]>
Commit | Line | Data |
---|---|---|
2581e8f3 | 1 | diff -Nur --exclude '*.orig' linux-2.6.7.org/include/linux/netfilter.h linux-2.6.7/include/linux/netfilter.h |
2 | --- linux-2.6.7.org/include/linux/netfilter.h 2004-06-25 10:47:45.000000000 +0200 | |
3 | +++ linux-2.6.7/include/linux/netfilter.h 2004-06-25 12:21:38.694509280 +0200 | |
4 | @@ -138,12 +138,14 @@ | |
5 | /* This is gross, but inline doesn't cut it for avoiding the function | |
6 | call in fast path: gcc doesn't inline (needs value tracking?). --RR */ | |
7 | #ifdef CONFIG_NETFILTER_DEBUG | |
8 | -#define NF_HOOK(pf, hook, skb, indev, outdev, okfn) \ | |
9 | - nf_hook_slow((pf), (hook), (skb), (indev), (outdev), (okfn), INT_MIN) | |
10 | +#define NF_HOOK_COND(pf, hook, skb, indev, outdev, okfn, cond) \ | |
11 | +(!(cond) \ | |
12 | + ? (okfn)(skb) \ | |
13 | + : nf_hook_slow((pf), (hook), (skb), (indev), (outdev), (okfn), INT_MIN)) | |
14 | #define NF_HOOK_THRESH nf_hook_slow | |
15 | #else | |
16 | -#define NF_HOOK(pf, hook, skb, indev, outdev, okfn) \ | |
17 | -(list_empty(&nf_hooks[(pf)][(hook)]) \ | |
18 | +#define NF_HOOK_COND(pf, hook, skb, indev, outdev, okfn, cond) \ | |
19 | +(!(cond) || list_empty(&nf_hooks[(pf)][(hook)]) \ | |
20 | ? (okfn)(skb) \ | |
21 | : nf_hook_slow((pf), (hook), (skb), (indev), (outdev), (okfn), INT_MIN)) | |
22 | #define NF_HOOK_THRESH(pf, hook, skb, indev, outdev, okfn, thresh) \ | |
23 | @@ -151,6 +153,8 @@ | |
24 | ? (okfn)(skb) \ | |
25 | : nf_hook_slow((pf), (hook), (skb), (indev), (outdev), (okfn), (thresh))) | |
26 | #endif | |
27 | +#define NF_HOOK(pf, hook, skb, indev, outdev, okfn) \ | |
28 | + NF_HOOK_COND((pf), (hook), (skb), (indev), (outdev), (okfn), 1) | |
29 | ||
30 | int nf_hook_slow(int pf, unsigned int hook, struct sk_buff *skb, | |
31 | struct net_device *indev, struct net_device *outdev, | |
32 | @@ -189,7 +193,24 @@ | |
33 | ||
34 | #else /* !CONFIG_NETFILTER */ | |
35 | #define NF_HOOK(pf, hook, skb, indev, outdev, okfn) (okfn)(skb) | |
36 | +#define NF_HOOK_COND(pf, hook, skb, indev, outdev, okfn, cond) (okfn)(skb) | |
37 | #endif /*CONFIG_NETFILTER*/ | |
38 | ||
39 | +#ifdef CONFIG_XFRM | |
40 | +#ifdef CONFIG_IP_NF_NAT_NEEDED | |
41 | +struct flowi; | |
42 | +extern void nf_nat_decode_session4(struct sk_buff *skb, struct flowi *fl); | |
43 | + | |
44 | +static inline void | |
45 | +nf_nat_decode_session(struct sk_buff *skb, struct flowi *fl, int family) | |
46 | +{ | |
47 | + if (family == AF_INET) | |
48 | + nf_nat_decode_session4(skb, fl); | |
49 | +} | |
50 | +#else /* CONFIG_IP_NF_NAT_NEEDED */ | |
51 | +#define nf_nat_decode_session(skb,fl,family) | |
52 | +#endif /* CONFIG_IP_NF_NAT_NEEDED */ | |
53 | +#endif /* CONFIG_XFRM */ | |
54 | + | |
55 | #endif /*__KERNEL__*/ | |
56 | #endif /*__LINUX_NETFILTER_H*/ | |
57 | diff -Nur --exclude '*.orig' linux-2.6.7.org/include/linux/netfilter_helpers.h linux-2.6.7/include/linux/netfilter_helpers.h | |
58 | --- linux-2.6.7.org/include/linux/netfilter_helpers.h 1970-01-01 01:00:00.000000000 +0100 | |
59 | +++ linux-2.6.7/include/linux/netfilter_helpers.h 2004-06-25 12:24:50.026422408 +0200 | |
60 | @@ -0,0 +1,133 @@ | |
61 | +/* | |
62 | + * Helpers for netfiler modules. This file provides implementations for basic | |
63 | + * functions such as strncasecmp(), etc. | |
64 | + * | |
65 | + * gcc will warn for defined but unused functions, so we only include the | |
66 | + * functions requested. The following macros are used: | |
67 | + * NF_NEED_STRNCASECMP nf_strncasecmp() | |
68 | + * NF_NEED_STRTOU16 nf_strtou16() | |
69 | + * NF_NEED_STRTOU32 nf_strtou32() | |
70 | + */ | |
71 | +#ifndef _NETFILTER_HELPERS_H | |
72 | +#define _NETFILTER_HELPERS_H | |
73 | + | |
74 | +/* Only include these functions for kernel code. */ | |
75 | +#ifdef __KERNEL__ | |
76 | + | |
77 | +#include <linux/ctype.h> | |
78 | +#define iseol(c) ( (c) == '\r' || (c) == '\n' ) | |
79 | + | |
80 | +/* | |
81 | + * The standard strncasecmp() | |
82 | + */ | |
83 | +#ifdef NF_NEED_STRNCASECMP | |
84 | +static int | |
85 | +nf_strncasecmp(const char* s1, const char* s2, u_int32_t len) | |
86 | +{ | |
87 | + if (s1 == NULL || s2 == NULL) | |
88 | + { | |
89 | + if (s1 == NULL && s2 == NULL) | |
90 | + { | |
91 | + return 0; | |
92 | + } | |
93 | + return (s1 == NULL) ? -1 : 1; | |
94 | + } | |
95 | + while (len > 0 && tolower(*s1) == tolower(*s2)) | |
96 | + { | |
97 | + len--; | |
98 | + s1++; | |
99 | + s2++; | |
100 | + } | |
101 | + return ( (len == 0) ? 0 : (tolower(*s1) - tolower(*s2)) ); | |
102 | +} | |
103 | +#endif /* NF_NEED_STRNCASECMP */ | |
104 | + | |
105 | +/* | |
106 | + * Parse a string containing a 16-bit unsigned integer. | |
107 | + * Returns the number of chars used, or zero if no number is found. | |
108 | + */ | |
109 | +#ifdef NF_NEED_STRTOU16 | |
