[packages/kernel.git] / kernel-pom-ng-time.patch

diff -Nru linux-2.6.22/include/linux/netfilter_ipv4/ipt_time.h linux-2.6.22-pom2patch/include/linux/netfilter_ipv4/ipt_time.h
--- linux-2.6.22/include/linux/netfilter_ipv4/ipt_time.h	1970-01-01 01:00:00.000000000 +0100
+++ linux-2.6.22-pom2patch/include/linux/netfilter_ipv4/ipt_time.h	2007-08-07 18:40:04.000000000 +0200
@@ -0,0 +1,18 @@
+#ifndef __ipt_time_h_included__
+#define __ipt_time_h_included__
+
+
+struct ipt_time_info {
+	u_int8_t  days_match;   /* 1 bit per day. -SMTWTFS                      */
+	u_int16_t time_start;   /* 0 < time_start < 23*60+59 = 1439             */
+	u_int16_t time_stop;    /* 0:0 < time_stat < 23:59                      */
+
+				/* FIXME: Keep this one for userspace iptables binary compability: */
+	u_int8_t  kerneltime;   /* ignore skb time (and use kerneltime) or not. */
+
+	time_t    date_start;
+	time_t    date_stop;
+};
+
+
+#endif /* __ipt_time_h_included__ */
diff -Nru linux-2.6.22/net/ipv4/netfilter/ipt_time.c linux-2.6.22-pom2patch/net/ipv4/netfilter/ipt_time.c
--- linux-2.6.22/net/ipv4/netfilter/ipt_time.c	1970-01-01 01:00:00.000000000 +0100
+++ linux-2.6.22-pom2patch/net/ipv4/netfilter/ipt_time.c	2007-08-07 18:40:04.000000000 +0200
@@ -0,0 +1,229 @@
+/*
+  This is a module which is used for time matching
+  It is using some modified code from dietlibc (localtime() function)
+  that you can find at http://www.fefe.de/dietlibc/
+  This file is distributed under the terms of the GNU General Public
+  License (GPL). Copies of the GPL can be obtained from: ftp://prep.ai.mit.edu/pub/gnu/GPL
+  2001-05-04 Fabrice MARIE <fabrice@netfilter.org> : initial development.
+  2001-21-05 Fabrice MARIE <fabrice@netfilter.org> : bug fix in the match code,
+     thanks to "Zeng Yu" <zengy@capitel.com.cn> for bug report.
+  2001-26-09 Fabrice MARIE <fabrice@netfilter.org> : force the match to be in LOCAL_IN or PRE_ROUTING only.
+  2001-30-11 Fabrice : added the possibility to use the match in FORWARD/OUTPUT with a little hack,
+     added Nguyen Dang Phuoc Dong <dongnd@tlnet.com.vn> patch to support timezones.
+  2004-05-02 Fabrice : added support for date matching, from an idea of Fabien COELHO.
+*/
+
+#include <linux/module.h>
+#include <linux/skbuff.h>
+#include <linux/version.h>
+#include <linux/netfilter_ipv4/ip_tables.h>
+#include <linux/netfilter_ipv4/ipt_time.h>
+#include <linux/time.h>
+
+MODULE_AUTHOR("Fabrice MARIE <fabrice@netfilter.org>");
+MODULE_DESCRIPTION("Match arrival timestamp/date");
+MODULE_LICENSE("GPL");
+
+struct tm
+{
+	int tm_sec;                   /* Seconds.     [0-60] (1 leap second) */
+	int tm_min;                   /* Minutes.     [0-59] */
+	int tm_hour;                  /* Hours.       [0-23] */
+	int tm_mday;                  /* Day.         [1-31] */
+	int tm_mon;                   /* Month.       [0-11] */
+	int tm_year;                  /* Year - 1900.  */
+	int tm_wday;                  /* Day of week. [0-6] */
+	int tm_yday;                  /* Days in year.[0-365] */
+	int tm_isdst;                 /* DST.         [-1/0/1]*/
+
+	long int tm_gmtoff;           /* we don't care, we count from GMT */
+	const char *tm_zone;          /* we don't care, we count from GMT */
+};
+
+void
+localtime(const u32 time, struct tm *r);
+
+static int
+match(const struct sk_buff *skb,
+      const struct net_device *in,
+      const struct net_device *out,
