MT#55283 drop support for ancient kernel versions

Minimum supported version is 4.4

Change-Id: I1eb0990259cf7ace768dbe116ac59779327ab195

docs/compiling_and_installing.md

@@ -117,12 +117,12 @@ test suite.
 
 * `kernel-module`
 
-	Required for in-kernel packet forwarding.
+	Required for in-kernel packet forwarding. Supported for kernels versions 4.4 and newer.
 
 	Compilation of the kernel module requires the kernel development headers to be installed in
 	`/lib/modules/$VERSION/build/`, where *$VERSION* is the output of the command `uname -r`. For
-	example, if the command `uname -r` produces the output `3.9-1-amd64`, then the kernel headers
-	must be present in `/lib/modules/3.9-1-amd64/build/`. The last component of this path (`build`)
+	example, if the command `uname -r` produces the output `4.19-1-amd64`, then the kernel headers
+	must be present in `/lib/modules/4.19-1-amd64/build/`. The last component of this path (`build`)
 	is usually a symlink somewhere into `/usr/src/`, which is fine.
 
 	Successful compilation of the module will produce the file `xt_RTPENGINE.ko`. The module can be inserted

kernel-module/xt_RTPENGINE.c

@@ -13,9 +13,7 @@
 #endif
 #include <crypto/aes.h>
 #include <crypto/hash.h>
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,25)
 #include <crypto/aead.h>
-#endif
 #include <net/icmp.h>
 #include <net/ip.h>
 #include <net/ipv6.h>
@@ -25,9 +23,7 @@
 #include <net/dst.h>
 #include <linux/proc_fs.h>
 #include <linux/spinlock.h>
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(3,0,0)
 #include <linux/bsearch.h>
-#endif
 #include <asm/atomic.h>
 #include <linux/netfilter_ipv4/ip_tables.h>
 #include <linux/netfilter_ipv4.h>
@@ -91,13 +87,9 @@ MODULE_ALIAS("ip6t_RTPENGINE");
 #define DBG(x...) ((void)0)
 #endif
 
-#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,35)
-#define xt_action_param xt_target_param
-#endif
-
 #if LINUX_VERSION_CODE >= KERNEL_VERSION(4,10,0)
 #define PAR_STATE_NET(p) (p)->state->net
-#else
+#else /* minimum 4.4.x */
 #define PAR_STATE_NET(p) (p)->net
 #endif
 
@@ -167,9 +159,7 @@ MODULE_ALIAS("ip6t_RTPENGINE");
 
 
 
-#if LINUX_VERSION_CODE < KERNEL_VERSION(3,10,0)
-#define PDE_DATA(i) (PDE(i)->data)
-#elif defined(RHEL_RELEASE_CODE) && LINUX_VERSION_CODE >= KERNEL_VERSION(5,14,0) && \
+#if defined(RHEL_RELEASE_CODE) && LINUX_VERSION_CODE >= KERNEL_VERSION(5,14,0) && \
 		RHEL_RELEASE_CODE >= RHEL_RELEASE_VERSION(9,1)
 #define PDE_DATA(i) pde_data(i)
 #elif LINUX_VERSION_CODE >= KERNEL_VERSION(5,17,0)
@@ -192,7 +182,6 @@ struct rtpengine_output;
 
 
 
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(3,10,0)
 static kuid_t proc_kuid;
 static uint proc_uid = 0;
 module_param(proc_uid, uint, 0444);
@@ -210,7 +199,6 @@ module_param(proc_mask, hexint, 0444);
 module_param(proc_mask, uint, 0444);
 #endif
 MODULE_PARM_DESC(proc_mask, "rtpengine procfs tree mode mask");
-#endif
 
 static uint stream_packets_list_limit = 10;
 module_param(stream_packets_list_limit, uint, 0444);
@@ -812,16 +800,10 @@ static inline struct proc_dir_entry *proc_mkdir_user(const char *name, umode_t m
 {
 	struct proc_dir_entry *ret;
 
