- updated.

[packages/linux-libc-headers.git] / linux-libc-headers-netfilter.patch

diff -uNr linux-libc-headers-2.6.7.0.orig/include/linux/netfilter_ipv4/ip_conntrack.h linux-libc-headers-2.6.7.0/include/linux/netfilter_ipv4/ip_conntrack.h
--- linux-libc-headers-2.6.7.0.orig/include/linux/netfilter_ipv4/ip_conntrack.h	2004-01-18 00:04:34.000000000 +0100
+++ linux-libc-headers-2.6.7.0/include/linux/netfilter_ipv4/ip_conntrack.h	2004-07-03 22:43:07.851479552 +0200
@@ -49,10 +49,12 @@
 
 #include <linux/netfilter_ipv4/ip_conntrack_tcp.h>
 #include <linux/netfilter_ipv4/ip_conntrack_icmp.h>
+#include <linux/netfilter_ipv4/ip_conntrack_sctp.h>
 
 /* per conntrack: protocol private data */
 union ip_conntrack_proto {
 	/* insert conntrack proto private data here */
+	struct ip_ct_sctp sctp;
 	struct ip_ct_tcp tcp;
 	struct ip_ct_icmp icmp;
 };
diff -uNr linux-libc-headers-2.6.7.0.orig/include/linux/netfilter_ipv4/ip_conntrack_sctp.h linux-libc-headers-2.6.7.0/include/linux/netfilter_ipv4/ip_conntrack_sctp.h
--- linux-libc-headers-2.6.7.0.orig/include/linux/netfilter_ipv4/ip_conntrack_sctp.h	1970-01-01 01:00:00.000000000 +0100
+++ linux-libc-headers-2.6.7.0/include/linux/netfilter_ipv4/ip_conntrack_sctp.h	2004-07-03 16:57:41.000000000 +0200
@@ -0,0 +1,25 @@
+#ifndef _IP_CONNTRACK_SCTP_H
+#define _IP_CONNTRACK_SCTP_H
+/* SCTP tracking. */
+
+enum sctp_conntrack {
+	SCTP_CONNTRACK_NONE,
+	SCTP_CONNTRACK_CLOSED,
+	SCTP_CONNTRACK_COOKIE_WAIT,
+	SCTP_CONNTRACK_COOKIE_ECHOED,
+	SCTP_CONNTRACK_ESTABLISHED,
+	SCTP_CONNTRACK_SHUTDOWN_SENT,
+	SCTP_CONNTRACK_SHUTDOWN_RECD,
+	SCTP_CONNTRACK_SHUTDOWN_ACK_SENT,
+	SCTP_CONNTRACK_MAX
+};
+
+struct ip_ct_sctp
+{
+	enum sctp_conntrack state;
+
+	u_int32_t vtag[IP_CT_DIR_MAX];
+	u_int32_t ttag[IP_CT_DIR_MAX];
+};
+
+#endif /* _IP_CONNTRACK_SCTP_H */
diff -uNr linux-libc-headers-2.6.7.0.orig/include/linux/netfilter_ipv4/ip_conntrack_tuple.h linux-libc-headers-2.6.7.0/include/linux/netfilter_ipv4/ip_conntrack_tuple.h
--- linux-libc-headers-2.6.7.0.orig/include/linux/netfilter_ipv4/ip_conntrack_tuple.h	2004-01-05 19:42:34.000000000 +0100
+++ linux-libc-headers-2.6.7.0/include/linux/netfilter_ipv4/ip_conntrack_tuple.h	2004-07-03 22:36:24.788754400 +0200
@@ -25,6 +25,9 @@
 	struct {
 		u_int16_t id;
 	} icmp;
+	struct {
+		u_int16_t port;
+	} sctp;
 };
 
 /* The manipulable part of the tuple. */
@@ -55,6 +58,9 @@
 			struct {
 				u_int8_t type, code;
 			} icmp;
+			struct {
+				u_int16_t port;
+			} sctp;
 		} u;
 
 		/* The protocol. */
diff -uNr linux-libc-headers-2.6.7.0.orig/include/linux/netfilter_ipv4/ip_logging.h linux-libc-headers-2.6.7.0/include/linux/netfilter_ipv4/ip_logging.h