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17)
+      const struct xt_match *match,
+#endif
+      const void *matchinfo,
+      int offset,
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,16)
+      unsigned int protoff,
+#endif
+      int *hotdrop)
+{
+	const struct ipt_time_info *info = matchinfo;   /* match info for rule */
+	struct tm currenttime;                          /* time human readable */
+	u_int8_t days_of_week[7] = {64, 32, 16, 8, 4, 2, 1};
+	u_int16_t packet_time;
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22)
+	struct timeval tv;
+#endif
+
+	/* We might not have a timestamp, get one */
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22)
+	if (skb->tstamp.tv64 == 0)
+#else
+	if (skb->tstamp.off_sec == 0)
+#endif
+		__net_timestamp((struct sk_buff *)skb);
+
+	/* First we make sure we are in the date start-stop boundaries */
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22)
+	tv = ktime_to_timeval(skb->tstamp);
+	if ((tv.tv_sec < info->date_start) || (tv.tv_sec > info->date_stop))
+#else
+	if ((skb->tstamp.off_sec < info->date_start) || (skb->tstamp.off_sec > info->date_stop))
+#endif
+		return 0; /* We are outside the date boundaries */
+
+	/* Transform the timestamp of the packet, in a human readable form */
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22)
+	localtime(tv.tv_sec, &currenttime);
+#else
+	localtime(skb->tstamp.off_sec, &currenttime);
+#endif
+
+
+	/* check if we match this timestamp, we start by the days... */
+	if ((days_of_week[currenttime.tm_wday] & info->days_match) != days_of_week[currenttime.tm_wday])
+		return 0; /* the day doesn't match */
+
+	/* ... check the time now, both vesions: "start < stop" and "start > stop" (midnight cross) */
+	packet_time = (currenttime.tm_hour * 60) + currenttime.tm_min;
+	if (info->time_start < info->time_stop) {
+		if ((packet_time < info->time_start) || (packet_time > info->time_stop))
+			return 0;
+	} else {
+		if ((packet_time < info->time_start) && (packet_time > info->time_stop))
+			return 0;
+	}
+
+	/* here we match ! */
+	return 1;
+}
+
+static int
+checkentry(const char *tablename,
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,16)
+           const void *ip,
+#else
+           const struct ipt_ip *ip,
+#endif
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17)
+            const struct xt_match *match,
+#endif
+           void *matchinfo,
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19)
+           unsigned int matchsize,
+#endif
+           unsigned int hook_mask)
+{
+	struct ipt_time_info *info = matchinfo;   /* match info for rule */
+
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17)
+	/* Check the size */
+	if (matchsize != IPT_ALIGN(sizeof(struct ipt_time_info)))
+		return 0;
+#endif
+
+	/* Now check the coherence of the data ... */
+	if ((info->time_start > 1439) ||        /* 23*60+59 = 1439*/
+	    (info->time_stop  > 1439))
+	{
+		printk(KERN_WARNING "ipt_time: invalid argument - start or stop time greater than 23:59h\n");
+		return 0;
+	}
+
+	return 1;
+}
+
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,21)
+static struct xt_match time_match = {
+#else
+static struct ipt_match time_match = {
+#endif
+	.name		= "time",
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,21)
+	.family		= AF_INET,
+#endif
+	.match		= &match,
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17)