110 | +static int | |
111 | +nf_strtou16(const char* pbuf, u_int16_t* pval) | |
112 | +{ | |
113 | + int n = 0; | |
114 | + | |
115 | + *pval = 0; | |
116 | + while (isdigit(pbuf[n])) | |
117 | + { | |
118 | + *pval = (*pval * 10) + (pbuf[n] - '0'); | |
119 | + n++; | |
120 | + } | |
121 | + | |
122 | + return n; | |
123 | +} | |
124 | +#endif /* NF_NEED_STRTOU16 */ | |
125 | + | |
126 | +/* | |
127 | + * Parse a string containing a 32-bit unsigned integer. | |
128 | + * Returns the number of chars used, or zero if no number is found. | |
129 | + */ | |
130 | +#ifdef NF_NEED_STRTOU32 | |
131 | +static int | |
132 | +nf_strtou32(const char* pbuf, u_int32_t* pval) | |
133 | +{ | |
134 | + int n = 0; | |
135 | + | |
136 | + *pval = 0; | |
137 | + while (pbuf[n] >= '0' && pbuf[n] <= '9') | |
138 | + { | |
139 | + *pval = (*pval * 10) + (pbuf[n] - '0'); | |
140 | + n++; | |
141 | + } | |
142 | + | |
143 | + return n; | |
144 | +} | |
145 | +#endif /* NF_NEED_STRTOU32 */ | |
146 | + | |
147 | +/* | |
148 | + * Given a buffer and length, advance to the next line and mark the current | |
149 | + * line. | |
150 | + */ | |
151 | +#ifdef NF_NEED_NEXTLINE | |
152 | +static int | |
153 | +nf_nextline(char* p, uint len, uint* poff, uint* plineoff, uint* plinelen) | |
154 | +{ | |
155 | + uint off = *poff; | |
156 | + uint physlen = 0; | |
157 | + | |
158 | + if (off >= len) | |
159 | + { | |
160 | + return 0; | |
161 | + } | |
162 | + | |
163 | + while (p[off] != '\n') | |
164 | + { | |
165 | + if (len-off <= 1) | |
166 | + { | |
167 | + return 0; | |
168 | + } | |
169 | + | |
170 | + physlen++; | |
171 | + off++; | |
172 | + } | |
173 | + | |
174 | + /* if we saw a crlf, physlen needs adjusted */ | |
175 | + if (physlen > 0 && p[off] == '\n' && p[off-1] == '\r') | |
176 | + { | |
177 | + physlen--; | |
178 | + } | |
179 | + | |
180 | + /* advance past the newline */ | |
181 | + off++; | |
182 | + | |
183 | + *plineoff = *poff; | |
184 | + *plinelen = physlen; | |
185 | + *poff = off; | |
186 | + | |
187 | + return 1; | |
188 | +} | |
189 | +#endif /* NF_NEED_NEXTLINE */ | |
190 | + | |
191 | +#endif /* __KERNEL__ */ | |
192 | + | |
193 | +#endif /* _NETFILTER_HELPERS_H */ | |
194 | diff -Nur --exclude '*.orig' linux-2.6.7.org/include/linux/netfilter_ipv4/ip_conntrack.h linux-2.6.7/include/linux/netfilter_ipv4/ip_conntrack.h | |
195 | --- linux-2.6.7.org/include/linux/netfilter_ipv4/ip_conntrack.h 2004-06-25 10:47:45.000000000 +0200 | |
196 | +++ linux-2.6.7/include/linux/netfilter_ipv4/ip_conntrack.h 2004-06-25 12:28:43.675902288 +0200 | |
197 | @@ -51,10 +51,12 @@ | |
198 | ||
199 | #include <linux/netfilter_ipv4/ip_conntrack_tcp.h> | |
200 | #include <linux/netfilter_ipv4/ip_conntrack_icmp.h> | |
201 | +#include <linux/netfilter_ipv4/ip_conntrack_sctp.h> | |
202 | ||
203 | /* per conntrack: protocol private data */ | |
204 | union ip_conntrack_proto { | |
205 | /* insert conntrack proto private data here */ | |
206 | + struct ip_ct_sctp sctp; | |
207 | struct ip_ct_tcp tcp; | |
208 | struct ip_ct_icmp icmp; | |
209 | }; | |
210 | @@ -64,6 +66,11 @@ | |
211 | }; | |
212 | ||
213 | /* Add protocol helper include file here */ | |
214 | +#include <linux/netfilter_ipv4/ip_conntrack_talk.h> | |
215 | +#include <linux/netfilter_ipv4/ip_conntrack_rtsp.h> | |
216 | +#include <linux/netfilter_ipv4/ip_conntrack_rsh.h> | |
217 | +#include <linux/netfilter_ipv4/ip_conntrack_mms.h> | |
218 | +#include <linux/netfilter_ipv4/ip_conntrack_h323.h> | |
219 | #include <linux/netfilter_ipv4/ip_conntrack_amanda.h> | |
220 | #include <linux/netfilter_ipv4/ip_conntrack_ftp.h> | |
221 | #include <linux/netfilter_ipv4/ip_conntrack_irc.h> | |
222 | @@ -71,6 +78,11 @@ | |
223 | /* per expectation: application helper private data */ | |
224 | union ip_conntrack_expect_help { | |
225 | /* insert conntrack helper private data (expect) here */ | |
226 | + struct ip_ct_talk_expect exp_talk_info; | |
227 | + struct ip_ct_rtsp_expect exp_rtsp_info; | |
228 | + struct ip_ct_rsh_expect exp_rsh_info; | |
229 | + struct ip_ct_mms_expect exp_mms_info; | |
230 | + struct ip_ct_h225_expect exp_h225_info; | |
231 | struct ip_ct_amanda_expect exp_amanda_info; | |
232 | struct ip_ct_ftp_expect exp_ftp_info; | |
233 | struct ip_ct_irc_expect exp_irc_info; | |
234 | @@ -85,6 +97,11 @@ | |
235 | /* per conntrack: application helper private data */ | |
236 | union ip_conntrack_help { | |
237 | /* insert conntrack helper private data (master) here */ | |
238 | + struct ip_ct_talk_master ct_talk_info; | |
239 | + struct ip_ct_rtsp_master ct_rtsp_info; | |
240 | + struct ip_ct_rsh_master ct_rsh_info; | |
241 | + struct ip_ct_mms_master ct_mms_info; | |
242 | + struct ip_ct_h225_master ct_h225_info; | |
243 | struct ip_ct_ftp_master ct_ftp_info; | |