-#if LINUX_VERSION_CODE < KERNEL_VERSION(3,0,0)
-	ret = create_proc_entry(name, S_IFDIR | mode, parent);
-#else
 	ret = proc_mkdir_mode(name, mode, parent);
-#endif
 	if (!ret)
 		return NULL;
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(3,10,0)
 	proc_set_user(ret, proc_kuid, proc_kgid);
-#endif
 
 	return ret;
 }
@@ -834,9 +816,7 @@ static inline struct proc_dir_entry *proc_create_user(const char *name, umode_t
 	ret = proc_create_data(name, mode, parent, ops, ptr);
 	if (!ret)
 		return NULL;
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(3,10,0)
 	proc_set_user(ret, proc_kuid, proc_kgid);
-#endif
 
 	return ret;
 }
@@ -929,10 +909,8 @@ static void free_crypto_context(struct re_crypto_context *c) {
 	}
 	if (c->shash)
 		crypto_free_shash(c->shash);
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,25)
 	if (c->aead)
 		crypto_free_aead(c->aead);
-#endif
 }
 
 static void target_put(struct rtpengine_target *t) {
@@ -979,11 +957,7 @@ static void clear_proc(struct proc_dir_entry **e) {
 	if (!e || !(pde = *e))
 		return;
 
-#if LINUX_VERSION_CODE < KERNEL_VERSION(3,10,0)
-	remove_proc_entry(pde->name, pde->parent);
-#else
 	proc_remove(pde);
-#endif
 	*e = NULL;
 }
 
@@ -2289,7 +2263,6 @@ static int gen_session_keys(struct re_crypto_context *c, struct rtpengine_srtp *
 			goto error;
 	}
 
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,25)
 	if (c->cipher->aead_name) {
 		err = "failed to load AEAD";
 		c->aead = crypto_alloc_aead(c->cipher->aead_name, 0, CRYPTO_ALG_ASYNC);
@@ -2308,11 +2281,6 @@ static int gen_session_keys(struct re_crypto_context *c, struct rtpengine_srtp *
 		if (ret)
 			goto error;
 	}
-#else
-	err = "No support for AEAD in this kernel";
-	if (c->cipher->aead_name)
-		goto error;
-#endif
 
 	if (c->cipher->session_key_init) {
 		ret = c->cipher->session_key_init(c, s);
@@ -2977,9 +2945,6 @@ static int table_new_call(struct rtpengine_table *table, struct rtpengine_call_i
 	struct re_call *call, *hash_entry;
 	unsigned int idx;
 	unsigned long flags;
-#if LINUX_VERSION_CODE < KERNEL_VERSION(3,9,0)
-	struct hlist_node *hlist_entry;
-#endif
 
 	/* validation */
 
@@ -3007,12 +2972,7 @@ static int table_new_call(struct rtpengine_table *table, struct rtpengine_call_i
 
 	spin_lock_irqsave(&table->calls_hash_lock[call->hash_bucket], flags);
 
-#if LINUX_VERSION_CODE < KERNEL_VERSION(3,9,0)
-	hlist_for_each_entry(hash_entry, hlist_entry, &table->calls_hash[call->hash_bucket],
-			calls_hash_entry) {
-#else
 	hlist_for_each_entry(hash_entry, &table->calls_hash[call->hash_bucket], calls_hash_entry) {
-#endif
 		if (!strcmp(hash_entry->info.call_id, info->call_id))
 			goto found;
 	}
@@ -3155,9 +3115,6 @@ static int table_new_stream(struct rtpengine_table *table, struct rtpengine_stre
 	unsigned long flags;
 	unsigned int idx;
 	struct proc_dir_entry *pde;
-#if LINUX_VERSION_CODE < KERNEL_VERSION(3,9,0)
-	struct hlist_node *hlist_entry;
-#endif
 
 	/* validation */
 
@@ -3194,12 +3151,7 @@ static int table_new_stream(struct rtpengine_table *table, struct rtpengine_stre
 
 	spin_lock_irqsave(&table->streams_hash_lock[stream->hash_bucket], flags);
 