+	.matchsize      = sizeof(struct ipt_time_info),
+#endif
+	.checkentry	= &checkentry,
+	.me = THIS_MODULE
+};
+
+static int __init init(void)
+{
+	printk("ipt_time loading\n");
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,21)
+	return xt_register_match(&time_match);
+#else
+	return ipt_register_match(&time_match);
+#endif
+}
+
+static void __exit fini(void)
+{
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,21)
+	xt_unregister_match(&time_match);
+#else
+	ipt_unregister_match(&time_match);
+#endif
+	printk("ipt_time unloaded\n");
+}
+
+module_init(init);
+module_exit(fini);
+
+
+/* The part below is borowed and modified from dietlibc */
+
+/* seconds per day */
+#define SPD 24*60*60
+
+void
+localtime(const u32 time, struct tm *r) {
+	u32 i, timep;
+	extern struct timezone sys_tz;
+	const unsigned int __spm[12] =
+		{ 0,
+		  (31),
+		  (31+28),
+		  (31+28+31),
+		  (31+28+31+30),
+		  (31+28+31+30+31),
+		  (31+28+31+30+31+30),
+		  (31+28+31+30+31+30+31),
+		  (31+28+31+30+31+30+31+31),
+		  (31+28+31+30+31+30+31+31+30),
+		  (31+28+31+30+31+30+31+31+30+31),
+		  (31+28+31+30+31+30+31+31+30+31+30),
+		};
+	register u32 work;
+
+	timep = time - (sys_tz.tz_minuteswest * 60);
+	work=timep%(SPD);
+	r->tm_sec=work%60; work/=60;
+	r->tm_min=work%60; r->tm_hour=work/60;
+	work=timep/(SPD);
+	r->tm_wday=(4+work)%7;
+	for (i=1970; ; ++i) {
+		register time_t k= (!(i%4) && ((i%100) || !(i%400)))?366:365;
+		if (work>k)
+			work-=k;
+		else
+			break;
+	}
+	r->tm_year=i-1900;
+	for (i=11; i && __spm[i]>work; --i) ;
+	r->tm_mon=i;
+	r->tm_mday=work-__spm[i]+1;
+}
diff -Nru linux-2.6.22/net/ipv4/netfilter/Kconfig linux-2.6.22-pom2patch/net/ipv4/netfilter/Kconfig
--- linux-2.6.22/net/ipv4/netfilter/Kconfig	2007-07-09 01:32:17.000000000 +0200
+++ linux-2.6.22-pom2patch/net/ipv4/netfilter/Kconfig	2007-08-07 18:40:04.000000000 +0200
@@ -402,5 +402,19 @@
 	  Allows altering the ARP packet payload: source and destination
 	  hardware and network addresses.
 
+config IP_NF_MATCH_TIME
+	tristate  'TIME match support'
+	depends on IP_NF_IPTABLES
+	help
+	  This option adds a `time' match, which allows you
+	  to match based on the packet arrival time/date
+	  (arrival time/date at the machine which netfilter is running on) or
+	  departure time/date (for locally generated packets).
+	
+	  If you say Y here, try iptables -m time --help for more information.
+	 
+	  If you want to compile it as a module, say M here and read
+	  Documentation/modules.txt.  If unsure, say `N'.
+
 endmenu
 
diff -Nru linux-2.6.22/net/ipv4/netfilter/Makefile linux-2.6.22-pom2patch/net/ipv4/netfilter/Makefile
--- linux-2.6.22/net/ipv4/netfilter/Makefile	2007-07-09 01:32:17.000000000 +0200
+++ linux-2.6.22-pom2patch/net/ipv4/netfilter/Makefile	2007-08-07 18:40:04.000000000 +0200
@@ -44,6 +44,7 @@
 obj-$(CONFIG_IP_NF_MATCH_IPV4OPTIONS) += ipt_ipv4options.o
 obj-$(CONFIG_IP_NF_MATCH_CONNLIMIT) += ipt_connlimit.o
 obj-$(CONFIG_IP_NF_MATCH_IPP2P) += ipt_ipp2p.o
+obj-$(CONFIG_IP_NF_MATCH_TIME) += ipt_time.o
 
 obj-$(CONFIG_IP_NF_MATCH_RECENT) += ipt_recent.o
 obj-$(CONFIG_IP_NF_MATCH_GEOIP) += ipt_geoip.o
Commit	Line	Data
7f651772	1	diff -Nru linux-2.6.22/include/linux/netfilter_ipv4/ipt_time.h linux-2.6.22-pom2patch/include/linux/netfilter_ipv4/ipt_time.h
	2	--- linux-2.6.22/include/linux/netfilter_ipv4/ipt_time.h 1970-01-01 01:00:00.000000000 +0100
