diff --git a/net/ipv4/netfilter/Makefile b/net/ipv4/netfilter/Makefile
index 2fc0561..fd7d4a5 100644
--- a/net/ipv4/netfilter/Makefile
+++ b/net/ipv4/netfilter/Makefile
@@ -56,7 +56,6 @@ obj-$(CONFIG_IP_NF_TARGET_MASQUERADE) += ipt_MASQUERADE.o
 obj-$(CONFIG_IP_NF_TARGET_NETMAP) += ipt_NETMAP.o
 obj-$(CONFIG_IP_NF_TARGET_REDIRECT) += ipt_REDIRECT.o
 obj-$(CONFIG_IP_NF_TARGET_REJECT) += ipt_REJECT.o
-obj-$(CONFIG_IP_NF_TARGET_SAME) += ipt_SAME.o
 obj-$(CONFIG_IP_NF_TARGET_TTL) += ipt_TTL.o
 obj-$(CONFIG_IP_NF_TARGET_ULOG) += ipt_ULOG.o
 
diff --git a/net/ipv4/netfilter/ipt_SAME.c b/net/ipv4/netfilter/ipt_SAME.c
deleted file mode 100644
index a43923d..0000000
--- a/net/ipv4/netfilter/ipt_SAME.c
+++ /dev/null
@@ -1,174 +0,0 @@
-/* Same.  Just like SNAT, only try to make the connections
- * 	  between client A and server B always have the same source ip.
- *
- * (C) 2000 Paul `Rusty' Russell
- * (C) 2001 Martin Josefsson
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation.
- */
-#include <linux/types.h>
-#include <linux/ip.h>
-#include <linux/timer.h>
-#include <linux/module.h>
-#include <linux/netfilter.h>
-#include <linux/netdevice.h>
-#include <linux/if.h>
-#include <linux/inetdevice.h>
-#include <net/protocol.h>
-#include <net/checksum.h>
-#include <linux/netfilter_ipv4.h>
-#include <linux/netfilter/x_tables.h>
-#include <net/netfilter/nf_nat_rule.h>
-#include <linux/netfilter_ipv4/ipt_SAME.h>
-
-MODULE_LICENSE("GPL");
-MODULE_AUTHOR("Martin Josefsson <gandalf@wlug.westbo.se>");
-MODULE_DESCRIPTION("iptables special SNAT module for consistent sourceip");
-
-static bool
-same_tg_check(const char *tablename, const void *e,
-              const struct xt_target *target, void *targinfo,
-              unsigned int hook_mask)
-{
-	unsigned int count, countess, rangeip, index = 0;
-	struct ipt_same_info *mr = targinfo;
-
-	mr->ipnum = 0;
-
-	if (mr->rangesize < 1) {
-		pr_debug("same_check: need at least one dest range.\n");
-		return false;
-	}
-	if (mr->rangesize > IPT_SAME_MAX_RANGE) {
-		pr_debug("same_check: too many ranges specified, maximum "
-			 "is %u ranges\n", IPT_SAME_MAX_RANGE);
-		return false;
-	}
-	for (count = 0; count < mr->rangesize; count++) {
-		if (ntohl(mr->range[count].min_ip) >
-				ntohl(mr->range[count].max_ip)) {
-			pr_debug("same_check: min_ip is larger than max_ip in "
-				 "range `%u.%u.%u.%u-%u.%u.%u.%u'.\n",
-				 NIPQUAD(mr->range[count].min_ip),
-				 NIPQUAD(mr->range[count].max_ip));
-			return false;
-		}
-		if (!(mr->range[count].flags & IP_NAT_RANGE_MAP_IPS)) {
-			pr_debug("same_check: bad MAP_IPS.\n");
-			return false;
-		}
-		rangeip = (ntohl(mr->range[count].max_ip) -
-					ntohl(mr->range[count].min_ip) + 1);
-		mr->ipnum += rangeip;
-
-		pr_debug("same_check: range %u, ipnum = %u\n", count, rangeip);
-	}
-	pr_debug("same_check: total ipaddresses = %u\n", mr->ipnum);
-
-	mr->iparray = kmalloc((sizeof(u_int32_t) * mr->ipnum), GFP_KERNEL);
-	if (!mr->iparray) {