--- linux-libc-headers-2.6.7.0.orig/include/linux/netfilter_ipv4/ip_logging.h	1970-01-01 01:00:00.000000000 +0100
+++ linux-libc-headers-2.6.7.0/include/linux/netfilter_ipv4/ip_logging.h	2004-07-03 22:37:10.810757992 +0200
@@ -0,0 +1,5 @@
+/* IPv4 macros for the internal logging interface. */
+#ifndef __IP_LOGGING_H
+#define __IP_LOGGING_H
+
+#endif /*__IP_LOGGING_H*/
diff -uNr linux-libc-headers-2.6.7.0.orig/include/linux/netfilter_ipv4/ip_queue.h linux-libc-headers-2.6.7.0/include/linux/netfilter_ipv4/ip_queue.h
--- linux-libc-headers-2.6.7.0.orig/include/linux/netfilter_ipv4/ip_queue.h	2004-06-09 14:00:52.000000000 +0200
+++ linux-libc-headers-2.6.7.0/include/linux/netfilter_ipv4/ip_queue.h	2004-07-03 22:37:35.223046760 +0200
@@ -7,7 +7,7 @@
 #ifndef _IP_QUEUE_H
 #define _IP_QUEUE_H
 
-#include <linux/if.h>
+#include <net/if.h>
 
 /* Messages sent from kernel */
 typedef struct ipq_packet_msg {
@@ -39,10 +39,20 @@
 	unsigned char payload[0];	/* Optional replacement packet */
 } ipq_verdict_msg_t;
 
+typedef struct ipq_vwmark_msg {
+	unsigned int value;		/* Verdict to hand to netfilter */
+	unsigned long id;		/* Packet ID for this verdict */
+	size_t data_len;		/* Length of replacement data */
+	unsigned char payload[0];	/* Optional replacement packet */
+	unsigned long nfmark;		/* Mark for the Packet */
+} ipq_vwmark_msg_t;
+
+
 typedef struct ipq_peer_msg {
 	union {
 		ipq_verdict_msg_t verdict;
 		ipq_mode_msg_t mode;
+                ipq_vwmark_msg_t vwmark;
 	} msg;
 } ipq_peer_msg_t;
 
@@ -59,6 +69,7 @@
 #define IPQM_MODE	(IPQM_BASE + 1)		/* Mode request from peer */
 #define IPQM_VERDICT	(IPQM_BASE + 2)		/* Verdict from peer */ 
 #define IPQM_PACKET	(IPQM_BASE + 3)		/* Packet from kernel */
-#define IPQM_MAX	(IPQM_BASE + 4)
+#define IPQM_VWMARK	(IPQM_BASE + 4)		/* Verdict and mark from peer */
+#define IPQM_MAX	(IPQM_BASE + 5)
 
 #endif /*_IP_QUEUE_H*/
diff -uNr linux-libc-headers-2.6.7.0.orig/include/linux/netfilter_ipv4/ipt_addrtype.h linux-libc-headers-2.6.7.0/include/linux/netfilter_ipv4/ipt_addrtype.h
--- linux-libc-headers-2.6.7.0.orig/include/linux/netfilter_ipv4/ipt_addrtype.h	1970-01-01 01:00:00.000000000 +0100
+++ linux-libc-headers-2.6.7.0/include/linux/netfilter_ipv4/ipt_addrtype.h	2004-07-03 16:56:45.000000000 +0200
@@ -0,0 +1,11 @@
+#ifndef _IPT_ADDRTYPE_H
+#define _IPT_ADDRTYPE_H
+
+struct ipt_addrtype_info {
+	u_int16_t	source;		/* source-type mask */
+	u_int16_t	dest;		/* dest-type mask */
+	u_int32_t	invert_source;
+	u_int32_t	invert_dest;
+};
+
+#endif
diff -uNr linux-libc-headers-2.6.7.0.orig/include/linux/netfilter_ipv4/ipt_connlimit.h linux-libc-headers-2.6.7.0/include/linux/netfilter_ipv4/ipt_connlimit.h