	3	+++ linux-2.6.22-pom2patch/include/linux/netfilter_ipv4/ipt_time.h 2007-08-07 18:40:04.000000000 +0200
	4	@@ -0,0 +1,18 @@
	5	+#ifndef __ipt_time_h_included__
	6	+#define __ipt_time_h_included__
	7	+
	8	+
	9	+struct ipt_time_info {
	10	+ u_int8_t days_match; /* 1 bit per day. -SMTWTFS */
	11	+ u_int16_t time_start; /* 0 < time_start < 2360+59 = 1439 /
	12	+ u_int16_t time_stop; /* 0:0 < time_stat < 23:59 */
	13	+
	14	+ /* FIXME: Keep this one for userspace iptables binary compability: */
	15	+ u_int8_t kerneltime; /* ignore skb time (and use kerneltime) or not. */
	16	+
	17	+ time_t date_start;
	18	+ time_t date_stop;
	19	+};
	20	+
	21	+
	22	+#endif /* __ipt_time_h_included__ */
	23	diff -Nru linux-2.6.22/net/ipv4/netfilter/ipt_time.c linux-2.6.22-pom2patch/net/ipv4/netfilter/ipt_time.c
	24	--- linux-2.6.22/net/ipv4/netfilter/ipt_time.c 1970-01-01 01:00:00.000000000 +0100
	25	+++ linux-2.6.22-pom2patch/net/ipv4/netfilter/ipt_time.c 2007-08-07 18:40:04.000000000 +0200
	26	@@ -0,0 +1,229 @@
	27	+/*
	28	+ This is a module which is used for time matching
	29	+ It is using some modified code from dietlibc (localtime() function)
	30	+ that you can find at http://www.fefe.de/dietlibc/
	31	+ This file is distributed under the terms of the GNU General Public
	32	+ License (GPL). Copies of the GPL can be obtained from: ftp://prep.ai.mit.edu/pub/gnu/GPL
	33	+ 2001-05-04 Fabrice MARIE <fabrice@netfilter.org> : initial development.
	34	+ 2001-21-05 Fabrice MARIE <fabrice@netfilter.org> : bug fix in the match code,
	35	+ thanks to "Zeng Yu" <zengy@capitel.com.cn> for bug report.
	36	+ 2001-26-09 Fabrice MARIE <fabrice@netfilter.org> : force the match to be in LOCAL_IN or PRE_ROUTING only.
	37	+ 2001-30-11 Fabrice : added the possibility to use the match in FORWARD/OUTPUT with a little hack,
	38	+ added Nguyen Dang Phuoc Dong <dongnd@tlnet.com.vn> patch to support timezones.
	39	+ 2004-05-02 Fabrice : added support for date matching, from an idea of Fabien COELHO.
	40	+*/
	41	+
	42	+#include <linux/module.h>
	43	+#include <linux/skbuff.h>
	44	+#include <linux/version.h>
	45	+#include <linux/netfilter_ipv4/ip_tables.h>
	46	+#include <linux/netfilter_ipv4/ipt_time.h>
	47	+#include <linux/time.h>
	48	+
	49	+MODULE_AUTHOR("Fabrice MARIE <fabrice@netfilter.org>");
	50	+MODULE_DESCRIPTION("Match arrival timestamp/date");
	51	+MODULE_LICENSE("GPL");
	52	+
	53	+struct tm
	54	+{
	55	+ int tm_sec; /* Seconds. [0-60] (1 leap second) */
	56	+ int tm_min; /* Minutes. [0-59] */
	57	+ int tm_hour; /* Hours. [0-23] */
	58	+ int tm_mday; /* Day. [1-31] */
	59	+ int tm_mon; /* Month. [0-11] */
	60	+ int tm_year; /* Year - 1900. */
	61	+ int tm_wday; /* Day of week. [0-6] */
	62	+ int tm_yday; /* Days in year.[0-365] */
	63	+ int tm_isdst; /* DST. [-1/0/1]*/
	64	+
65	+ long int tm_gmtoff; /* we don't care, we count from GMT */
66	+ const char tm_zone; / we don't care, we count from GMT */
67	+};
68	+
69	+void
70	+localtime(const u32 time, struct tm *r);
71	+
72	+static int
73	+match(const struct sk_buff *skb,
74	+ const struct net_device *in,
75	+ const struct net_device *out,
76	+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17)
77	+ const struct xt_match *match,
78	+#endif
79	+ const void *matchinfo,
80	+ int offset,
81	+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,16)
82	+ unsigned int protoff,
83	+#endif
84	+ int *hotdrop)
85	+{
86	+ const struct ipt_time_info info = matchinfo; / match info for rule */