244 | struct ip_ct_irc_master ct_irc_info; | |
245 | }; | |
246 | @@ -207,6 +224,10 @@ | |
247 | } nat; | |
248 | #endif /* CONFIG_IP_NF_NAT_NEEDED */ | |
249 | ||
250 | +#if defined(CONFIG_IP_NF_CONNTRACK_MARK) | |
251 | + unsigned long mark; | |
252 | +#endif | |
253 | + | |
254 | }; | |
255 | ||
256 | /* get master conntrack via master expectation */ | |
257 | diff -Nur --exclude '*.orig' linux-2.6.7.org/include/linux/netfilter_ipv4/ip_conntrack_core.h linux-2.6.7/include/linux/netfilter_ipv4/ip_conntrack_core.h | |
258 | --- linux-2.6.7.org/include/linux/netfilter_ipv4/ip_conntrack_core.h 2004-06-16 07:20:26.000000000 +0200 | |
259 | +++ linux-2.6.7/include/linux/netfilter_ipv4/ip_conntrack_core.h 2004-06-25 12:21:02.302041776 +0200 | |
260 | @@ -21,15 +21,17 @@ | |
261 | extern struct ip_conntrack_protocol *__ip_ct_find_proto(u_int8_t protocol); | |
262 | extern struct list_head protocol_list; | |
263 | ||
264 | -/* Returns conntrack if it dealt with ICMP, and filled in skb->nfct */ | |
265 | -extern struct ip_conntrack *icmp_error_track(struct sk_buff *skb, | |
266 | - enum ip_conntrack_info *ctinfo, | |
267 | - unsigned int hooknum); | |
268 | -extern int get_tuple(const struct iphdr *iph, | |
269 | - const struct sk_buff *skb, | |
270 | - unsigned int dataoff, | |
271 | - struct ip_conntrack_tuple *tuple, | |
272 | - const struct ip_conntrack_protocol *protocol); | |
273 | +extern int | |
274 | +ip_ct_get_tuple(const struct iphdr *iph, | |
275 | + const struct sk_buff *skb, | |
276 | + unsigned int dataoff, | |
277 | + struct ip_conntrack_tuple *tuple, | |
278 | + const struct ip_conntrack_protocol *protocol); | |
279 | + | |
280 | +extern int | |
281 | +ip_ct_invert_tuple(struct ip_conntrack_tuple *inverse, | |
282 | + const struct ip_conntrack_tuple *orig, | |
283 | + const struct ip_conntrack_protocol *protocol); | |
284 | ||
285 | /* Find a connection corresponding to a tuple. */ | |
286 | struct ip_conntrack_tuple_hash * | |
287 | diff -Nur --exclude '*.orig' linux-2.6.7.org/include/linux/netfilter_ipv4/ip_conntrack_h323.h linux-2.6.7/include/linux/netfilter_ipv4/ip_conntrack_h323.h | |
288 | --- linux-2.6.7.org/include/linux/netfilter_ipv4/ip_conntrack_h323.h 1970-01-01 01:00:00.000000000 +0100 | |
289 | +++ linux-2.6.7/include/linux/netfilter_ipv4/ip_conntrack_h323.h 2004-06-25 12:21:34.914083992 +0200 | |
290 | @@ -0,0 +1,31 @@ | |
291 | +#ifndef _IP_CONNTRACK_H323_H | |
292 | +#define _IP_CONNTRACK_H323_H | |
293 | +/* H.323 connection tracking. */ | |
294 | + | |
295 | +#ifdef __KERNEL__ | |
296 | +/* Protects H.323 related data */ | |
297 | +#include <linux/netfilter_ipv4/lockhelp.h> | |
298 | +DECLARE_LOCK_EXTERN(ip_h323_lock); | |
299 | +#endif | |
300 | + | |
301 | +/* Default H.225 port */ | |
302 | +#define H225_PORT 1720 | |
303 | + | |
304 | +/* This structure is per expected connection */ | |
305 | +struct ip_ct_h225_expect { | |
306 | + u_int16_t port; /* Port of the H.225 helper/RTCP/RTP channel */ | |
307 | + enum ip_conntrack_dir dir; /* Direction of the original connection */ | |
308 | + unsigned int offset; /* offset of the address in the payload */ | |
309 | +}; | |
310 | + | |
311 | +/* This structure exists only once per master */ | |
312 | +struct ip_ct_h225_master { | |
313 | + int is_h225; /* H.225 or H.245 connection */ | |
314 | +#ifdef CONFIG_IP_NF_NAT_NEEDED | |
315 | + enum ip_conntrack_dir dir; /* Direction of the original connection */ | |
316 | + u_int32_t seq[IP_CT_DIR_MAX]; /* Exceptional packet mangling for signal addressess... */ | |
317 | + unsigned int offset[IP_CT_DIR_MAX]; /* ...and the offset of the addresses in the payload */ | |
318 | +#endif | |
319 | +}; | |
320 | + | |
321 | +#endif /* _IP_CONNTRACK_H323_H */ | |
322 | diff -Nur --exclude '*.orig' linux-2.6.7.org/include/linux/netfilter_ipv4/ip_conntrack_mms.h linux-2.6.7/include/linux/netfilter_ipv4/ip_conntrack_mms.h | |
323 | --- linux-2.6.7.org/include/linux/netfilter_ipv4/ip_conntrack_mms.h 1970-01-01 01:00:00.000000000 +0100 | |
324 | +++ linux-2.6.7/include/linux/netfilter_ipv4/ip_conntrack_mms.h 2004-06-25 12:23:10.833502024 +0200 | |
325 | @@ -0,0 +1,31 @@ | |
326 | +#ifndef _IP_CONNTRACK_MMS_H | |
327 | +#define _IP_CONNTRACK_MMS_H | |
328 | +/* MMS tracking. */ | |
329 | + | |
330 | +#ifdef __KERNEL__ | |
331 | +#include <linux/netfilter_ipv4/lockhelp.h> | |
332 | + | |
333 | +DECLARE_LOCK_EXTERN(ip_mms_lock); | |
334 | + | |
335 | +#define MMS_PORT 1755 | |
336 | +#define MMS_SRV_MSG_ID 196610 | |
337 | + | |
338 | +#define MMS_SRV_MSG_OFFSET 36 | |
339 | +#define MMS_SRV_UNICODE_STRING_OFFSET 60 | |
340 | +#define MMS_SRV_CHUNKLENLV_OFFSET 16 | |
341 | +#define MMS_SRV_CHUNKLENLM_OFFSET 32 | |
342 | +#define MMS_SRV_MESSAGELENGTH_OFFSET 8 | |
343 | +#endif | |
344 | + | |
