- updated to 2.6.8 aka tribute to mmazur - maintainer of VANILLA (ONLY) llh

[packages/linux-libc-headers.git] / linux-libc-headers-netfilter.patch

diff -urN linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv4/ip_conntrack.h linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv4/ip_conntrack.h
--- linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv4/ip_conntrack.h  2004-08-19 21:31:32.676498552 +0200
+++ linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv4/ip_conntrack.h      2004-08-19 21:32:30.805661576 +0200
@@ -49,10 +49,12 @@
 
 #include <linux/netfilter_ipv4/ip_conntrack_tcp.h>
 #include <linux/netfilter_ipv4/ip_conntrack_icmp.h>
+#include <linux/netfilter_ipv4/ip_conntrack_sctp.h>
 
 /* per conntrack: protocol private data */
 union ip_conntrack_proto {
        /* insert conntrack proto private data here */
+       struct ip_ct_sctp sctp;
        struct ip_ct_tcp tcp;
        struct ip_ct_icmp icmp;
 };
diff -urN linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv4/ip_conntrack_sctp.h linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv4/ip_conntrack_sctp.h
--- linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv4/ip_conntrack_sctp.h     1970-01-01 01:00:00.000000000 +0100
+++ linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv4/ip_conntrack_sctp.h 2004-08-19 21:32:30.808661120 +0200
@@ -0,0 +1,25 @@
+#ifndef _IP_CONNTRACK_SCTP_H
+#define _IP_CONNTRACK_SCTP_H
+/* SCTP tracking. */
+
+enum sctp_conntrack {
+       SCTP_CONNTRACK_NONE,
+       SCTP_CONNTRACK_CLOSED,
+       SCTP_CONNTRACK_COOKIE_WAIT,
+       SCTP_CONNTRACK_COOKIE_ECHOED,
+       SCTP_CONNTRACK_ESTABLISHED,
+       SCTP_CONNTRACK_SHUTDOWN_SENT,
+       SCTP_CONNTRACK_SHUTDOWN_RECD,
+       SCTP_CONNTRACK_SHUTDOWN_ACK_SENT,
+       SCTP_CONNTRACK_MAX
+};
+
+struct ip_ct_sctp
+{
+       enum sctp_conntrack state;
+
+       u_int32_t vtag[IP_CT_DIR_MAX];
+       u_int32_t ttag[IP_CT_DIR_MAX];
+};
+
+#endif /* _IP_CONNTRACK_SCTP_H */
diff -urN linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv4/ip_conntrack_tuple.h linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv4/ip_conntrack_tuple.h
--- linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv4/ip_conntrack_tuple.h    2004-08-19 21:31:32.670499464 +0200
+++ linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv4/ip_conntrack_tuple.h        2004-08-19 21:32:30.810660816 +0200
@@ -25,6 +25,9 @@
        struct {
                u_int16_t id;
        } icmp;
+       struct {
+               u_int16_t port;
+       } sctp;
 };
 
 /* The manipulable part of the tuple. */
@@ -55,6 +58,9 @@
                        struct {
                                u_int8_t type, code;
                        } icmp;
+                       struct {
+                               u_int16_t port;
+                       } sctp;
                } u;
 
                /* The protocol. */
diff -urN linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv4/ip_logging.h linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv4/ip_logging.h
--- linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv4/ip_logging.h    1970-01-01 01:00:00.000000000 +0100
+++ linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv4/ip_logging.h        2004-08-19 21:32:30.813660360 +0200
@@ -0,0 +1,5 @@
+/* IPv4 macros for the internal logging interface. */
+#ifndef __IP_LOGGING_H
+#define __IP_LOGGING_H
+
+#endif /*__IP_LOGGING_H*/
diff -urN linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv4/ip_queue.h linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv4/ip_queue.h
--- linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv4/ip_queue.h      2004-08-19 21:31:32.665500224 +0200
+++ linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv4/ip_queue.h  2004-08-19 21:32:30.816659904 +0200
@@ -7,7 +7,7 @@
 #ifndef _IP_QUEUE_H
 #define _IP_QUEUE_H
 
-#include <linux/if.h>
+#include <net/if.h>
 
 /* Messages sent from kernel */
 typedef struct ipq_packet_msg {
@@ -39,10 +39,20 @@
        unsigned char payload[0];       /* Optional replacement packet */
 } ipq_verdict_msg_t;
 
+typedef struct ipq_vwmark_msg {
+       unsigned int value;             /* Verdict to hand to netfilter */
+       unsigned long id;               /* Packet ID for this verdict */
+       size_t data_len;                /* Length of replacement data */
+       unsigned char payload[0];       /* Optional replacement packet */
+       unsigned long nfmark;           /* Mark for the Packet */
+} ipq_vwmark_msg_t;
+
+
 typedef struct ipq_peer_msg {
        union {
                ipq_verdict_msg_t verdict;
                ipq_mode_msg_t mode;
+                ipq_vwmark_msg_t vwmark;
        } msg;
 } ipq_peer_msg_t;
 