-#if LINUX_VERSION_CODE < KERNEL_VERSION(3,9,0)
-	hlist_for_each_entry(hash_entry, hlist_entry, &table->streams_hash[stream->hash_bucket],
-			streams_hash_entry) {
-#else
 	hlist_for_each_entry(hash_entry, &table->streams_hash[stream->hash_bucket], streams_hash_entry) {
-#endif
 		if (hash_entry->info.idx.call_idx == info->idx.call_idx
 				&& !strcmp(hash_entry->info.stream_name, info->stream_name))
 			goto found;
@@ -4028,34 +3980,9 @@ static int send_proxy_packet4(struct sk_buff *skb, struct re_address *src, struc
 
 	skb->ip_summed = CHECKSUM_NONE;
 
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,4,0)
 	ip_select_ident(net, skb, NULL);
 	ip_send_check(ih);
 	ip_local_out(net, skb->sk, skb);
-#else
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,1,0)
-	ip_select_ident(net, skb, NULL);
-#elif (LINUX_VERSION_CODE == KERNEL_VERSION(3,10,0) && RHEL_MAJOR == 7) /* CentOS 7 */
-	/* nothing */
-#elif LINUX_VERSION_CODE >= KERNEL_VERSION(3,15,10) \
-		|| (LINUX_VERSION_CODE < KERNEL_VERSION(3,15,0) && LINUX_VERSION_CODE >= KERNEL_VERSION(3,14,17)) \
-		|| (LINUX_VERSION_CODE < KERNEL_VERSION(3,13,0) && LINUX_VERSION_CODE >= KERNEL_VERSION(3,12,27)) \
-		|| (LINUX_VERSION_CODE < KERNEL_VERSION(3,11,0) && LINUX_VERSION_CODE >= KERNEL_VERSION(3,10,53)) \
-		|| (LINUX_VERSION_CODE < KERNEL_VERSION(3,5,0) && LINUX_VERSION_CODE >= KERNEL_VERSION(3,4,103)) \
-		|| (LINUX_VERSION_CODE < KERNEL_VERSION(3,3,0) && LINUX_VERSION_CODE >= KERNEL_VERSION(3,2,63))
-	ip_select_ident(skb, NULL);
-#elif LINUX_VERSION_CODE >= KERNEL_VERSION(3,11,5) \
-		|| (LINUX_VERSION_CODE < KERNEL_VERSION(3,11,0) && LINUX_VERSION_CODE >= KERNEL_VERSION(3,10,16)) \
-		|| (LINUX_VERSION_CODE < KERNEL_VERSION(3,5,0) && LINUX_VERSION_CODE >= KERNEL_VERSION(3,4,66)) \
-		|| (LINUX_VERSION_CODE < KERNEL_VERSION(3,3,0) && LINUX_VERSION_CODE >= KERNEL_VERSION(3,2,52)) \
-		|| (LINUX_VERSION_CODE < KERNEL_VERSION(3,1,0) && LINUX_VERSION_CODE >= KERNEL_VERSION(3,0,100))
-	ip_select_ident(skb, skb_dst(skb), NULL);
-#else // 3.9.x, 3.8.x, 3.7.x, 3.6.x, 3.5.x, 3.3.x, 3.1.x, 2.6.x
-	ip_select_ident(ih, skb_dst(skb), NULL);
-#endif
-	ip_send_check(ih);
-	ip_local_out(skb);
-#endif
 
 	return 0;
 
@@ -4138,11 +4065,7 @@ static int send_proxy_packet6(struct sk_buff *skb, struct re_address *src, struc
 
 	skb->ip_summed = CHECKSUM_NONE;
 
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,4,0)
 	ip6_local_out(net, skb->sk, skb);
-#else
-	ip6_local_out(skb);
-#endif
 
 	return 0;
 