345 | +/* This structure is per expected connection */ | |
346 | +struct ip_ct_mms_expect { | |
347 | + u_int32_t len; | |
348 | + u_int32_t padding; | |
349 | + u_int16_t port; | |
350 | +}; | |
351 | + | |
352 | +/* This structure exists only once per master */ | |
353 | +struct ip_ct_mms_master { | |
354 | +}; | |
355 | + | |
356 | +#endif /* _IP_CONNTRACK_MMS_H */ | |
357 | diff -Nur --exclude '*.orig' linux-2.6.7.org/include/linux/netfilter_ipv4/ip_conntrack_protocol.h linux-2.6.7/include/linux/netfilter_ipv4/ip_conntrack_protocol.h | |
358 | --- linux-2.6.7.org/include/linux/netfilter_ipv4/ip_conntrack_protocol.h 2004-06-16 07:20:04.000000000 +0200 | |
359 | +++ linux-2.6.7/include/linux/netfilter_ipv4/ip_conntrack_protocol.h 2004-06-25 12:21:02.304041472 +0200 | |
360 | @@ -50,6 +50,9 @@ | |
361 | int (*exp_matches_pkt)(struct ip_conntrack_expect *exp, | |
362 | const struct sk_buff *skb); | |
363 | ||
364 | + int (*error)(struct sk_buff *skb, enum ip_conntrack_info *ctinfo, | |
365 | + unsigned int hooknum); | |
366 | + | |
367 | /* Module (if any) which this is connected to. */ | |
368 | struct module *me; | |
369 | }; | |
370 | @@ -63,4 +66,17 @@ | |
371 | extern struct ip_conntrack_protocol ip_conntrack_protocol_udp; | |
372 | extern struct ip_conntrack_protocol ip_conntrack_protocol_icmp; | |
373 | extern int ip_conntrack_protocol_tcp_init(void); | |
374 | + | |
375 | +/* Log invalid packets */ | |
376 | +extern unsigned int ip_ct_log_invalid; | |
377 | + | |
378 | +#ifdef DEBUG_INVALID_PACKETS | |
379 | +#define LOG_INVALID(proto) \ | |
380 | + (ip_ct_log_invalid == (proto) || ip_ct_log_invalid == IPPROTO_RAW) | |
381 | +#else | |
382 | +#define LOG_INVALID(proto) \ | |
383 | + ((ip_ct_log_invalid == (proto) || ip_ct_log_invalid == IPPROTO_RAW) \ | |
384 | + && net_ratelimit()) | |
385 | +#endif | |
386 | + | |
387 | #endif /*_IP_CONNTRACK_PROTOCOL_H*/ | |
388 | diff -Nur --exclude '*.orig' linux-2.6.7.org/include/linux/netfilter_ipv4/ip_conntrack_quake3.h linux-2.6.7/include/linux/netfilter_ipv4/ip_conntrack_quake3.h | |
389 | --- linux-2.6.7.org/include/linux/netfilter_ipv4/ip_conntrack_quake3.h 1970-01-01 01:00:00.000000000 +0100 | |
390 | +++ linux-2.6.7/include/linux/netfilter_ipv4/ip_conntrack_quake3.h 2004-06-25 12:24:42.547559368 +0200 | |
391 | @@ -0,0 +1,21 @@ | |
392 | +#ifndef _IP_CT_QUAKE3 | |
393 | +#define _IP_CT_QUAKE3 | |
394 | + | |
395 | +/* Don't confuse with 27960, often used as the Server Port */ | |
396 | +#define QUAKE3_MASTER_PORT 27950 | |
397 | + | |
398 | +struct quake3_search { | |
399 | + const char marker[4]; /* always 0xff 0xff 0xff 0xff ? */ | |
400 | + const char *pattern; | |
401 | + size_t plen; | |
402 | +}; | |
403 | + | |
404 | +/* This structure is per expected connection */ | |
405 | +struct ip_ct_quake3_expect { | |
406 | +}; | |
407 | + | |
408 | +/* This structure exists only once per master */ | |
409 | +struct ip_ct_quake3_master { | |
410 | +}; | |
411 | + | |
412 | +#endif /* _IP_CT_QUAKE3 */ | |
413 | diff -Nur --exclude '*.orig' linux-2.6.7.org/include/linux/netfilter_ipv4/ip_conntrack_rsh.h linux-2.6.7/include/linux/netfilter_ipv4/ip_conntrack_rsh.h | |
414 | --- linux-2.6.7.org/include/linux/netfilter_ipv4/ip_conntrack_rsh.h 1970-01-01 01:00:00.000000000 +0100 | |
415 | +++ linux-2.6.7/include/linux/netfilter_ipv4/ip_conntrack_rsh.h 2004-06-25 12:24:48.839602832 +0200 | |
416 | @@ -0,0 +1,35 @@ | |
417 | +/* RSH extension for IP connection tracking, Version 1.0 | |
418 | + * (C) 2002 by Ian (Larry) Latter <Ian.Latter@mq.edu.au> | |
419 | + * based on HW's ip_conntrack_irc.c | |
420 | + * | |
421 | + * ip_conntrack_rsh.c,v 1.0 2002/07/17 14:49:26 | |
422 | + * | |
423 | + * This program is free software; you can redistribute it and/or | |
424 | + * modify it under the terms of the GNU General Public License | |
425 | + * as published by the Free Software Foundation; either version | |
426 | + * 2 of the License, or (at your option) any later version. | |
427 | + */ | |
428 | +#ifndef _IP_CONNTRACK_RSH_H | |
429 | +#define _IP_CONNTRACK_RSH_H | |
430 | + | |
431 | +#ifdef __KERNEL__ | |
432 | +#include <linux/netfilter_ipv4/lockhelp.h> | |
433 | + | |
434 | +DECLARE_LOCK_EXTERN(ip_rsh_lock); | |
435 | +#endif | |
436 | + | |
437 | + | |
438 | +#define RSH_PORT 514 | |
439 | + | |
440 | +/* This structure is per expected connection */ | |
441 | +struct ip_ct_rsh_expect | |
442 | +{ | |
443 | + u_int16_t port; | |
444 | +}; | |
445 | + | |
446 | +/* This structure exists only once per master */ | |
447 | +struct ip_ct_rsh_master { | |
448 | +}; | |
449 | + | |
450 | +#endif /* _IP_CONNTRACK_RSH_H */ | |
451 | + | |
452 | diff -Nur --exclude '*.orig' linux-2.6.7.org/include/linux/netfilter_ipv4/ip_conntrack_rtsp.h linux-2.6.7/include/linux/netfilter_ipv4/ip_conntrack_rtsp.h | |
