modules: Remove the IPQ DAQ module

ip_queue has been obsolete for many years and has been removed from the
Linux kernel entirely since version 3.5.0.  Use NFQ instead.

README

@@ -23,7 +23,7 @@ This will build and install both static and dynamic DAQ modules.
 Note that pcap >= 1.5.0 is required.  pcap 1.8.1 is available at the time
 of this writing and is recommended.
 
-Also, libdnet is required for IPQ and NFQ DAQs.  If you get a relocation error
+Also, libdnet is required for the NFQ module.  If you get a relocation error
 trying to build those DAQs, you may need to reinstall libdnet and configure it
 with something like this:
 
@@ -173,33 +173,6 @@ and won't change user or group.
 Notes on iptables are given below.
 
 
-IPQ Module
-==========
-
-IPQ is the old way to process iptables packets.  It replaces the inline version
-available in pre-2.9 versions built with this:
-
-    ./configure --enable-inline
-
-Note that layer 2 resets are not supported with the IPQ DAQ:
-
-    config layer2resets[: <mac>]
-
-Start the IPQ DAQ as follows:
-
-    ./snort --daq ipq \
-        [--daq-var device=<dev>] \
-        [--daq-var proto=<proto>] \
-
-    <dev> ::= ip | eth0, etc; default is IP injection
-    <proto> ::= ip4 | ip6; default is ip4
-
-This module can not run unprivileged so ./snort -u -g will produce a warning
-and won't change user or group.
-
-Notes on iptables are given below.
-
-
 IPFW Module
 ===========
 
@@ -326,7 +299,7 @@ Notes on iptables
 =================
 
 These notes are just a quick reminder that you need to set up iptables to use
-the IPQ or NFQ DAQs.  Doing so may cause problems with your network so tread
+the NFQ DAQs.  Doing so may cause problems with your network so tread
 carefully.  The examples below are intentionally incomplete so please read the
 related documentation first.
 
@@ -338,10 +311,6 @@ You can check this out for queue sizing tips:
 
     http://www.inliniac.net/blog/2008/01/23/improving-snort_inlines-nfq-performance.html
 
-You might find useful IPQ info here:
-
-    http://snort-inline.sourceforge.net/
-
 Use this to examine your iptables:
 
     sudo /sbin/iptables -L
@@ -352,10 +321,6 @@ Use something like this to set up NFQ:
         -I <table> [<protocol stuff>] [<state stuff>]
         -j NFQUEUE --queue-num 1
 
-Use something like this to set up IPQ:
-
-    sudo iptables -I FORWARD -j QUEUE
-
 Use something like this to "disconnect" snort:
 
     sudo /sbin/iptables -D <table> <rule pos>
@@ -365,22 +330,6 @@ Such packets will be dropped until Snort is started.
 
 The queue-num is the number you must give Snort.
 
-If you are running on a system with both NFQ and IPQ support, you may
-experience some start-up failures of the sort:
-
-The solution seems to be to remove both modules from the kernel like this:
-
-    modprobe -r nfnetlink_queue
-    modprobe -r ip_queue
-
-and then install the module you want:
-
-    modprobe ip_queue
-
-or:
-
-    modprobe nfnetlink_queue
-
 These DAQs should be run with a snaplen of 65535 since the kernel defrags the
 packets before queuing.  Also, no need to configure frag3.
 

configure.ac

@@ -222,22 +222,6 @@ AM_CONDITIONAL([BUILD_DUMP_MODULE], [test "$enable_dump_module" = yes])
 #fi
 AM_CONDITIONAL([BUILD_IPFW_MODULE], [test "$enable_ipfw_module" = yes])
 
-# IPQ Module
-#AC_ARG_ENABLE(ipq-module,
-#              AS_HELP_STRING([--disable-ipq-module],[do not build the bundled IPQ module]),
-#              [enable_ipq_module="$enableval"], [enable_ipq_module="$DEFAULT_ENABLE"])
-#if test "$enable_ipq_module" = yes; then
-#    AC_CHECK_HEADERS([netinet/in.h libipq.h], [], [enable_ipq_module=no])
-#    AC_CHECK_HEADER([linux/netfilter.h], [], [enable_ipq_module=no],
-#                    [
-#                        #include <netinet/in.h>
-#                    ])
-#    if test "$enable_ipq_module" = yes; then
-#        STATIC_LIBS="${STATIC_LIBS} -lipq -lsfbpf"
-#    fi
-#fi
-AM_CONDITIONAL([BUILD_IPQ_MODULE], [test "$enable_ipq_module" = yes])
-
 # NFQ Module
 #AC_ARG_ENABLE(nfq-module,
 #              AS_HELP_STRING([--disable-nfq-module],[do not build the bundled NFQ module]),
@@ -295,7 +279,7 @@ AM_CONDITIONAL([BUILD_PCAP_MODULE], [test "$enable_pcap_module" = yes])
 #fi
 AM_CONDITIONAL([BUILD_NETMAP_MODULE], [test "$enable_netmap_module" = yes])
 
-if test "$enable_ipq_module" = yes -o "$enable_nfq_module" = yes ; then
+if test "$enable_nfq_module" = yes ; then
     AC_CHECK_HEADERS(dnet.h,,DNET_H="no")
     AC_CHECK_HEADERS(dumbnet.h,,DUMBNET_H="no")
 
@@ -336,7 +320,6 @@ AC_SUBST(DNET_LDFLAGS)
 AM_CONDITIONAL([BUILD_MODULES], [test "$enable_afpacket_module" = yes -o \
                                       "$enable_dump_module" = yes -o \
                                       "$enable_ipfw_module" = yes -o \
-                                      "$enable_ipq_module" = yes -o \
                                       "$enable_nfq_module" = yes -o \
                                       "$enable_pcap_module" = yes])
 
@@ -412,9 +395,8 @@ AC_MSG_RESULT([
 
     Build AFPacket DAQ module.. : $enable_afpacket_module
     Build Dump DAQ module...... : $enable_dump_module
-#   Build IPFW DAQ module...... : $enable_ipfw_module
-#   Build IPQ DAQ module....... : $enable_ipq_module
-#   Build NFQ DAQ module....... : $enable_nfq_module
+    Build IPFW DAQ module...... : $enable_ipfw_module
+    Build NFQ DAQ module....... : $enable_nfq_module
     Build PCAP DAQ module...... : $enable_pcap_module
-#   Build netmap DAQ module.... : $enable_netmap_module
+    Build netmap DAQ module.... : $enable_netmap_module
 ])

modules/Makefile.am

@@ -57,18 +57,6 @@ endif
     libdaq_static_modules_la_CPPFLAGS += -DBUILD_IPFW_MODULE
 endif
 
-if BUILD_IPQ_MODULE
-if BUILD_SHARED_MODULES
-    pkglib_LTLIBRARIES += daq_ipq.la
-    daq_ipq_la_SOURCES = daq_ipq.c
-    daq_ipq_la_CPPFLAGS = $(AM_CPPFLAGS) -DBUILDING_SO
-    daq_ipq_la_LDFLAGS = -module -export-dynamic -avoid-version -shared @DNET_LDFLAGS@
-    daq_ipq_la_LIBADD = -lipq @DNET_LDFLAGS@ $(top_builddir)/sfbpf/libsfbpf.la
-endif
-    libdaq_static_modules_la_SOURCES += daq_ipq.c
-    libdaq_static_modules_la_CPPFLAGS += -DBUILD_IPQ_MODULE
-endif
-
 if BUILD_NFQ_MODULE
 if BUILD_SHARED_MODULES
     pkglib_LTLIBRARIES += daq_nfq.la