@@ -59,6 +69,7 @@
 #define IPQM_MODE      (IPQM_BASE + 1)         /* Mode request from peer */
 #define IPQM_VERDICT   (IPQM_BASE + 2)         /* Verdict from peer */ 
 #define IPQM_PACKET    (IPQM_BASE + 3)         /* Packet from kernel */
-#define IPQM_MAX       (IPQM_BASE + 4)
+#define IPQM_VWMARK    (IPQM_BASE + 4)         /* Verdict and mark from peer */
+#define IPQM_MAX       (IPQM_BASE + 5)
 
 #endif /*_IP_QUEUE_H*/
diff -urN linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv4/ipt_account.h linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv4/ipt_account.h
--- linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv4/ipt_account.h   1970-01-01 01:00:00.000000000 +0100
+++ linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv4/ipt_account.h       2004-08-19 21:32:35.740911304 +0200
@@ -0,0 +1,21 @@
+/* 
+ * accounting match (ipt_account.c)
+ * (C) 2003,2004 by Piotr Gasid³o (quaker@barbara.eu.org)
+ *
+ * Version: 0.1.5
+ *
+ * This software is distributed under the terms of GNU GPL
+ */
+
+#ifndef _IPT_ACCOUNT_H_
+#define _IPT_ACCOUNT_H_
+
+#define IPT_ACCOUNT_NAME_LEN 64
+
+struct t_ipt_account_info {
+       char name[IPT_ACCOUNT_NAME_LEN];
+       u_int32_t network;
+       u_int32_t netmask;
+};
+
+#endif
diff -urN linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv4/ipt_connlimit.h linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv4/ipt_connlimit.h
--- linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv4/ipt_connlimit.h 1970-01-01 01:00:00.000000000 +0100
+++ linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv4/ipt_connlimit.h     2004-08-19 21:32:37.256680872 +0200
@@ -0,0 +1,12 @@
+#ifndef _IPT_CONNLIMIT_H
+#define _IPT_CONNLIMIT_H
+
+struct ipt_connlimit_data;
+
+struct ipt_connlimit_info {
+       int limit;
+       int inverse;
+       u_int32_t mask;
+       struct ipt_connlimit_data *data;
+};
+#endif /* _IPT_CONNLIMIT_H */
diff -urN linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv4/ipt_connmark.h linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv4/ipt_connmark.h
--- linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv4/ipt_connmark.h  1970-01-01 01:00:00.000000000 +0100
+++ linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv4/ipt_connmark.h      2004-08-19 21:32:37.257680720 +0200
@@ -0,0 +1,18 @@
+#ifndef _IPT_CONNMARK_H
+#define _IPT_CONNMARK_H
+
+/* Copyright (C) 2002,2004 MARA Systems AB <http://www.marasystems.com>
+ * by Henrik Nordstrom <hno@marasystems.com>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ */
+
+struct ipt_connmark_info {
+       unsigned long mark, mask;
+       u_int8_t invert;
+};
+
+#endif /*_IPT_CONNMARK_H*/
diff -urN linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv4/ipt_CONNMARK.h linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv4/ipt_CONNMARK.h
--- linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv4/ipt_CONNMARK.h  1970-01-01 01:00:00.000000000 +0100
+++ linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv4/ipt_CONNMARK.h      2004-08-19 21:32:37.258680568 +0200
@@ -0,0 +1,25 @@
+#ifndef _IPT_CONNMARK_H_target
+#define _IPT_CONNMARK_H_target
+
+/* Copyright (C) 2002,2004 MARA Systems AB <http://www.marasystems.com>
+ * by Henrik Nordstrom <hno@marasystems.com>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ */
+
+enum {
+       IPT_CONNMARK_SET = 0,
+       IPT_CONNMARK_SAVE,
+       IPT_CONNMARK_RESTORE
+};
+
+struct ipt_connmark_target_info {
+       unsigned long mark;
+       unsigned long mask;
+       u_int8_t mode;
+};
+
+#endif /*_IPT_CONNMARK_H_target*/
diff -urN linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv4/ipt_dstlimit.h linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv4/ipt_dstlimit.h
--- linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv4/ipt_dstlimit.h  1970-01-01 01:00:00.000000000 +0100
+++ linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv4/ipt_dstlimit.h      2004-08-19 21:32:37.273678288 +0200
@@ -0,0 +1,39 @@
+#ifndef _IPT_DSTLIMIT_H
+#define _IPT_DSTLIMIT_H
+
+/* timings are in milliseconds. */
+#define IPT_DSTLIMIT_SCALE 10000
+/* 1/10,000 sec period => max of 10,000/sec.  Min rate is then 429490
+   seconds, or one every 59 hours. */
+
+/* details of this structure hidden by the implementation */
+struct ipt_dstlimit_htable;
+
+#define IPT_DSTLIMIT_HASH_DIP  0x0001
+#define IPT_DSTLIMIT_HASH_DPT  0x0002
+#define IPT_DSTLIMIT_HASH_SIP  0x0004
+
+struct dstlimit_cfg {
+       u_int32_t mode;   /* bitmask of IPT_DSTLIMIT_HASH_* */
+       u_int32_t avg;    /* Average secs between packets * scale */
+       u_int32_t burst;  /* Period multiplier for upper limit. */
+
+       /* user specified */
+       u_int32_t size;         /* how many buckets */
+       u_int32_t max;          /* max number of entries */
+       u_int32_t gc_interval;  /* gc interval */
+       u_int32_t expire;       /* when do entries expire? */
+};
+
+struct ipt_dstlimit_info {
+       char name [IFNAMSIZ];           /* name */
+       struct dstlimit_cfg cfg;
+       struct ipt_dstlimit_htable *hinfo;
+
+       /* Used internally by the kernel */
+       union {
+               void *ptr;
+               struct ipt_dstlimit_info *master;
+       } u;
+};
+#endif /*_IPT_DSTLIMIT_H*/
diff -urN linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv4/ipt_fuzzy.h linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv4/ipt_fuzzy.h
--- linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv4/ipt_fuzzy.h     1970-01-01 01:00:00.000000000 +0100
+++ linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv4/ipt_fuzzy.h 2004-08-19 21:32:37.275677984 +0200
@@ -0,0 +1,21 @@