453 | --- linux-2.6.7.org/include/linux/netfilter_ipv4/ip_conntrack_rtsp.h 1970-01-01 01:00:00.000000000 +0100 | |
454 | +++ linux-2.6.7/include/linux/netfilter_ipv4/ip_conntrack_rtsp.h 2004-06-25 12:24:50.028422104 +0200 | |
455 | @@ -0,0 +1,68 @@ | |
456 | +/* | |
457 | + * RTSP extension for IP connection tracking. | |
458 | + * (C) 2003 by Tom Marshall <tmarshall@real.com> | |
459 | + * based on ip_conntrack_irc.h | |
460 | + * | |
461 | + * This program is free software; you can redistribute it and/or | |
462 | + * modify it under the terms of the GNU General Public License | |
463 | + * as published by the Free Software Foundation; either version | |
464 | + * 2 of the License, or (at your option) any later version. | |
465 | + */ | |
466 | +#ifndef _IP_CONNTRACK_RTSP_H | |
467 | +#define _IP_CONNTRACK_RTSP_H | |
468 | + | |
469 | +/* #define IP_NF_RTSP_DEBUG */ | |
470 | +#define IP_NF_RTSP_VERSION "0.01" | |
471 | + | |
472 | +/* port block types */ | |
473 | +typedef enum { | |
474 | + pb_single, /* client_port=x */ | |
475 | + pb_range, /* client_port=x-y */ | |
476 | + pb_discon /* client_port=x/y (rtspbis) */ | |
477 | +} portblock_t; | |
478 | + | |
479 | +/* We record seq number and length of rtsp headers here, all in host order. */ | |
480 | + | |
481 | +/* | |
482 | + * This structure is per expected connection. It is a member of struct | |
483 | + * ip_conntrack_expect. The TCP SEQ for the conntrack expect is stored | |
484 | + * there and we are expected to only store the length of the data which | |
485 | + * needs replaced. If a packet contains multiple RTSP messages, we create | |
486 | + * one expected connection per message. | |
487 | + * | |
488 | + * We use these variables to mark the entire header block. This may seem | |
489 | + * like overkill, but the nature of RTSP requires it. A header may appear | |
490 | + * multiple times in a message. We must treat two Transport headers the | |
491 | + * same as one Transport header with two entries. | |
492 | + */ | |
493 | +struct ip_ct_rtsp_expect | |
494 | +{ | |
495 | + u_int32_t len; /* length of header block */ | |
496 | + portblock_t pbtype; /* Type of port block that was requested */ | |
497 | + u_int16_t loport; /* Port that was requested, low or first */ | |
498 | + u_int16_t hiport; /* Port that was requested, high or second */ | |
499 | +#if 0 | |
500 | + uint method; /* RTSP method */ | |
501 | + uint cseq; /* CSeq from request */ | |
502 | +#endif | |
503 | +}; | |
504 | + | |
505 | +/* This structure exists only once per master */ | |
506 | +struct ip_ct_rtsp_master | |
507 | +{ | |
508 | + /* Empty (?) */ | |
509 | +}; | |
510 | + | |
511 | + | |
512 | +#ifdef __KERNEL__ | |
513 | + | |
514 | +#include <linux/netfilter_ipv4/lockhelp.h> | |
515 | + | |
516 | +#define RTSP_PORT 554 | |
517 | + | |
518 | +/* Protects rtsp part of conntracks */ | |
519 | +DECLARE_LOCK_EXTERN(ip_rtsp_lock); | |
520 | + | |
521 | +#endif /* __KERNEL__ */ | |
522 | + | |
523 | +#endif /* _IP_CONNTRACK_RTSP_H */ | |
524 | diff -Nur --exclude '*.orig' linux-2.6.7.org/include/linux/netfilter_ipv4/ip_conntrack_sctp.h linux-2.6.7/include/linux/netfilter_ipv4/ip_conntrack_sctp.h | |
525 | --- linux-2.6.7.org/include/linux/netfilter_ipv4/ip_conntrack_sctp.h 1970-01-01 01:00:00.000000000 +0100 | |
526 | +++ linux-2.6.7/include/linux/netfilter_ipv4/ip_conntrack_sctp.h 2004-06-25 12:24:51.922134216 +0200 | |
527 | @@ -0,0 +1,25 @@ | |
528 | +#ifndef _IP_CONNTRACK_SCTP_H | |
529 | +#define _IP_CONNTRACK_SCTP_H | |
530 | +/* SCTP tracking. */ | |
531 | + | |
532 | +enum sctp_conntrack { | |
533 | + SCTP_CONNTRACK_NONE, | |
534 | + SCTP_CONNTRACK_CLOSED, | |
535 | + SCTP_CONNTRACK_COOKIE_WAIT, | |
536 | + SCTP_CONNTRACK_COOKIE_ECHOED, | |
537 | + SCTP_CONNTRACK_ESTABLISHED, | |
538 | + SCTP_CONNTRACK_SHUTDOWN_SENT, | |
539 | + SCTP_CONNTRACK_SHUTDOWN_RECD, | |
540 | + SCTP_CONNTRACK_SHUTDOWN_ACK_SENT, | |
541 | + SCTP_CONNTRACK_MAX | |
542 | +}; | |
543 | + | |
544 | +struct ip_ct_sctp | |
545 | +{ | |
546 | + enum sctp_conntrack state; | |
547 | + | |
548 | + u_int32_t vtag[IP_CT_DIR_MAX]; | |
549 | + u_int32_t ttag[IP_CT_DIR_MAX]; | |
550 | +}; | |
551 | + | |
552 | +#endif /* _IP_CONNTRACK_SCTP_H */ | |
553 | diff -Nur --exclude '*.orig' linux-2.6.7.org/include/linux/netfilter_ipv4/ip_conntrack_talk.h linux-2.6.7/include/linux/netfilter_ipv4/ip_conntrack_talk.h | |
554 | --- linux-2.6.7.org/include/linux/netfilter_ipv4/ip_conntrack_talk.h 1970-01-01 01:00:00.000000000 +0100 | |
555 | +++ linux-2.6.7/include/linux/netfilter_ipv4/ip_conntrack_talk.h 2004-06-25 12:28:43.647906544 +0200 | |
556 | @@ -0,0 +1,152 @@ | |
557 | +#ifndef _IP_CONNTRACK_TALK_H | |
558 | +#define _IP_CONNTRACK_TALK_H | |
559 | +/* TALK tracking. */ | |
