[NETFILTER]: Remove ipt_unclean match from 2.6.x

We have decided to remove the unclean match, since it is considered
a potentially dangerous function of the current iptables code.

The match is used by lots of users who don't really undestand what kind
of danger they are imposing on the future-compatibility of their
networks.  (just think of the ECN issue resulting from this kind of
filtering)

We'd rather keep it in patch-o-matic, where lots of other modules that
are only useful in experimental scenarios are kept.

Now that we don't have to keep it for compatibility reasons, we'd like
to remove it before 2.6.0 final is released.

net/ipv4/netfilter/Kconfig

@@ -271,16 +271,6 @@ config IP_NF_MATCH_CONNTRACK
 	  If you want to compile it as a module, say M here and read
 	  Documentation/modules.txt.  If unsure, say `N'.
 
-config IP_NF_MATCH_UNCLEAN
-	tristate "Unclean match support (EXPERIMENTAL)"
-	depends on EXPERIMENTAL && IP_NF_IPTABLES
-	help
-	  Unclean packet matching matches any strange or invalid packets, by
-	  looking at a series of fields in the IP, TCP, UDP and ICMP headers.
-
-	  If you want to compile it as a module, say M here and read
-	  <file:Documentation/modules.txt>.  If unsure, say `N'.
-
 config IP_NF_MATCH_OWNER
 	tristate "Owner match support (EXPERIMENTAL)"
 	depends on EXPERIMENTAL && IP_NF_IPTABLES

net/ipv4/netfilter/Makefile

@@ -61,7 +61,6 @@ obj-$(CONFIG_IP_NF_MATCH_LENGTH) += ipt_length.o
 obj-$(CONFIG_IP_NF_MATCH_TTL) += ipt_ttl.o
 obj-$(CONFIG_IP_NF_MATCH_STATE) += ipt_state.o
 obj-$(CONFIG_IP_NF_MATCH_CONNTRACK) += ipt_conntrack.o
-obj-$(CONFIG_IP_NF_MATCH_UNCLEAN) += ipt_unclean.o
 obj-$(CONFIG_IP_NF_MATCH_TCPMSS) += ipt_tcpmss.o
 
 obj-$(CONFIG_IP_NF_MATCH_PHYSDEV) += ipt_physdev.o