+#ifndef _IPT_FUZZY_H
+#define _IPT_FUZZY_H
+
+#include <linux/param.h>
+#include <linux/types.h>
+
+#define MAXFUZZYRATE 10000000
+#define MINFUZZYRATE 3
+
+struct ipt_fuzzy_info {
+       u_int32_t minimum_rate;
+       u_int32_t maximum_rate;
+       u_int32_t packets_total;
+       u_int32_t bytes_total;
+       u_int32_t previous_time;
+       u_int32_t present_time;
+       u_int32_t mean_rate;
+       u_int8_t acceptance_rate;
+};
+
+#endif /*_IPT_FUZZY_H*/
diff -urN linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv4/ipt_IMQ.h linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv4/ipt_IMQ.h
--- linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv4/ipt_IMQ.h       1970-01-01 01:00:00.000000000 +0100
+++ linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv4/ipt_IMQ.h   2004-08-19 21:32:37.277677680 +0200
@@ -0,0 +1,8 @@
+#ifndef _IPT_IMQ_H
+#define _IPT_IMQ_H
+
+struct ipt_imq_info {
+       unsigned int todev;     /* target imq device */
+};
+
+#endif /* _IPT_IMQ_H */
diff -urN linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv4/ipt_IPMARK.h linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv4/ipt_IPMARK.h
--- linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv4/ipt_IPMARK.h    1970-01-01 01:00:00.000000000 +0100
+++ linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv4/ipt_IPMARK.h        2004-08-19 21:32:37.280677224 +0200
@@ -0,0 +1,13 @@
+#ifndef _IPT_IPMARK_H_target
+#define _IPT_IPMARK_H_target
+
+struct ipt_ipmark_target_info {
+       unsigned long andmask;
+       unsigned long ormask;
+       unsigned int addr;
+};
+
+#define IPT_IPMARK_SRC    0
+#define IPT_IPMARK_DST    1
+
+#endif /*_IPT_IPMARK_H_target*/
diff -urN linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv4/ipt_ipv4options.h linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv4/ipt_ipv4options.h
--- linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv4/ipt_ipv4options.h       1970-01-01 01:00:00.000000000 +0100
+++ linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv4/ipt_ipv4options.h   2004-08-19 21:32:37.282676920 +0200
@@ -0,0 +1,21 @@
+#ifndef __ipt_ipv4options_h_included__
+#define __ipt_ipv4options_h_included__
+
+#define IPT_IPV4OPTION_MATCH_SSRR              0x01  /* For strict source routing */
+#define IPT_IPV4OPTION_MATCH_LSRR              0x02  /* For loose source routing */
+#define IPT_IPV4OPTION_DONT_MATCH_SRR          0x04  /* any source routing */
+#define IPT_IPV4OPTION_MATCH_RR                        0x08  /* For Record route */
+#define IPT_IPV4OPTION_DONT_MATCH_RR           0x10
+#define IPT_IPV4OPTION_MATCH_TIMESTAMP         0x20  /* For timestamp request */
+#define IPT_IPV4OPTION_DONT_MATCH_TIMESTAMP    0x40
+#define IPT_IPV4OPTION_MATCH_ROUTER_ALERT      0x80  /* For router-alert */
+#define IPT_IPV4OPTION_DONT_MATCH_ROUTER_ALERT 0x100
+#define IPT_IPV4OPTION_MATCH_ANY_OPT           0x200 /* match packet with any option */
+#define IPT_IPV4OPTION_DONT_MATCH_ANY_OPT      0x400 /* match packet with no option */
+
+struct ipt_ipv4options_info {
+       u_int16_t options;
+};
+
+
+#endif /* __ipt_ipv4options_h_included__ */
diff -urN linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv4/ipt_layer7.h linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv4/ipt_layer7.h
--- linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv4/ipt_layer7.h    1970-01-01 01:00:00.000000000 +0100
+++ linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv4/ipt_layer7.h        2004-08-19 21:32:37.284676616 +0200
@@ -0,0 +1,26 @@
+/* 
+  By Matthew Strait <quadong@users.sf.net>, Dec 2003.
+  http://l7-filter.sf.net
+
+  This program is free software; you can redistribute it and/or
+  modify it under the terms of the GNU General Public License
+  as published by the Free Software Foundation; either version
+  2 of the License, or (at your option) any later version.
+  http://www.gnu.org/licenses/gpl.txt
+*/
+
+#ifndef _IPT_LAYER7_H
+#define _IPT_LAYER7_H
+
+#define MAX_PATTERN_LEN 8192
+#define MAX_PROTOCOL_LEN 256
+
+typedef char *(*proc_ipt_search) (char *, char, char *);
+
+struct ipt_layer7_info {
+    char protocol[MAX_PROTOCOL_LEN];
+    char invert:1;
+    char pattern[MAX_PATTERN_LEN];
+};
+
+#endif /* _IPT_LAYER7_H */
diff -urN linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv4/ipt_mport.h linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv4/ipt_mport.h
--- linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv4/ipt_mport.h     1970-01-01 01:00:00.000000000 +0100
+++ linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv4/ipt_mport.h 2004-08-19 21:32:37.286676312 +0200
@@ -0,0 +1,24 @@
+#ifndef _IPT_MPORT_H
+#define _IPT_MPORT_H
+#include <linux/netfilter_ipv4/ip_tables.h>
+
+#define IPT_MPORT_SOURCE (1<<0)
+#define IPT_MPORT_DESTINATION (1<<1)
+#define IPT_MPORT_EITHER (IPT_MPORT_SOURCE|IPT_MPORT_DESTINATION)
+
+#define IPT_MULTI_PORTS        15
+
+/* Must fit inside union ipt_matchinfo: 32 bytes */
+/* every entry in ports[] except for the last one has one bit in pflags
+ * associated with it. If this bit is set, the port is the first port of
+ * a portrange, with the next entry being the last.
+ * End of list is marked with pflags bit set and port=65535.
+ * If 14 ports are used (last one does not have a pflag), the last port
+ * is repeated to fill the last entry in ports[] */
+struct ipt_mport
+{
+       u_int8_t flags:2;                       /* Type of comparison */
+       u_int16_t pflags:14;                    /* Port flags */
+       u_int16_t ports[IPT_MULTI_PORTS];       /* Ports */
+};
+#endif /*_IPT_MPORT_H*/