--- linux-libc-headers-2.6.7.0.orig/include/linux/netfilter_ipv4/ipt_connlimit.h	1970-01-01 01:00:00.000000000 +0100
+++ linux-libc-headers-2.6.7.0/include/linux/netfilter_ipv4/ipt_connlimit.h	2004-07-03 16:57:41.000000000 +0200
@@ -0,0 +1,12 @@
+#ifndef _IPT_CONNLIMIT_H
+#define _IPT_CONNLIMIT_H
+
+struct ipt_connlimit_data;
+
+struct ipt_connlimit_info {
+	int limit;
+	int inverse;
+	u_int32_t mask;
+	struct ipt_connlimit_data *data;
+};
+#endif /* _IPT_CONNLIMIT_H */
diff -uNr linux-libc-headers-2.6.7.0.orig/include/linux/netfilter_ipv4/ipt_connmark.h linux-libc-headers-2.6.7.0/include/linux/netfilter_ipv4/ipt_connmark.h
--- linux-libc-headers-2.6.7.0.orig/include/linux/netfilter_ipv4/ipt_connmark.h	1970-01-01 01:00:00.000000000 +0100
+++ linux-libc-headers-2.6.7.0/include/linux/netfilter_ipv4/ipt_connmark.h	2004-07-03 16:57:41.000000000 +0200
@@ -0,0 +1,18 @@
+#ifndef _IPT_CONNMARK_H
+#define _IPT_CONNMARK_H
+
+/* Copyright (C) 2002,2004 MARA Systems AB <http://www.marasystems.com>
+ * by Henrik Nordstrom <hno@marasystems.com>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ */
+
+struct ipt_connmark_info {
+	unsigned long mark, mask;
+	u_int8_t invert;
+};
+
+#endif /*_IPT_CONNMARK_H*/
diff -uNr linux-libc-headers-2.6.7.0.orig/include/linux/netfilter_ipv4/ipt_CONNMARK.h linux-libc-headers-2.6.7.0/include/linux/netfilter_ipv4/ipt_CONNMARK.h
--- linux-libc-headers-2.6.7.0.orig/include/linux/netfilter_ipv4/ipt_CONNMARK.h	1970-01-01 01:00:00.000000000 +0100
+++ linux-libc-headers-2.6.7.0/include/linux/netfilter_ipv4/ipt_CONNMARK.h	2004-07-03 16:57:41.000000000 +0200
@@ -0,0 +1,25 @@
+#ifndef _IPT_CONNMARK_H_target
+#define _IPT_CONNMARK_H_target
+
+/* Copyright (C) 2002,2004 MARA Systems AB <http://www.marasystems.com>
+ * by Henrik Nordstrom <hno@marasystems.com>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ */
+
+enum {
+	IPT_CONNMARK_SET = 0,
+	IPT_CONNMARK_SAVE,
+	IPT_CONNMARK_RESTORE
+};
+
+struct ipt_connmark_target_info {
+	unsigned long mark;
+	unsigned long mask;
+	u_int8_t mode;
+};
+
+#endif /*_IPT_CONNMARK_H_target*/
diff -uNr linux-libc-headers-2.6.7.0.orig/include/linux/netfilter_ipv4/ipt_dstlimit.h linux-libc-headers-2.6.7.0/include/linux/netfilter_ipv4/ipt_dstlimit.h
--- linux-libc-headers-2.6.7.0.orig/include/linux/netfilter_ipv4/ipt_dstlimit.h	1970-01-01 01:00:00.000000000 +0100
+++ linux-libc-headers-2.6.7.0/include/linux/netfilter_ipv4/ipt_dstlimit.h	2004-07-03 16:57:41.000000000 +0200
@@ -0,0 +1,39 @@
+#ifndef _IPT_DSTLIMIT_H
+#define _IPT_DSTLIMIT_H
+
+/* timings are in milliseconds. */
+#define IPT_DSTLIMIT_SCALE 10000