-		pr_debug("same_check: Couldn't allocate %Zu bytes "
-			 "for %u ipaddresses!\n",
-			 (sizeof(u_int32_t) * mr->ipnum), mr->ipnum);
-		return false;
-	}
-	pr_debug("same_check: Allocated %Zu bytes for %u ipaddresses.\n",
-		 (sizeof(u_int32_t) * mr->ipnum), mr->ipnum);
-
-	for (count = 0; count < mr->rangesize; count++) {
-		for (countess = ntohl(mr->range[count].min_ip);
-				countess <= ntohl(mr->range[count].max_ip);
-					countess++) {
-			mr->iparray[index] = countess;
-			pr_debug("same_check: Added ipaddress `%u.%u.%u.%u' "
-				 "in index %u.\n", HIPQUAD(countess), index);
-			index++;
-		}
-	}
-	return true;
-}
-
-static void same_tg_destroy(const struct xt_target *target, void *targinfo)
-{
-	struct ipt_same_info *mr = targinfo;
-
-	kfree(mr->iparray);
-
-	pr_debug("same_destroy: Deallocated %Zu bytes for %u ipaddresses.\n",
-		 (sizeof(u_int32_t) * mr->ipnum), mr->ipnum);
-}
-
-static unsigned int
-same_tg(struct sk_buff *skb, const struct net_device *in,
-        const struct net_device *out, unsigned int hooknum,
-        const struct xt_target *target, const void *targinfo)
-{
-	struct nf_conn *ct;
-	enum ip_conntrack_info ctinfo;
-	u_int32_t tmpip, aindex;
-	__be32 new_ip;
-	const struct ipt_same_info *same = targinfo;
-	struct nf_nat_range newrange;
-	const struct nf_conntrack_tuple *t;
-
-	NF_CT_ASSERT(hooknum == NF_INET_PRE_ROUTING ||
-			hooknum == NF_INET_POST_ROUTING);
-	ct = nf_ct_get(skb, &ctinfo);
-
-	t = &ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple;
-
-	/* Base new source on real src ip and optionally dst ip,
-	   giving some hope for consistency across reboots.
-	   Here we calculate the index in same->iparray which
-	   holds the ipaddress we should use */
-
-	tmpip = ntohl(t->src.u3.ip);
-
-	if (!(same->info & IPT_SAME_NODST))
-		tmpip += ntohl(t->dst.u3.ip);
-	aindex = tmpip % same->ipnum;
-
-	new_ip = htonl(same->iparray[aindex]);
-
-	pr_debug("ipt_SAME: src=%u.%u.%u.%u dst=%u.%u.%u.%u, "
-		 "new src=%u.%u.%u.%u\n",
-		 NIPQUAD(t->src.u3.ip), NIPQUAD(t->dst.u3.ip), NIPQUAD(new_ip));
-
-	/* Transfer from original range. */
-	newrange = ((struct nf_nat_range)
-		{ same->range[0].flags, new_ip, new_ip,
-		  /* FIXME: Use ports from correct range! */
-		  same->range[0].min, same->range[0].max });
-
-	/* Hand modified range to generic setup. */
-	return nf_nat_setup_info(ct, &newrange, hooknum);
-}
-
-static struct xt_target same_tg_reg __read_mostly = {
-	.name		= "SAME",
-	.family		= AF_INET,
-	.target		= same_tg,
-	.targetsize	= sizeof(struct ipt_same_info),
-	.table		= "nat",
-	.hooks		= (1 << NF_INET_PRE_ROUTING) |
-			  (1 << NF_INET_POST_ROUTING),
-	.checkentry	= same_tg_check,
-	.destroy	= same_tg_destroy,
-	.me		= THIS_MODULE,
-};
-
-static int __init same_tg_init(void)
-{
-	return xt_register_target(&same_tg_reg);
-}
-
-static void __exit same_tg_exit(void)
-{
-	xt_unregister_target(&same_tg_reg);
-}
-
-module_init(same_tg_init);
-module_exit(same_tg_exit);
-