diff -urN linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv4/ipt_nth.h linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv4/ipt_nth.h
--- linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv4/ipt_nth.h       1970-01-01 01:00:00.000000000 +0100
+++ linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv4/ipt_nth.h   2004-08-19 21:32:37.289675856 +0200
@@ -0,0 +1,19 @@
+#ifndef _IPT_NTH_H
+#define _IPT_NTH_H
+
+#include <linux/param.h>
+#include <linux/types.h>
+
+#ifndef IPT_NTH_NUM_COUNTERS
+#define IPT_NTH_NUM_COUNTERS 16
+#endif
+
+struct ipt_nth_info {
+       u_int8_t every;
+       u_int8_t not;
+       u_int8_t startat;
+       u_int8_t counter;
+       u_int8_t packet;
+};
+
+#endif /*_IPT_NTH_H*/
diff -urN linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv4/ipt_policy.h linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv4/ipt_policy.h
--- linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv4/ipt_policy.h    1970-01-01 01:00:00.000000000 +0100
+++ linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv4/ipt_policy.h        2004-08-19 21:32:37.291675552 +0200
@@ -0,0 +1,52 @@
+#ifndef _IPT_POLICY_H
+#define _IPT_POLICY_H
+
+#define POLICY_MAX_ELEM        4
+
+enum ipt_policy_flags
+{
+       POLICY_MATCH_IN         = 0x1,
+       POLICY_MATCH_OUT        = 0x2,
+       POLICY_MATCH_NONE       = 0x4,
+       POLICY_MATCH_STRICT     = 0x8,
+};
+
+enum ipt_policy_modes
+{
+       POLICY_MODE_TRANSPORT,
+       POLICY_MODE_TUNNEL
+};
+
+struct ipt_policy_spec
+{
+       u_int8_t        saddr:1,
+                       daddr:1,
+                       proto:1,
+                       mode:1,
+                       spi:1,
+                       reqid:1;
+};
+
+struct ipt_policy_elem
+{
+       u_int32_t       saddr;
+       u_int32_t       smask;
+       u_int32_t       daddr;
+       u_int32_t       dmask;
+       u_int32_t       spi;
+       u_int32_t       reqid;
+       u_int8_t        proto;
+       u_int8_t        mode;
+
+       struct ipt_policy_spec  match;
+       struct ipt_policy_spec  invert;
+};
+
+struct ipt_policy_info
+{
+       struct ipt_policy_elem pol[POLICY_MAX_ELEM];
+       u_int16_t flags;
+       u_int16_t len;
+};
+
+#endif /* _IPT_POLICY_H */
diff -urN linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv4/ipt_psd.h linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv4/ipt_psd.h
--- linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv4/ipt_psd.h       1970-01-01 01:00:00.000000000 +0100
+++ linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv4/ipt_psd.h   2004-08-19 21:32:37.293675248 +0200
@@ -0,0 +1,40 @@
+#ifndef _IPT_PSD_H
+#define _IPT_PSD_H
+
+#include <linux/param.h>
+#include <linux/types.h>
+
+/*
+ * High port numbers have a lower weight to reduce the frequency of false
+ * positives, such as from passive mode FTP transfers.
+ */
+#define PORT_WEIGHT_PRIV               3
+#define PORT_WEIGHT_HIGH               1
+
+/*
+ * Port scan detection thresholds: at least COUNT ports need to be scanned
+ * from the same source, with no longer than DELAY ticks between ports.
+ */
+#define SCAN_MIN_COUNT                 7
+#define SCAN_MAX_COUNT                 (SCAN_MIN_COUNT * PORT_WEIGHT_PRIV)
+#define SCAN_WEIGHT_THRESHOLD          SCAN_MAX_COUNT
+#define SCAN_DELAY_THRESHOLD           (300) /* old usage of HZ here was erroneously and broke under uml */
+
+/*
+ * Keep track of up to LIST_SIZE source addresses, using a hash table of
+ * HASH_SIZE entries for faster lookups, but limiting hash collisions to
+ * HASH_MAX source addresses per the same hash value.
+ */
+#define LIST_SIZE                      0x100
+#define HASH_LOG                       9
+#define HASH_SIZE                      (1 << HASH_LOG)
+#define HASH_MAX                       0x10
+
+struct ipt_psd_info {
+       unsigned int weight_threshold;
+       unsigned int delay_threshold;
+       unsigned short lo_ports_weight;
+       unsigned short hi_ports_weight;
+};
+
+#endif /*_IPT_PSD_H*/
diff -urN linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv4/ipt_quota.h linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv4/ipt_quota.h
--- linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv4/ipt_quota.h     1970-01-01 01:00:00.000000000 +0100
+++ linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv4/ipt_quota.h 2004-08-19 21:32:37.295674944 +0200
@@ -0,0 +1,11 @@
+#ifndef _IPT_QUOTA_H
+#define _IPT_QUOTA_H
+
+/* print debug info in both kernel/netfilter module & iptable library */
+//#define DEBUG_IPT_QUOTA
+
+struct ipt_quota_info {
+        u_int64_t quota;
+};
+
+#endif /*_IPT_QUOTA_H*/
diff -urN linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv4/ipt_ROUTE.h linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv4/ipt_ROUTE.h
--- linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv4/ipt_ROUTE.h     1970-01-01 01:00:00.000000000 +0100
+++ linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv4/ipt_ROUTE.h 2004-08-19 21:32:38.942424600 +0200
@@ -0,0 +1,22 @@
+/* Header file for iptables ipt_ROUTE target
+ *
+ * (C) 2002 by Cédric de Launois <delaunois@info.ucl.ac.be>
+ *
+ * This software is distributed under GNU GPL v2, 1991
+ */
+#ifndef _IPT_ROUTE_H_target
+#define _IPT_ROUTE_H_target
+
+#define IPT_ROUTE_IFNAMSIZ 16
+
+struct ipt_route_target_info {
+       char      oif[IPT_ROUTE_IFNAMSIZ];      /* Output Interface Name */
+       char      iif[IPT_ROUTE_IFNAMSIZ];      /* Input Interface Name  */
+       u_int32_t gw;                           /* IP address of gateway */
+       u_int8_t  flags;
+};
+
+/* Values for "flags" field */
+#define IPT_ROUTE_CONTINUE        0x01
+
+#endif /*_IPT_ROUTE_H_target*/