+/* 1/10,000 sec period => max of 10,000/sec.  Min rate is then 429490
+   seconds, or one every 59 hours. */
+
+/* details of this structure hidden by the implementation */
+struct ipt_dstlimit_htable;
+
+#define IPT_DSTLIMIT_HASH_DIP	0x0001
+#define IPT_DSTLIMIT_HASH_DPT	0x0002
+#define IPT_DSTLIMIT_HASH_SIP	0x0004
+
+struct dstlimit_cfg {
+	u_int32_t mode;	  /* bitmask of IPT_DSTLIMIT_HASH_* */
+	u_int32_t avg;    /* Average secs between packets * scale */
+	u_int32_t burst;  /* Period multiplier for upper limit. */
+
+	/* user specified */
+	u_int32_t size;		/* how many buckets */
+	u_int32_t max;		/* max number of entries */
+	u_int32_t gc_interval;	/* gc interval */
+	u_int32_t expire;	/* when do entries expire? */
+};
+
+struct ipt_dstlimit_info {
+	char name [IFNAMSIZ];		/* name */
+	struct dstlimit_cfg cfg;
+	struct ipt_dstlimit_htable *hinfo;
+
+	/* Used internally by the kernel */
+	union {
+		void *ptr;
+		struct ipt_dstlimit_info *master;
+	} u;
+};
+#endif /*_IPT_DSTLIMIT_H*/
diff -uNr linux-libc-headers-2.6.7.0.orig/include/linux/netfilter_ipv4/ipt_fuzzy.h linux-libc-headers-2.6.7.0/include/linux/netfilter_ipv4/ipt_fuzzy.h
--- linux-libc-headers-2.6.7.0.orig/include/linux/netfilter_ipv4/ipt_fuzzy.h	1970-01-01 01:00:00.000000000 +0100
+++ linux-libc-headers-2.6.7.0/include/linux/netfilter_ipv4/ipt_fuzzy.h	2004-07-03 16:57:41.000000000 +0200
@@ -0,0 +1,21 @@
+#ifndef _IPT_FUZZY_H
+#define _IPT_FUZZY_H
+
+#include <linux/param.h>
+#include <linux/types.h>
+
+#define MAXFUZZYRATE 10000000
+#define MINFUZZYRATE 3
+
+struct ipt_fuzzy_info {
+	u_int32_t minimum_rate;
+	u_int32_t maximum_rate;
+	u_int32_t packets_total;
+	u_int32_t bytes_total;
+	u_int32_t previous_time;
+	u_int32_t present_time;
+	u_int32_t mean_rate;
+	u_int8_t acceptance_rate;
+};
+
+#endif /*_IPT_FUZZY_H*/
diff -uNr linux-libc-headers-2.6.7.0.orig/include/linux/netfilter_ipv4/ipt_IMQ.h linux-libc-headers-2.6.7.0/include/linux/netfilter_ipv4/ipt_IMQ.h
--- linux-libc-headers-2.6.7.0.orig/include/linux/netfilter_ipv4/ipt_IMQ.h	1970-01-01 01:00:00.000000000 +0100
+++ linux-libc-headers-2.6.7.0/include/linux/netfilter_ipv4/ipt_IMQ.h	2004-07-03 16:57:42.000000000 +0200
@@ -0,0 +1,8 @@
+#ifndef _IPT_IMQ_H
+#define _IPT_IMQ_H
+
+struct ipt_imq_info {
+	unsigned int todev;	/* target imq device */
+};
+
+#endif /* _IPT_IMQ_H */
diff -uNr linux-libc-headers-2.6.7.0.orig/include/linux/netfilter_ipv4/ipt_IPMARK.h linux-libc-headers-2.6.7.0/include/linux/netfilter_ipv4/ipt_IPMARK.h
--- linux-libc-headers-2.6.7.0.orig/include/linux/netfilter_ipv4/ipt_IPMARK.h	1970-01-01 01:00:00.000000000 +0100
