kernel-netlink: Check existence of linux/fib_rules.h, don't include it in distribution

This reverts commit b0761f1f0a.

configure.ac

@@ -490,7 +490,7 @@ AC_CHECK_FUNC(
 
 AC_CHECK_FUNCS(prctl mallinfo getpass closefrom getpwnam_r getgrnam_r getpwuid_r)
 
-AC_CHECK_HEADERS(sys/sockio.h glob.h net/if_tun.h)
+AC_CHECK_HEADERS(sys/sockio.h glob.h net/if_tun.h linux/fib_rules.h)
 AC_CHECK_HEADERS(net/pfkeyv2.h netipsec/ipsec.h netinet6/ipsec.h linux/udp.h)
 AC_CHECK_HEADERS(netinet/ip6.h, [], [],
 [

src/include/Makefile.am

@@ -1,3 +1,3 @@
-EXTRA_DIST = linux/fib_rules.h linux/if_alg.h linux/ipsec.h linux/netlink.h \
-			 linux/rtnetlink.h linux/pfkeyv2.h linux/udp.h linux/xfrm.h \
-			 linux/types.h sys/queue.h
+EXTRA_DIST = linux/if_alg.h linux/ipsec.h linux/netlink.h linux/rtnetlink.h \
+             linux/pfkeyv2.h linux/udp.h linux/xfrm.h linux/types.h \
+             sys/queue.h

src/include/linux/fib_rules.h

@@ -1,72 +0,0 @@
-#ifndef __LINUX_FIB_RULES_H
-#define __LINUX_FIB_RULES_H
-
-#include <linux/types.h>
-#include <linux/rtnetlink.h>
-
-/* rule is permanent, and cannot be deleted */
-#define FIB_RULE_PERMANENT	0x00000001
-#define FIB_RULE_INVERT		0x00000002
-#define FIB_RULE_UNRESOLVED	0x00000004
-#define FIB_RULE_IIF_DETACHED	0x00000008
-#define FIB_RULE_DEV_DETACHED	FIB_RULE_IIF_DETACHED
-#define FIB_RULE_OIF_DETACHED	0x00000010
-
-/* try to find source address in routing lookups */
-#define FIB_RULE_FIND_SADDR	0x00010000
-
-struct fib_rule_hdr {
-	__u8		family;
-	__u8		dst_len;
-	__u8		src_len;
-	__u8		tos;
-
-	__u8		table;
-	__u8		res1;	/* reserved */
-	__u8		res2;	/* reserved */
-	__u8		action;
-
-	__u32		flags;
-};
-
-enum {
-	FRA_UNSPEC,
-	FRA_DST,	/* destination address */
-	FRA_SRC,	/* source address */
-	FRA_IIFNAME,	/* interface name */
-#define FRA_IFNAME	FRA_IIFNAME
-	FRA_GOTO,	/* target to jump to (FR_ACT_GOTO) */
-	FRA_UNUSED2,
-	FRA_PRIORITY,	/* priority/preference */
-	FRA_UNUSED3,
-	FRA_UNUSED4,
-	FRA_UNUSED5,
-	FRA_FWMARK,	/* mark */
-	FRA_FLOW,	/* flow/class id */
-	FRA_UNUSED6,
-	FRA_UNUSED7,
-	FRA_UNUSED8,
-	FRA_TABLE,	/* Extended table id */
-	FRA_FWMASK,	/* mask for netfilter mark */
-	FRA_OIFNAME,
-	__FRA_MAX
-};
-
-#define FRA_MAX (__FRA_MAX - 1)
-
-enum {
-	FR_ACT_UNSPEC,
-	FR_ACT_TO_TBL,		/* Pass to fixed table */
-	FR_ACT_GOTO,		/* Jump to another rule */
-	FR_ACT_NOP,		/* No operation */
-	FR_ACT_RES3,
-	FR_ACT_RES4,
-	FR_ACT_BLACKHOLE,	/* Drop without notification */
-	FR_ACT_UNREACHABLE,	/* Drop with ENETUNREACH */
-	FR_ACT_PROHIBIT,	/* Drop with EACCES */
-	__FR_ACT_MAX,
-};
-
-#define FR_ACT_MAX (__FR_ACT_MAX - 1)
-
-#endif

src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c

@@ -44,7 +44,9 @@
 #include <unistd.h>
 #include <errno.h>
 #include <net/if.h>
+#ifdef HAVE_LINUX_FIB_RULES_H
 #include <linux/fib_rules.h>
+#endif
 
 #include "kernel_netlink_net.h"
 #include "kernel_netlink_shared.h"
@@ -2098,7 +2100,6 @@ static status_t manage_rule(private_kernel_netlink_net_t *this, int nlmsg_type,
 	struct rtmsg *msg;
 	chunk_t chunk;
 	char *fwmark;
-	mark_t mark;
 
 	memset(&request, 0, sizeof(request));
 	hdr = (struct nlmsghdr*)request;
@@ -2124,6 +2125,9 @@ static status_t manage_rule(private_kernel_netlink_net_t *this, int nlmsg_type,
 					"%s.plugins.kernel-netlink.fwmark", NULL, hydra->daemon);
 	if (fwmark)
 	{
+#ifdef HAVE_LINUX_FIB_RULES_H
+		mark_t mark;
+
 		if (fwmark[0] == '!')
 		{
 			msg->rtm_flags |= FIB_RULE_INVERT;
@@ -2136,6 +2140,9 @@ static status_t manage_rule(private_kernel_netlink_net_t *this, int nlmsg_type,
 			chunk = chunk_from_thing(mark.mask);
 			netlink_add_attribute(hdr, FRA_FWMASK, chunk, sizeof(request));
 		}
+#else
+		DBG1(DBG_KNL, "setting firewall mark on routing rule is not supported");
+#endif
 	}
 	return this->socket->send_ack(this->socket, hdr);
 }