diff -urN linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv4/ipt_sctp.h linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv4/ipt_sctp.h
--- linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv4/ipt_sctp.h      1970-01-01 01:00:00.000000000 +0100
+++ linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv4/ipt_sctp.h  2004-08-19 21:32:38.943424448 +0200
@@ -0,0 +1,107 @@
+#ifndef _IPT_SCTP_H_
+#define _IPT_SCTP_H_
+
+#define IPT_SCTP_SRC_PORTS             0x01
+#define IPT_SCTP_DEST_PORTS            0x02
+#define IPT_SCTP_CHUNK_TYPES           0x04
+
+#define IPT_SCTP_VALID_FLAGS           0x07
+
+#define ELEMCOUNT(x) (sizeof(x)/sizeof(x[0]))
+
+
+struct ipt_sctp_flag_info {
+       u_int8_t chunktype;
+       u_int8_t flag;
+       u_int8_t flag_mask;
+};
+
+#define IPT_NUM_SCTP_FLAGS     4
+
+struct ipt_sctp_info {
+       u_int16_t dpts[2];  /* Min, Max */
+       u_int16_t spts[2];  /* Min, Max */
+
+       u_int32_t chunkmap[256 / sizeof (u_int32_t)];  /* Bit mask of chunks to be matched according to RFC 2960 */
+
+#define SCTP_CHUNK_MATCH_ANY   0x01  /* Match if any of the chunk types are present */
+#define SCTP_CHUNK_MATCH_ALL   0x02  /* Match if all of the chunk types are present */
+#define SCTP_CHUNK_MATCH_ONLY  0x04  /* Match if these are the only chunk types present */
+
+       u_int32_t chunk_match_type;
+       struct ipt_sctp_flag_info flag_info[IPT_NUM_SCTP_FLAGS];
+       int flag_count;
+
+       u_int32_t flags;
+       u_int32_t invflags;
+};
+
+#define bytes(type) (sizeof(type) * 8)
+
+#define SCTP_CHUNKMAP_SET(chunkmap, type)              \
+       do {                                            \
+               chunkmap[type / bytes(u_int32_t)] |=    \
+                       1 << (type % bytes(u_int32_t)); \
+       } while (0)
+
+#define SCTP_CHUNKMAP_CLEAR(chunkmap, type)                    \
+       do {                                                    \
+               chunkmap[type / bytes(u_int32_t)] &=            \
+                       ~(1 << (type % bytes(u_int32_t)));      \
+       } while (0)
+
+#define SCTP_CHUNKMAP_IS_SET(chunkmap, type)                   \
+({                                                             \
+       (chunkmap[type / bytes (u_int32_t)] &                   \
+               (1 << (type % bytes (u_int32_t)))) ? 1: 0;      \
+})
+
+#define SCTP_CHUNKMAP_RESET(chunkmap)                          \
+       do {                                                    \
+               int i;                                          \
+               for (i = 0; i < ELEMCOUNT(chunkmap); i++)       \
+                       chunkmap[i] = 0;                        \
+       } while (0)
+
+#define SCTP_CHUNKMAP_SET_ALL(chunkmap)                        \
+       do {                                                    \
+               int i;                                          \
+               for (i = 0; i < ELEMCOUNT(chunkmap); i++)       \
+                       chunkmap[i] = ~0;                       \
+       } while (0)
+
+#define SCTP_CHUNKMAP_COPY(destmap, srcmap)                    \
+       do {                                                    \
+               int i;                                          \
+               for (i = 0; i < ELEMCOUNT(chunkmap); i++)       \
+                       destmap[i] = srcmap[i];                 \
+       } while (0)
+
+#define SCTP_CHUNKMAP_IS_CLEAR(chunkmap)               \
+({                                                     \
+       int i;                                          \
+       int flag = 1;                                   \
+       for (i = 0; i < ELEMCOUNT(chunkmap); i++) {     \
+               if (chunkmap[i]) {                      \
+                       flag = 0;                       \
+                       break;                          \
+               }                                       \
+       }                                               \
+        flag;                                          \
+})
+
+#define SCTP_CHUNKMAP_IS_ALL_SET(chunkmap)             \
+({                                                     \
+       int i;                                          \
+       int flag = 1;                                   \
+       for (i = 0; i < ELEMCOUNT(chunkmap); i++) {     \
+               if (chunkmap[i] != ~0) {                \
+                       flag = 0;                       \
+                               break;                  \
+               }                                       \
+       }                                               \
+        flag;                                          \
+})
+
+#endif /* _IPT_SCTP_H_ */
+
diff -urN linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv4/ipt_string.h linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv4/ipt_string.h
--- linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv4/ipt_string.h    1970-01-01 01:00:00.000000000 +0100
+++ linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv4/ipt_string.h        2004-08-19 21:32:38.945424144 +0200
@@ -0,0 +1,21 @@
+#ifndef _IPT_STRING_H
+#define _IPT_STRING_H
+
+/* *** PERFORMANCE TWEAK ***
+ * Packet size and search string threshold,
+ * above which sublinear searches is used. */
+#define IPT_STRING_HAYSTACK_THRESH     100
+#define IPT_STRING_NEEDLE_THRESH       20
+
+#define BM_MAX_NLEN 256
+#define BM_MAX_HLEN 1024
+
+typedef char *(*proc_ipt_search) (char *, char *, int, int);
+
+struct ipt_string_info {
+    char string[BM_MAX_NLEN];
+    u_int16_t invert;
+    u_int16_t len;
+};
+
+#endif /* _IPT_STRING_H */