+++ linux-libc-headers-2.6.7.0/include/linux/netfilter_ipv4/ipt_IPMARK.h	2004-07-03 16:57:41.000000000 +0200
@@ -0,0 +1,13 @@
+#ifndef _IPT_IPMARK_H_target
+#define _IPT_IPMARK_H_target
+
+struct ipt_ipmark_target_info {
+	unsigned long andmask;
+	unsigned long ormask;
+	unsigned int addr;
+};
+
+#define IPT_IPMARK_SRC    0
+#define IPT_IPMARK_DST    1
+
+#endif /*_IPT_IPMARK_H_target*/
diff -uNr linux-libc-headers-2.6.7.0.orig/include/linux/netfilter_ipv4/ipt_ipv4options.h linux-libc-headers-2.6.7.0/include/linux/netfilter_ipv4/ipt_ipv4options.h
--- linux-libc-headers-2.6.7.0.orig/include/linux/netfilter_ipv4/ipt_ipv4options.h	1970-01-01 01:00:00.000000000 +0100
+++ linux-libc-headers-2.6.7.0/include/linux/netfilter_ipv4/ipt_ipv4options.h	2004-07-03 16:57:41.000000000 +0200
@@ -0,0 +1,21 @@
+#ifndef __ipt_ipv4options_h_included__
+#define __ipt_ipv4options_h_included__
+
+#define IPT_IPV4OPTION_MATCH_SSRR		0x01  /* For strict source routing */
+#define IPT_IPV4OPTION_MATCH_LSRR		0x02  /* For loose source routing */
+#define IPT_IPV4OPTION_DONT_MATCH_SRR		0x04  /* any source routing */
+#define IPT_IPV4OPTION_MATCH_RR			0x08  /* For Record route */
+#define IPT_IPV4OPTION_DONT_MATCH_RR		0x10
+#define IPT_IPV4OPTION_MATCH_TIMESTAMP		0x20  /* For timestamp request */
+#define IPT_IPV4OPTION_DONT_MATCH_TIMESTAMP	0x40
+#define IPT_IPV4OPTION_MATCH_ROUTER_ALERT	0x80  /* For router-alert */
+#define IPT_IPV4OPTION_DONT_MATCH_ROUTER_ALERT	0x100
+#define IPT_IPV4OPTION_MATCH_ANY_OPT		0x200 /* match packet with any option */
+#define IPT_IPV4OPTION_DONT_MATCH_ANY_OPT	0x400 /* match packet with no option */
+
+struct ipt_ipv4options_info {
+	u_int16_t options;
+};
+
+
+#endif /* __ipt_ipv4options_h_included__ */
diff -uNr linux-libc-headers-2.6.7.0.orig/include/linux/netfilter_ipv4/ipt_mport.h linux-libc-headers-2.6.7.0/include/linux/netfilter_ipv4/ipt_mport.h
--- linux-libc-headers-2.6.7.0.orig/include/linux/netfilter_ipv4/ipt_mport.h	1970-01-01 01:00:00.000000000 +0100
+++ linux-libc-headers-2.6.7.0/include/linux/netfilter_ipv4/ipt_mport.h	2004-07-03 16:57:41.000000000 +0200
@@ -0,0 +1,24 @@
+#ifndef _IPT_MPORT_H
+#define _IPT_MPORT_H
+#include <linux/netfilter_ipv4/ip_tables.h>
+
+#define IPT_MPORT_SOURCE (1<<0)
+#define IPT_MPORT_DESTINATION (1<<1)
+#define IPT_MPORT_EITHER (IPT_MPORT_SOURCE|IPT_MPORT_DESTINATION)
+
+#define IPT_MULTI_PORTS	15
+
+/* Must fit inside union ipt_matchinfo: 32 bytes */
+/* every entry in ports[] except for the last one has one bit in pflags
+ * associated with it. If this bit is set, the port is the first port of
+ * a portrange, with the next entry being the last.
+ * End of list is marked with pflags bit set and port=65535.