560 | + | |
561 | +#ifdef __KERNEL__ | |
562 | +#include <linux/in.h> | |
563 | +#include <linux/netfilter_ipv4/lockhelp.h> | |
564 | + | |
565 | +/* Protects talk part of conntracks */ | |
566 | +DECLARE_LOCK_EXTERN(ip_talk_lock); | |
567 | +#endif | |
568 | + | |
569 | + | |
570 | +#define TALK_PORT 517 | |
571 | +#define NTALK_PORT 518 | |
572 | + | |
573 | +/* talk structures and constants from <protocols/talkd.h> */ | |
574 | + | |
575 | +/* | |
576 | + * 4.3BSD struct sockaddr | |
577 | + */ | |
578 | +struct talk_addr { | |
579 | + u_int16_t ta_family; | |
580 | + u_int16_t ta_port; | |
581 | + u_int32_t ta_addr; | |
582 | + u_int32_t ta_junk1; | |
583 | + u_int32_t ta_junk2; | |
584 | +}; | |
585 | + | |
586 | +#define TALK_OLD_NSIZE 9 | |
587 | +#define TALK_NSIZE 12 | |
588 | +#define TALK_TTY_NSIZE 16 | |
589 | + | |
590 | +/* | |
591 | + * Client->server request message formats. | |
592 | + */ | |
593 | +struct talk_msg { | |
594 | + u_char type; /* request type, see below */ | |
595 | + char l_name[TALK_OLD_NSIZE];/* caller's name */ | |
596 | + char r_name[TALK_OLD_NSIZE];/* callee's name */ | |
597 | + u_char pad; | |
598 | + u_int32_t id_num; /* message id */ | |
599 | + int32_t pid; /* caller's process id */ | |
600 | + char r_tty[TALK_TTY_NSIZE];/* callee's tty name */ | |
601 | + struct talk_addr addr; /* old (4.3) style */ | |
602 | + struct talk_addr ctl_addr; /* old (4.3) style */ | |
603 | +}; | |
604 | + | |
605 | +struct ntalk_msg { | |
606 | + u_char vers; /* protocol version */ | |
607 | + u_char type; /* request type, see below */ | |
608 | + u_char answer; /* not used */ | |
609 | + u_char pad; | |
610 | + u_int32_t id_num; /* message id */ | |
611 | + struct talk_addr addr; /* old (4.3) style */ | |
612 | + struct talk_addr ctl_addr; /* old (4.3) style */ | |
613 | + int32_t pid; /* caller's process id */ | |
614 | + char l_name[TALK_NSIZE];/* caller's name */ | |
615 | + char r_name[TALK_NSIZE];/* callee's name */ | |
616 | + char r_tty[TALK_TTY_NSIZE];/* callee's tty name */ | |
617 | +}; | |
618 | + | |
619 | +struct ntalk2_msg { | |
620 | + u_char vers; /* talk protocol version */ | |
621 | + u_char type; /* request type */ | |
622 | + u_char answer; /* */ | |
623 | + u_char extended; /* !0 if additional parts */ | |
624 | + u_int32_t id_num; /* message id number (dels) */ | |
625 | + struct talk_addr addr; /* target address */ | |
626 | + struct talk_addr ctl_addr; /* reply to address */ | |
627 | + int32_t pid; /* caller's process id */ | |
628 | + char l_name[TALK_NSIZE]; /* caller's name */ | |
629 | + char r_name[TALK_NSIZE]; /* callee's name */ | |
630 | + char r_tty[TALK_TTY_NSIZE]; /* callee's tty */ | |
631 | +}; | |
632 | + | |
633 | +/* | |
634 | + * Server->client response message formats. | |
635 | + */ | |
636 | +struct talk_response { | |
637 | + u_char type; /* type of request message, see below */ | |
638 | + u_char answer; /* response to request message, see below */ | |
639 | + u_char pad[2]; | |
640 | + u_int32_t id_num; /* message id */ | |
641 | + struct talk_addr addr; /* address for establishing conversation */ | |
642 | +}; | |
643 | + | |
644 | +struct ntalk_response { | |
645 | + u_char vers; /* protocol version */ | |
646 | + u_char type; /* type of request message, see below */ | |
647 | + u_char answer; /* response to request message, see below */ | |
648 | + u_char pad; | |
649 | + u_int32_t id_num; /* message id */ | |
650 | + struct talk_addr addr; /* address for establishing conversation */ | |
651 | +}; | |
652 | + | |
653 | +struct ntalk2_response { | |
654 | + u_char vers; /* protocol version */ | |
655 | + u_char type; /* type of request message */ | |
656 | + u_char answer; /* response to request */ | |
657 | + u_char rvers; /* Version of answering vers*/ | |
658 | + u_int32_t id_num; /* message id number */ | |
659 | + struct talk_addr addr; /* address for connection */ | |
660 | + /* This is at the end to compatiblize this with NTALK version. */ | |
661 | + char r_name[TALK_NSIZE]; /* callee's name */ | |
662 | +}; | |
663 | + | |
664 | +#define TALK_STR(data, talk_str, member) ((struct talk_str *)data)->member) | |
665 | +#define TALK_RESP(data, ver, member) (ver ? ((struct ntalk_response *)data)->member : ((struct talk_response *)data)->member) | |
666 | +#define TALK_MSG(data, ver, member) (ver ? ((struct ntalk_msg *)data)->member : ((struct talk_msg *)data)->member) | |
667 | + | |
668 | +#define TALK_VERSION 0 /* protocol versions */ | |
669 | +#define NTALK_VERSION 1 | |
670 | +#define NTALK2_VERSION 2 | |
671 | + | |
672 | +/* message type values */ | |
673 | +#define LEAVE_INVITE 0 /* leave invitation with server */ | |
674 | +#define LOOK_UP 1 /* check for invitation by callee */ | |