87	+ struct tm currenttime; /* time human readable */
88	+ u_int8_t days_of_week[7] = {64, 32, 16, 8, 4, 2, 1};
89	+ u_int16_t packet_time;
90	+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22)
91	+ struct timeval tv;
92	+#endif
93	+
94	+ /* We might not have a timestamp, get one */
95	+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22)
96	+ if (skb->tstamp.tv64 == 0)
97	+#else
98	+ if (skb->tstamp.off_sec == 0)
99	+#endif
100	+ __net_timestamp((struct sk_buff *)skb);
101	+
102	+ /* First we make sure we are in the date start-stop boundaries */
103	+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22)
104	+ tv = ktime_to_timeval(skb->tstamp);
105	+ if ((tv.tv_sec < info->date_start) \|\| (tv.tv_sec > info->date_stop))
106	+#else
107	+ if ((skb->tstamp.off_sec < info->date_start) \|\| (skb->tstamp.off_sec > info->date_stop))
108	+#endif
109	+ return 0; /* We are outside the date boundaries */
110	+
111	+ /* Transform the timestamp of the packet, in a human readable form */
112	+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22)
113	+ localtime(tv.tv_sec, &currenttime);
114	+#else
115	+ localtime(skb->tstamp.off_sec, &currenttime);
116	+#endif
117	+
118	+
119	+ /* check if we match this timestamp, we start by the days... */
120	+ if ((days_of_week[currenttime.tm_wday] & info->days_match) != days_of_week[currenttime.tm_wday])
121	+ return 0; /* the day doesn't match */
122	+
123	+ /* ... check the time now, both vesions: "start < stop" and "start > stop" (midnight cross) */
124	+ packet_time = (currenttime.tm_hour * 60) + currenttime.tm_min;
125	+ if (info->time_start < info->time_stop) {
126	+ if ((packet_time < info->time_start) \|\| (packet_time > info->time_stop))
127	+ return 0;
128	+ } else {
129	+ if ((packet_time < info->time_start) && (packet_time > info->time_stop))
130	+ return 0;
131	+ }
132	+
133	+ /* here we match ! */
134	+ return 1;
135	+}
136	+
137	+static int
138	+checkentry(const char *tablename,
139	+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,16)
140	+ const void *ip,
141	+#else
142	+ const struct ipt_ip *ip,
143	+#endif
144	+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17)
145	+ const struct xt_match *match,
146	+#endif
147	+ void *matchinfo,
148	+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19)
149	+ unsigned int matchsize,
150	+#endif
151	+ unsigned int hook_mask)
152	+{
153	+ struct ipt_time_info info = matchinfo; / match info for rule */
154	+
155	+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17)
156	+ /* Check the size */
157	+ if (matchsize != IPT_ALIGN(sizeof(struct ipt_time_info)))
158	+ return 0;
159	+#endif
160	+
161	+ /* Now check the coherence of the data ... */
162	+ if ((info->time_start > 1439) \|\| /* 2360+59 = 1439/
163	+ (info->time_stop > 1439))
164	+ {
165	+ printk(KERN_WARNING "ipt_time: invalid argument - start or stop time greater than 23:59h\n");
166	+ return 0;
167	+ }
168	+
169	+ return 1;
170	+}
171	+
172	+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,21)
173	+static struct xt_match time_match = {
174	+#else
175	+static struct ipt_match time_match = {
176	+#endif
177	+ .name = "time",
178	+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,21)
179	+ .family = AF_INET,
180	+#endif
181	+ .match = &match,
182	+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17)
183	+ .matchsize = sizeof(struct ipt_time_info),
184	+#endif