+ * If 14 ports are used (last one does not have a pflag), the last port
+ * is repeated to fill the last entry in ports[] */
+struct ipt_mport
+{
+	u_int8_t flags:2;			/* Type of comparison */
+	u_int16_t pflags:14;			/* Port flags */
+	u_int16_t ports[IPT_MULTI_PORTS];	/* Ports */
+};
+#endif /*_IPT_MPORT_H*/
diff -uNr linux-libc-headers-2.6.7.0.orig/include/linux/netfilter_ipv4/ipt_nth.h linux-libc-headers-2.6.7.0/include/linux/netfilter_ipv4/ipt_nth.h
--- linux-libc-headers-2.6.7.0.orig/include/linux/netfilter_ipv4/ipt_nth.h	1970-01-01 01:00:00.000000000 +0100
+++ linux-libc-headers-2.6.7.0/include/linux/netfilter_ipv4/ipt_nth.h	2004-07-03 16:57:41.000000000 +0200
@@ -0,0 +1,19 @@
+#ifndef _IPT_NTH_H
+#define _IPT_NTH_H
+
+#include <linux/param.h>
+#include <linux/types.h>
+
+#ifndef IPT_NTH_NUM_COUNTERS
+#define IPT_NTH_NUM_COUNTERS 16
+#endif
+
+struct ipt_nth_info {
+	u_int8_t every;
+	u_int8_t not;
+	u_int8_t startat;
+	u_int8_t counter;
+	u_int8_t packet;
+};
+
+#endif /*_IPT_NTH_H*/
diff -uNr linux-libc-headers-2.6.7.0.orig/include/linux/netfilter_ipv4/ipt_policy.h linux-libc-headers-2.6.7.0/include/linux/netfilter_ipv4/ipt_policy.h
--- linux-libc-headers-2.6.7.0.orig/include/linux/netfilter_ipv4/ipt_policy.h	1970-01-01 01:00:00.000000000 +0100
+++ linux-libc-headers-2.6.7.0/include/linux/netfilter_ipv4/ipt_policy.h	2004-07-03 16:57:41.000000000 +0200
@@ -0,0 +1,52 @@
+#ifndef _IPT_POLICY_H
+#define _IPT_POLICY_H
+
+#define POLICY_MAX_ELEM	4
+
+enum ipt_policy_flags
+{
+	POLICY_MATCH_IN		= 0x1,
+	POLICY_MATCH_OUT	= 0x2,
+	POLICY_MATCH_NONE	= 0x4,
+	POLICY_MATCH_STRICT	= 0x8,
+};
+
+enum ipt_policy_modes
+{
+	POLICY_MODE_TRANSPORT,
+	POLICY_MODE_TUNNEL
+};
+
+struct ipt_policy_spec
+{
+	u_int8_t	saddr:1,
+			daddr:1,
+			proto:1,
+			mode:1,
+			spi:1,
+			reqid:1;
+};
+
+struct ipt_policy_elem
+{
+	u_int32_t	saddr;
+	u_int32_t	smask;
+	u_int32_t	daddr;
+	u_int32_t	dmask;
+	u_int32_t	spi;
+	u_int32_t	reqid;
+	u_int8_t	proto;
+	u_int8_t	mode;
+
+	struct ipt_policy_spec	match;
+	struct ipt_policy_spec	invert;
+};
+
+struct ipt_policy_info
+{
+	struct ipt_policy_elem pol[POLICY_MAX_ELEM];
+	u_int16_t flags;
+	u_int16_t len;
+};
+
+#endif /* _IPT_POLICY_H */
diff -uNr linux-libc-headers-2.6.7.0.orig/include/linux/netfilter_ipv4/ipt_psd.h linux-libc-headers-2.6.7.0/include/linux/netfilter_ipv4/ipt_psd.h
--- linux-libc-headers-2.6.7.0.orig/include/linux/netfilter_ipv4/ipt_psd.h	1970-01-01 01:00:00.000000000 +0100
+++ linux-libc-headers-2.6.7.0/include/linux/netfilter_ipv4/ipt_psd.h	2004-07-03 16:57:41.000000000 +0200
@@ -0,0 +1,40 @@
+#ifndef _IPT_PSD_H
+#define _IPT_PSD_H
+
+#include <linux/param.h>
+#include <linux/types.h>
+
+/*
+ * High port numbers have a lower weight to reduce the frequency of false
+ * positives, such as from passive mode FTP transfers.