diff -urN linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv4/ipt_time.h linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv4/ipt_time.h
--- linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv4/ipt_time.h      1970-01-01 01:00:00.000000000 +0100
+++ linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv4/ipt_time.h  2004-08-19 21:32:38.947423840 +0200
@@ -0,0 +1,15 @@
+#ifndef __ipt_time_h_included__
+#define __ipt_time_h_included__
+
+
+struct ipt_time_info {
+       u_int8_t  days_match;   /* 1 bit per day. -SMTWTFS                      */
+       u_int16_t time_start;   /* 0 < time_start < 23*60+59 = 1439             */
+       u_int16_t time_stop;    /* 0:0 < time_stat < 23:59                      */
+       u_int8_t  kerneltime;   /* ignore skb time (and use kerneltime) or not. */
+       time_t    date_start;
+       time_t    date_stop;
+};
+
+
+#endif /* __ipt_time_h_included__ */
diff -urN linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv4/ipt_TTL.h linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv4/ipt_TTL.h
--- linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv4/ipt_TTL.h       1970-01-01 01:00:00.000000000 +0100
+++ linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv4/ipt_TTL.h   2004-08-19 21:32:38.949423536 +0200
@@ -0,0 +1,21 @@
+/* TTL modification module for IP tables
+ * (C) 2000 by Harald Welte <laforge@gnumonks.org> */
+
+#ifndef _IPT_TTL_H
+#define _IPT_TTL_H
+
+enum {
+       IPT_TTL_SET = 0,
+       IPT_TTL_INC,
+       IPT_TTL_DEC
+};
+
+#define IPT_TTL_MAXMODE        IPT_TTL_DEC
+
+struct ipt_TTL_info {
+       u_int8_t        mode;
+       u_int8_t        ttl;
+};
+
+
+#endif
diff -urN linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv4/ipt_XOR.h linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv4/ipt_XOR.h
--- linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv4/ipt_XOR.h       1970-01-01 01:00:00.000000000 +0100
+++ linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv4/ipt_XOR.h   2004-08-19 21:32:38.950423384 +0200
@@ -0,0 +1,9 @@
+#ifndef _IPT_XOR_H
+#define _IPT_XOR_H
+
+struct ipt_XOR_info {
+       char            key[30];
+       u_int8_t        block_size;
+};
+
+#endif /* _IPT_XOR_H */
diff -urN linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv6/ip6_logging.h linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv6/ip6_logging.h
--- linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv6/ip6_logging.h   1970-01-01 01:00:00.000000000 +0100
+++ linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv6/ip6_logging.h       2004-08-19 21:32:38.952423080 +0200
@@ -0,0 +1,5 @@
+/* IPv6 macros for the nternal logging interface. */
+#ifndef __IP6_LOGGING_H
+#define __IP6_LOGGING_H
+
+#endif /*__IP6_LOGGING_H*/
diff -urN linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv6/ip6t_fuzzy.h linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv6/ip6t_fuzzy.h
--- linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv6/ip6t_fuzzy.h    1970-01-01 01:00:00.000000000 +0100
+++ linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv6/ip6t_fuzzy.h        2004-08-19 21:32:39.921275792 +0200
@@ -0,0 +1,21 @@
+#ifndef _IP6T_FUZZY_H
+#define _IP6T_FUZZY_H
+
+#include <linux/param.h>
+#include <linux/types.h>
+
+#define MAXFUZZYRATE 10000000
+#define MINFUZZYRATE 3
+
+struct ip6t_fuzzy_info {
+       u_int32_t minimum_rate;
+       u_int32_t maximum_rate;
+       u_int32_t packets_total;
+       u_int32_t bytes_total;
+       u_int32_t previous_time;
+       u_int32_t present_time;
+       u_int32_t mean_rate;
+       u_int8_t acceptance_rate;
+};
+
+#endif /*_IP6T_FUZZY_H*/
diff -urN linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv6/ip6t_HL.h linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv6/ip6t_HL.h
--- linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv6/ip6t_HL.h       1970-01-01 01:00:00.000000000 +0100
+++ linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv6/ip6t_HL.h   2004-08-19 21:32:39.922275640 +0200
@@ -0,0 +1,22 @@
+/* Hop Limit modification module for ip6tables
+ * Maciej Soltysiak <solt@dns.toxicfilms.tv>
+ * Based on HW's TTL module */
+
+#ifndef _IP6T_HL_H
+#define _IP6T_HL_H
+
+enum {
+       IP6T_HL_SET = 0,
+       IP6T_HL_INC,
+       IP6T_HL_DEC
+};
+
+#define IP6T_HL_MAXMODE        IP6T_HL_DEC
+
+struct ip6t_HL_info {
+       u_int8_t        mode;
+       u_int8_t        hop_limit;
+};
+
+
+#endif
diff -urN linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv6/ip6t_nth.h linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv6/ip6t_nth.h
--- linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv6/ip6t_nth.h      1970-01-01 01:00:00.000000000 +0100
+++ linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv6/ip6t_nth.h  2004-08-19 21:32:39.924275336 +0200
@@ -0,0 +1,19 @@
+#ifndef _IP6T_NTH_H
+#define _IP6T_NTH_H
+
+#include <linux/param.h>
+#include <linux/types.h>
+
+#ifndef IP6T_NTH_NUM_COUNTERS
+#define IP6T_NTH_NUM_COUNTERS 16
+#endif
+
+struct ip6t_nth_info {
+       u_int8_t every;
+       u_int8_t not;
+       u_int8_t startat;
+       u_int8_t counter;
+       u_int8_t packet;
+};
+
+#endif /*_IP6T_NTH_H*/
diff -urN linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv6/ip6t_owner.h linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv6/ip6t_owner.h
--- linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv6/ip6t_owner.h    2004-08-19 21:31:32.681497792 +0200
+++ linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv6/ip6t_owner.h        2004-08-19 21:32:39.925275184 +0200
@@ -6,12 +6,14 @@
 #define IP6T_OWNER_GID 0x02
 #define IP6T_OWNER_PID 0x04
 #define IP6T_OWNER_SID 0x08
+#define IP6T_OWNER_COMM 0x10
 