675 | +#define DELETE 2 /* delete invitation by caller */ | |
676 | +#define ANNOUNCE 3 /* announce invitation by caller */ | |
677 | +/* NTALK2 */ | |
678 | +#define REPLY_QUERY 4 /* request reply data from local daemon */ | |
679 | + | |
680 | +/* answer values */ | |
681 | +#define SUCCESS 0 /* operation completed properly */ | |
682 | +#define NOT_HERE 1 /* callee not logged in */ | |
683 | +#define FAILED 2 /* operation failed for unexplained reason */ | |
684 | +#define MACHINE_UNKNOWN 3 /* caller's machine name unknown */ | |
685 | +#define PERMISSION_DENIED 4 /* callee's tty doesn't permit announce */ | |
686 | +#define UNKNOWN_REQUEST 5 /* request has invalid type value */ | |
687 | +#define BADVERSION 6 /* request has invalid protocol version */ | |
688 | +#define BADADDR 7 /* request has invalid addr value */ | |
689 | +#define BADCTLADDR 8 /* request has invalid ctl_addr value */ | |
690 | +/* NTALK2 */ | |
691 | +#define NO_CALLER 9 /* no-one calling answer from REPLY */ | |
692 | +#define TRY_HERE 10 /* Not on this machine, try this */ | |
693 | +#define SELECTIVE_REFUSAL 11 /* User Filter refusal. */ | |
694 | +#define MAX_RESPONSE_TYPE 11 /* Make sure this is updated */ | |
695 | + | |
696 | +/* We don't really need much for talk */ | |
697 | +struct ip_ct_talk_expect | |
698 | +{ | |
699 | + /* Port that was to be used */ | |
700 | + u_int16_t port; | |
701 | +}; | |
702 | + | |
703 | +/* This structure exists only once per master */ | |
704 | +struct ip_ct_talk_master | |
705 | +{ | |
706 | +}; | |
707 | + | |
708 | +#endif /* _IP_CONNTRACK_TALK_H */ | |
709 | diff -Nur --exclude '*.orig' linux-2.6.7.org/include/linux/netfilter_ipv4/ip_conntrack_tuple.h linux-2.6.7/include/linux/netfilter_ipv4/ip_conntrack_tuple.h | |
710 | --- linux-2.6.7.org/include/linux/netfilter_ipv4/ip_conntrack_tuple.h 2004-06-16 07:19:43.000000000 +0200 | |
711 | +++ linux-2.6.7/include/linux/netfilter_ipv4/ip_conntrack_tuple.h 2004-06-25 12:24:52.000122360 +0200 | |
712 | @@ -25,6 +25,9 @@ | |
713 | struct { | |
714 | u_int16_t id; | |
715 | } icmp; | |
716 | + struct { | |
717 | + u_int16_t port; | |
718 | + } sctp; | |
719 | }; | |
720 | ||
721 | /* The manipulable part of the tuple. */ | |
722 | @@ -55,6 +58,9 @@ | |
723 | struct { | |
724 | u_int8_t type, code; | |
725 | } icmp; | |
726 | + struct { | |
727 | + u_int16_t port; | |
728 | + } sctp; | |
729 | } u; | |
730 | ||
731 | /* The protocol. */ | |
732 | diff -Nur --exclude '*.orig' linux-2.6.7.org/include/linux/netfilter_ipv4/ip_pool.h linux-2.6.7/include/linux/netfilter_ipv4/ip_pool.h | |
733 | --- linux-2.6.7.org/include/linux/netfilter_ipv4/ip_pool.h 1970-01-01 01:00:00.000000000 +0100 | |
734 | +++ linux-2.6.7/include/linux/netfilter_ipv4/ip_pool.h 2004-06-25 12:21:11.460649456 +0200 | |
735 | @@ -0,0 +1,64 @@ | |
736 | +#ifndef _IP_POOL_H | |
737 | +#define _IP_POOL_H | |
738 | + | |
739 | +/***************************************************************************/ | |
740 | +/* This program is free software; you can redistribute it and/or modify */ | |
741 | +/* it under the terms of the GNU General Public License as published by */ | |
742 | +/* the Free Software Foundation; either version 2 of the License, or */ | |
743 | +/* (at your option) any later version. */ | |
744 | +/* */ | |
745 | +/* This program is distributed in the hope that it will be useful, */ | |
746 | +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ | |
747 | +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */ | |
748 | +/* GNU General Public License for more details. */ | |
749 | +/* */ | |
750 | +/* You should have received a copy of the GNU General Public License */ | |
751 | +/* along with this program; if not, write to the Free Software */ | |
752 | +/* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA*/ | |
753 | +/***************************************************************************/ | |
754 | + | |
755 | +/* A sockopt of such quality has hardly ever been seen before on the open | |
756 | + * market! This little beauty, hardly ever used: above 64, so it's | |
757 | + * traditionally used for firewalling, not touched (even once!) by the | |
758 | + * 2.0, 2.2 and 2.4 kernels! | |
759 | + * | |
760 | + * Comes with its own certificate of authenticity, valid anywhere in the | |
761 | + * Free world! | |
762 | + * | |
763 | + * Rusty, 19.4.2000 | |
764 | + */ | |
765 | +#define SO_IP_POOL 81 | |
766 | + | |
767 | +typedef int ip_pool_t; /* pool index */ | |
768 | +#define IP_POOL_NONE ((ip_pool_t)-1) | |
769 | + | |
770 | +struct ip_pool_request { | |
771 | + int op; | |
772 | + ip_pool_t index; | |
773 | + u_int32_t addr; | |
774 | + u_int32_t addr2; | |
775 | +}; | |
776 | + | |
777 | +/* NOTE: I deliberately break the first cut ippool utility. Nobody uses it. */ | |