+ */
+#define PORT_WEIGHT_PRIV		3
+#define PORT_WEIGHT_HIGH		1
+
+/*
+ * Port scan detection thresholds: at least COUNT ports need to be scanned
+ * from the same source, with no longer than DELAY ticks between ports.
+ */
+#define SCAN_MIN_COUNT			7
+#define SCAN_MAX_COUNT			(SCAN_MIN_COUNT * PORT_WEIGHT_PRIV)
+#define SCAN_WEIGHT_THRESHOLD		SCAN_MAX_COUNT
+#define SCAN_DELAY_THRESHOLD		(300) /* old usage of HZ here was erroneously and broke under uml */
+
+/*
+ * Keep track of up to LIST_SIZE source addresses, using a hash table of
+ * HASH_SIZE entries for faster lookups, but limiting hash collisions to
+ * HASH_MAX source addresses per the same hash value.
+ */
+#define LIST_SIZE			0x100
+#define HASH_LOG			9
+#define HASH_SIZE			(1 << HASH_LOG)
+#define HASH_MAX			0x10
+
+struct ipt_psd_info {
+	unsigned int weight_threshold;
+	unsigned int delay_threshold;
+	unsigned short lo_ports_weight;
+	unsigned short hi_ports_weight;
+};
+
+#endif /*_IPT_PSD_H*/
diff -uNr linux-libc-headers-2.6.7.0.orig/include/linux/netfilter_ipv4/ipt_quota.h linux-libc-headers-2.6.7.0/include/linux/netfilter_ipv4/ipt_quota.h
--- linux-libc-headers-2.6.7.0.orig/include/linux/netfilter_ipv4/ipt_quota.h	1970-01-01 01:00:00.000000000 +0100
+++ linux-libc-headers-2.6.7.0/include/linux/netfilter_ipv4/ipt_quota.h	2004-07-03 16:57:41.000000000 +0200
@@ -0,0 +1,11 @@
+#ifndef _IPT_QUOTA_H
+#define _IPT_QUOTA_H
+
+/* print debug info in both kernel/netfilter module & iptable library */
+//#define DEBUG_IPT_QUOTA
+
+struct ipt_quota_info {
+        u_int64_t quota;
+};
+
+#endif /*_IPT_QUOTA_H*/
diff -uNr linux-libc-headers-2.6.7.0.orig/include/linux/netfilter_ipv4/ipt_realm.h linux-libc-headers-2.6.7.0/include/linux/netfilter_ipv4/ipt_realm.h
--- linux-libc-headers-2.6.7.0.orig/include/linux/netfilter_ipv4/ipt_realm.h	1970-01-01 01:00:00.000000000 +0100
+++ linux-libc-headers-2.6.7.0/include/linux/netfilter_ipv4/ipt_realm.h	2004-07-03 16:56:45.000000000 +0200
@@ -0,0 +1,10 @@
+#ifndef _IPT_REALM_H
+#define _IPT_REALM_H
+
+struct ipt_realm_info {
+	u_int32_t id;
+	u_int32_t mask;
+	u_int8_t invert;
+};
+
+#endif /* _IPT_REALM_H */
diff -uNr linux-libc-headers-2.6.7.0.orig/include/linux/netfilter_ipv4/ipt_ROUTE.h linux-libc-headers-2.6.7.0/include/linux/netfilter_ipv4/ipt_ROUTE.h
--- linux-libc-headers-2.6.7.0.orig/include/linux/netfilter_ipv4/ipt_ROUTE.h	1970-01-01 01:00:00.000000000 +0100
+++ linux-libc-headers-2.6.7.0/include/linux/netfilter_ipv4/ipt_ROUTE.h	2004-07-03 16:57:41.000000000 +0200
@@ -0,0 +1,22 @@
+/* Header file for iptables ipt_ROUTE target
+ *