 struct ip6t_owner_info {
     uid_t uid;
     gid_t gid;
     pid_t pid;
     pid_t sid;
+    char comm[16];
     u_int8_t match, invert;    /* flags */
 };
 
diff -urN linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv6/ip6t_policy.h linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv6/ip6t_policy.h
--- linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv6/ip6t_policy.h   1970-01-01 01:00:00.000000000 +0100
+++ linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv6/ip6t_policy.h       2004-08-19 21:32:39.926275032 +0200
@@ -0,0 +1,52 @@
+#ifndef _IP6T_POLICY_H
+#define _IP6T_POLICY_H
+
+#define POLICY_MAX_ELEM        4
+
+enum ip6t_policy_flags
+{
+       POLICY_MATCH_IN         = 0x1,
+       POLICY_MATCH_OUT        = 0x2,
+       POLICY_MATCH_NONE       = 0x4,
+       POLICY_MATCH_STRICT     = 0x8,
+};
+
+enum ip6t_policy_modes
+{
+       POLICY_MODE_TRANSPORT,
+       POLICY_MODE_TUNNEL
+};
+
+struct ip6t_policy_spec
+{
+       u_int8_t        saddr:1,
+                       daddr:1,
+                       proto:1,
+                       mode:1,
+                       spi:1,
+                       reqid:1;
+};
+
+struct ip6t_policy_elem
+{
+       struct in6_addr saddr;
+       struct in6_addr smask;
+       struct in6_addr daddr;
+       struct in6_addr dmask;
+       u_int32_t       spi;
+       u_int32_t       reqid;
+       u_int8_t        proto;
+       u_int8_t        mode;
+
+       struct ip6t_policy_spec match;
+       struct ip6t_policy_spec invert;
+};
+
+struct ip6t_policy_info
+{
+       struct ip6t_policy_elem pol[POLICY_MAX_ELEM];
+       u_int16_t flags;
+       u_int16_t len;
+};
+
+#endif /* _IP6T_POLICY_H */
diff -urN linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv6/ip6t_REJECT.h linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv6/ip6t_REJECT.h
--- linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv6/ip6t_REJECT.h   2004-08-19 21:31:32.678498248 +0200
+++ linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv6/ip6t_REJECT.h       2004-08-19 21:32:39.927274880 +0200
@@ -2,15 +2,17 @@
 #define _IP6T_REJECT_H
 