778 | + | |
779 | +#define IP_POOL_BAD001 0x00000010 | |
780 | + | |
781 | +#define IP_POOL_FLUSH 0x00000011 /* req.index, no arguments */ | |
782 | +#define IP_POOL_INIT 0x00000012 /* from addr to addr2 incl. */ | |
783 | +#define IP_POOL_DESTROY 0x00000013 /* req.index, no arguments */ | |
784 | +#define IP_POOL_ADD_ADDR 0x00000014 /* add addr to pool */ | |
785 | +#define IP_POOL_DEL_ADDR 0x00000015 /* del addr from pool */ | |
786 | +#define IP_POOL_HIGH_NR 0x00000016 /* result in req.index */ | |
787 | +#define IP_POOL_LOOKUP 0x00000017 /* result in addr and addr2 */ | |
788 | +#define IP_POOL_USAGE 0x00000018 /* result in addr */ | |
789 | +#define IP_POOL_TEST_ADDR 0x00000019 /* result (0/1) returned */ | |
790 | + | |
791 | +#ifdef __KERNEL__ | |
792 | + | |
793 | +/* NOTE: ip_pool_match() and ip_pool_mod() expect ADDR to be host byte order */ | |
794 | +extern int ip_pool_match(ip_pool_t pool, u_int32_t addr); | |
795 | +extern int ip_pool_mod(ip_pool_t pool, u_int32_t addr, int isdel); | |
796 | + | |
797 | +#endif | |
798 | + | |
799 | +#endif /*_IP_POOL_H*/ | |
800 | diff -Nur --exclude '*.orig' linux-2.6.7.org/include/linux/netfilter_ipv4/ipt_CONNMARK.h linux-2.6.7/include/linux/netfilter_ipv4/ipt_CONNMARK.h | |
801 | --- linux-2.6.7.org/include/linux/netfilter_ipv4/ipt_CONNMARK.h 1970-01-01 01:00:00.000000000 +0100 | |
802 | +++ linux-2.6.7/include/linux/netfilter_ipv4/ipt_CONNMARK.h 2004-06-25 12:21:25.479518264 +0200 | |
803 | @@ -0,0 +1,25 @@ | |
804 | +#ifndef _IPT_CONNMARK_H_target | |
805 | +#define _IPT_CONNMARK_H_target | |
806 | + | |
807 | +/* Copyright (C) 2002,2004 MARA Systems AB <http://www.marasystems.com> | |
808 | + * by Henrik Nordstrom <hno@marasystems.com> | |
809 | + * | |
810 | + * This program is free software; you can redistribute it and/or modify | |
811 | + * it under the terms of the GNU General Public License as published by | |
812 | + * the Free Software Foundation; either version 2 of the License, or | |
813 | + * (at your option) any later version. | |
814 | + */ | |
815 | + | |
816 | +enum { | |
817 | + IPT_CONNMARK_SET = 0, | |
818 | + IPT_CONNMARK_SAVE, | |
819 | + IPT_CONNMARK_RESTORE | |
820 | +}; | |
821 | + | |
822 | +struct ipt_connmark_target_info { | |
823 | + unsigned long mark; | |
824 | + unsigned long mask; | |
825 | + u_int8_t mode; | |
826 | +}; | |
827 | + | |
828 | +#endif /*_IPT_CONNMARK_H_target*/ | |
829 | diff -Nur --exclude '*.orig' linux-2.6.7.org/include/linux/netfilter_ipv4/ipt_IPMARK.h linux-2.6.7/include/linux/netfilter_ipv4/ipt_IPMARK.h | |
830 | --- linux-2.6.7.org/include/linux/netfilter_ipv4/ipt_IPMARK.h 1970-01-01 01:00:00.000000000 +0100 | |
831 | +++ linux-2.6.7/include/linux/netfilter_ipv4/ipt_IPMARK.h 2004-06-25 12:21:27.026283120 +0200 | |
832 | @@ -0,0 +1,13 @@ | |
833 | +#ifndef _IPT_IPMARK_H_target | |
834 | +#define _IPT_IPMARK_H_target | |
835 | + | |
836 | +struct ipt_ipmark_target_info { | |
837 | + unsigned long andmask; | |
838 | + unsigned long ormask; | |
839 | + unsigned int addr; | |
840 | +}; | |
841 | + | |
842 | +#define IPT_IPMARK_SRC 0 | |
843 | +#define IPT_IPMARK_DST 1 | |
844 | + | |
845 | +#endif /*_IPT_IPMARK_H_target*/ | |
846 | diff -Nur --exclude '*.orig' linux-2.6.7.org/include/linux/netfilter_ipv4/ipt_NETLINK.h linux-2.6.7/include/linux/netfilter_ipv4/ipt_NETLINK.h | |
847 | --- linux-2.6.7.org/include/linux/netfilter_ipv4/ipt_NETLINK.h 1970-01-01 01:00:00.000000000 +0100 | |
848 | +++ linux-2.6.7/include/linux/netfilter_ipv4/ipt_NETLINK.h 2004-06-25 12:21:06.895343488 +0200 | |
849 | @@ -0,0 +1,27 @@ | |
850 | +#ifndef _IPT_FWMON_H | |
851 | +#define _IPT_FWMON_H | |
852 | + | |
853 | +/* Bitmask macros */ | |
854 | +#define MASK(x,y) (x & y) | |
855 | +#define MASK_SET(x,y) x |= y | |
856 | +#define MASK_UNSET(x,y) x &= ~y | |
857 | + | |
858 | +#define USE_MARK 0x00000001 | |
859 | +#define USE_DROP 0x00000002 | |
860 | +#define USE_SIZE 0x00000004 | |
861 | + | |
862 | +struct ipt_nldata | |
863 | +{ | |
864 | + unsigned int flags; | |
865 | + unsigned int mark; | |
866 | + unsigned int size; | |
867 | +}; | |
868 | + | |
869 | +/* Old header */ | |
870 | +struct netlink_t { | |
871 | + unsigned int len; | |
872 | + unsigned int mark; | |
873 | + char iface[IFNAMSIZ]; | |
874 | +}; | |
875 | + | |
876 | +#endif /*_IPT_FWMON_H*/ | |
877 | diff -Nur --exclude '*.orig' linux-2.6.7.org/include/linux/netfilter_ipv4/ipt_ROUTE.h linux-2.6.7/include/linux/netfilter_ipv4/ipt_ROUTE.h | |
878 | --- linux-2.6.7.org/include/linux/netfilter_ipv4/ipt_ROUTE.h 1970-01-01 01:00:00.000000000 +0100 | |
879 | +++ linux-2.6.7/include/linux/netfilter_ipv4/ipt_ROUTE.h 2004-06-25 12:21:28.210103152 +0200 | |
880 | @@ -0,0 +1,22 @@ | |
881 | +/* Header file for iptables ipt_ROUTE target | |
882 | + * | |
883 |