185	+ .checkentry = &checkentry,
186	+ .me = THIS_MODULE
187	+};
188	+
189	+static int __init init(void)
190	+{
191	+ printk("ipt_time loading\n");
192	+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,21)
193	+ return xt_register_match(&time_match);
194	+#else
195	+ return ipt_register_match(&time_match);
196	+#endif
197	+}
198	+
199	+static void __exit fini(void)
200	+{
201	+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,21)
202	+ xt_unregister_match(&time_match);
203	+#else
204	+ ipt_unregister_match(&time_match);
205	+#endif
206	+ printk("ipt_time unloaded\n");
207	+}
208	+
209	+module_init(init);
210	+module_exit(fini);
211	+
212	+
213	+/* The part below is borowed and modified from dietlibc */
214	+
215	+/* seconds per day */
216	+#define SPD 246060
217	+
218	+void
219	+localtime(const u32 time, struct tm *r) {
220	+ u32 i, timep;
221	+ extern struct timezone sys_tz;
222	+ const unsigned int __spm[12] =
223	+ { 0,
224	+ (31),
225	+ (31+28),
226	+ (31+28+31),
227	+ (31+28+31+30),
228	+ (31+28+31+30+31),
229	+ (31+28+31+30+31+30),
230	+ (31+28+31+30+31+30+31),
231	+ (31+28+31+30+31+30+31+31),
232	+ (31+28+31+30+31+30+31+31+30),
233	+ (31+28+31+30+31+30+31+31+30+31),
234	+ (31+28+31+30+31+30+31+31+30+31+30),
235	+ };
236	+ register u32 work;
237	+
238	+ timep = time - (sys_tz.tz_minuteswest * 60);
239	+ work=timep%(SPD);
240	+ r->tm_sec=work%60; work/=60;
241	+ r->tm_min=work%60; r->tm_hour=work/60;
242	+ work=timep/(SPD);
243	+ r->tm_wday=(4+work)%7;
244	+ for (i=1970; ; ++i) {
245	+ register time_t k= (!(i%4) && ((i%100) \|\| !(i%400)))?366:365;
246	+ if (work>k)
247	+ work-=k;
248	+ else
249	+ break;
250	+ }
251	+ r->tm_year=i-1900;
252	+ for (i=11; i && __spm[i]>work; --i) ;
253	+ r->tm_mon=i;
254	+ r->tm_mday=work-__spm[i]+1;
255	+}
256	diff -Nru linux-2.6.22/net/ipv4/netfilter/Kconfig linux-2.6.22-pom2patch/net/ipv4/netfilter/Kconfig
257	--- linux-2.6.22/net/ipv4/netfilter/Kconfig 2007-07-09 01:32:17.000000000 +0200
258	+++ linux-2.6.22-pom2patch/net/ipv4/netfilter/Kconfig 2007-08-07 18:40:04.000000000 +0200
259	@@ -402,5 +402,19 @@
260	Allows altering the ARP packet payload: source and destination
261	hardware and network addresses.
262
263	+config IP_NF_MATCH_TIME
264	+ tristate 'TIME match support'
265	+ depends on IP_NF_IPTABLES
266	+ help
267	+ This option adds a `time' match, which allows you
268	+ to match based on the packet arrival time/date
269	+ (arrival time/date at the machine which netfilter is running on) or
270	+ departure time/date (for locally generated packets).
271	+
272	+ If you say Y here, try iptables -m time --help for more information.
273	+
274	+ If you want to compile it as a module, say M here and read
275	+ Documentation/modules.txt. If unsure, say `N'.
276	+
277	endmenu
278
279	diff -Nru linux-2.6.22/net/ipv4/netfilter/Makefile linux-2.6.22-pom2patch/net/ipv4/netfilter/Makefile
280	--- linux-2.6.22/net/ipv4/netfilter/Makefile 2007-07-09 01:32:17.000000000 +0200
281	+++ linux-2.6.22-pom2patch/net/ipv4/netfilter/Makefile 2007-08-07 18:40:04.000000000 +0200
282	@@ -44,6 +44,7 @@
283	obj-$(CONFIG_IP_NF_MATCH_IPV4OPTIONS) += ipt_ipv4options.o
284	obj-$(CONFIG_IP_NF_MATCH_CONNLIMIT) += ipt_connlimit.o
285	obj-$(CONFIG_IP_NF_MATCH_IPP2P) += ipt_ipp2p.o
286	+obj-$(CONFIG_IP_NF_MATCH_TIME) += ipt_time.o
287
288	obj-$(CONFIG_IP_NF_MATCH_RECENT) += ipt_recent.o
289	obj-$(CONFIG_IP_NF_MATCH_GEOIP) += ipt_geoip.o