@@ -4658,7 +4581,6 @@ static int srtp_encrypt_aes_gcm(struct re_crypto_context *c,
 		struct rtpengine_srtp *s, struct rtp_parsed *r,
 		uint64_t *pkt_idxp)
 {
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,25)
 	uint64_t pkt_idx = *pkt_idxp;
 	union aes_gcm_rtp_iv iv;
 	struct aead_request *req;
@@ -4685,13 +4607,8 @@ static int srtp_encrypt_aes_gcm(struct re_crypto_context *c,
 	sg_set_buf(&sg[1], r->payload, r->payload_len + 16); // guaranteed to have space after skb_copy_expand
 
 	aead_request_set_callback(req, 0, NULL, NULL);
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,2,0)
 	aead_request_set_ad(req, r->header_len);
 	aead_request_set_crypt(req, sg, sg, r->payload_len, iv.bytes);
-#else
-	aead_request_set_assoc(req, &sg[0], r->header_len);
-	aead_request_set_crypt(req, &sg[1], &sg[1], r->payload_len, iv.bytes);
-#endif
 
 	ret = crypto_aead_encrypt(req);
 	aead_request_free(req);
@@ -4700,9 +4617,6 @@ static int srtp_encrypt_aes_gcm(struct re_crypto_context *c,
 		r->payload_len += 16;
 
 	return ret;
-#else
-	return -EOPNOTSUPP;
-#endif
 }
 
 union aes_gcm_rtcp_iv {
@@ -4719,7 +4633,6 @@ static int srtcp_encrypt_aes_gcm(struct re_crypto_context *c,
 		struct rtpengine_srtp *s, struct rtp_parsed *r,
 		uint64_t *pkt_idx)
 {
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,25)
 	union aes_gcm_rtcp_iv iv;
 	struct aead_request *req;
 	struct scatterlist sg[3];
@@ -4747,13 +4660,8 @@ static int srtcp_encrypt_aes_gcm(struct re_crypto_context *c,
 	sg_set_buf(&sg[2], r->payload, r->payload_len + 16); // guaranteed to have space after skb_copy_expand
 
 	aead_request_set_callback(req, 0, NULL, NULL);
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,2,0)
 	aead_request_set_ad(req, r->header_len + sizeof(e_idx));
 	aead_request_set_crypt(req, sg, sg, r->payload_len, iv.bytes);
-#else
-	aead_request_set_assoc(req, &sg[0], r->header_len + sizeof(e_idx));
-	aead_request_set_crypt(req, &sg[2], &sg[2], r->payload_len, iv.bytes);
-#endif
 
 	ret = crypto_aead_encrypt(req);
 	aead_request_free(req);
@@ -4762,15 +4670,11 @@ static int srtcp_encrypt_aes_gcm(struct re_crypto_context *c,
 		r->payload_len += 16;
 
 	return ret;
-#else
-	return -EOPNOTSUPP;
-#endif
 }
 static int srtp_decrypt_aes_gcm(struct re_crypto_context *c,
 		struct rtpengine_srtp *s, struct rtp_parsed *r,
 		uint64_t *pkt_idxp)
 {
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,25)
 	uint64_t pkt_idx = *pkt_idxp;
 	union aes_gcm_rtp_iv iv;
 	struct aead_request *req;
@@ -4807,13 +4711,8 @@ static int srtp_decrypt_aes_gcm(struct re_crypto_context *c,
 			memcpy(copy, r->payload, r->payload_len);
 
 		aead_request_set_callback(req, 0, NULL, NULL);
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,2,0)
 		aead_request_set_ad(req, r->header_len);
 		aead_request_set_crypt(req, sg, sg, r->payload_len, iv.bytes);
-#else
-		aead_request_set_assoc(req, &sg[0], r->header_len);
-		aead_request_set_crypt(req, &sg[1], &sg[1], r->payload_len, iv.bytes);
-#endif
 
 		ret = crypto_aead_decrypt(req);
 		aead_request_free(req);
@@ -4851,16 +4750,12 @@ static int srtp_decrypt_aes_gcm(struct re_crypto_context *c,
 	}
 
 	return ret;
-#else
-	return -EOPNOTSUPP;
-#endif
 }
 
 static int srtcp_decrypt_aes_gcm(struct re_crypto_context *c,
 		struct rtpengine_srtp *s, struct rtp_parsed *r,
 		uint64_t *pkt_idx)
 {
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,25)
 	union aes_gcm_rtcp_iv iv;
 	struct aead_request *req;
 	struct scatterlist sg[3];
@@ -4890,13 +4785,8 @@ static int srtcp_decrypt_aes_gcm(struct re_crypto_context *c,
 	sg_set_buf(&sg[2], r->payload, r->payload_len);
 
 	aead_request_set_callback(req, 0, NULL, NULL);
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,2,0)
 	aead_request_set_ad(req, r->header_len + sizeof(e_idx));
 	aead_request_set_crypt(req, sg, sg, r->payload_len, iv.bytes);
-#else
-	aead_request_set_assoc(req, &sg[0], r->header_len + sizeof(e_idx));
-	aead_request_set_crypt(req, &sg[2], &sg[2], r->payload_len, iv.bytes);
-#endif
 
 	ret = crypto_aead_decrypt(req);
 	aead_request_free(req);
@@ -4905,9 +4795,6 @@ static int srtcp_decrypt_aes_gcm(struct re_crypto_context *c,
 		r->payload_len -= 16;
 
 	return ret;
-#else
-	return -EOPNOTSUPP;
-#endif
 }
 
 static inline int srtp_encrypt(struct re_crypto_context *c,
@@ -5032,7 +4919,6 @@ static inline int is_dtls(struct sk_buff *skb) {
 	return 1;
 }
 
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(3,0,0)
 static int rtp_payload_match(const void *a, const void *b) {
 	const struct rtpengine_pt_input *A = a, *B = b;
 
@@ -5042,7 +4928,6 @@ static int rtp_payload_match(const void *a, const void *b) {
 		return 1;
 	return 0;
 }
-#endif
 
 static inline int rtp_payload_type(const struct rtp_header *hdr, const struct rtpengine_target_info *tg,
 		int *last_pt)
@@ -5056,15 +4941,7 @@ static inline int rtp_payload_type(const struct rtp_header *hdr, const struct rt
 		if (rtp_payload_match(match, &pt) == 0)
 			goto found;
 	}
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(3,0,0)
 	match = bsearch(&pt, tg->pt_input, tg->num_payload_types, sizeof(pt), rtp_payload_match);
-#else
-	for (match = tg->pt_input; match < tg->pt_input + tg->num_payload_types; match++) {
-		if (match->pt_num == pt.pt_num)
-			goto found;
-	}
-	match = NULL;
-#endif
 	if (!match)
 		return -1;
 found:
@@ -5675,27 +5552,19 @@ skip:
 
 
 
-#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,35)
-#define CHECK_ERR false
-#define CHECK_SCC true
-static bool check(const struct xt_tgchk_param *par) {
-#else
-#define CHECK_ERR -EINVAL
-#define CHECK_SCC 0
 static int check(const struct xt_tgchk_param *par) {
-#endif
 	const struct xt_rtpengine_info *pinfo = par->targinfo;
 
 	if (!my_proc_root) {
 		printk(KERN_WARNING "xt_RTPENGINE check() without proc_root\n");
-		return CHECK_ERR;
+		return -EINVAL;
 	}
 	if (pinfo->id >= MAX_ID) {
 		printk(KERN_WARNING "xt_RTPENGINE ID too high (%u >= %u)\n", pinfo->id, MAX_ID);
-		return CHECK_ERR;
+		return -EINVAL;
 	}
 
-	return CHECK_SCC;
+	return 0;
 }
 
 
@@ -5734,11 +5603,9 @@ static int __init init(void) {
 		goto fail;
 
 	printk(KERN_NOTICE "Registering xt_RTPENGINE module - version %s\n", RTPENGINE_VERSION);
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(3,10,0)
 	DBG("using uid %u, gid %d\n", proc_uid, proc_gid);
 	proc_kuid = KUIDT_INIT(proc_uid);
 	proc_kgid = KGIDT_INIT(proc_gid);
-#endif
 	rwlock_init(&table_lock);
 	auto_array_init(&calls);
 	auto_array_init(&streams);