 enum ip6t_reject_with {
-       IP6T_ICMP_NET_UNREACHABLE,
-       IP6T_ICMP_HOST_UNREACHABLE,
-       IP6T_ICMP_PROT_UNREACHABLE,
-       IP6T_ICMP_PORT_UNREACHABLE,
-       IP6T_ICMP_ECHOREPLY
+       IP6T_ICMP6_NO_ROUTE,
+       IP6T_ICMP6_ADM_PROHIBITED,
+       IP6T_ICMP6_NOT_NEIGHBOUR,
+       IP6T_ICMP6_ADDR_UNREACH,
+       IP6T_ICMP6_PORT_UNREACH,
+       IP6T_ICMP6_ECHOREPLY,
+       IP6T_TCP_RESET
 };
 
 struct ip6t_reject_info {
        enum ip6t_reject_with with;      /* reject type */
 };
 
-#endif /*_IPT_REJECT_H*/
+#endif /*_IP6T_REJECT_H*/
diff -urN linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv6/ip6t_ROUTE.h linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv6/ip6t_ROUTE.h
--- linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv6/ip6t_ROUTE.h    1970-01-01 01:00:00.000000000 +0100
+++ linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv6/ip6t_ROUTE.h        2004-08-19 21:32:39.928274728 +0200
@@ -0,0 +1,22 @@
+/* Header file for iptables ip6t_ROUTE target
+ *
+ * (C) 2003 by Cédric de Launois <delaunois@info.ucl.ac.be>
+ *
+ * This software is distributed under GNU GPL v2, 1991
+ */
+#ifndef _IPT_ROUTE_H_target
+#define _IPT_ROUTE_H_target
+
+#define IP6T_ROUTE_IFNAMSIZ 16
+
+struct ip6t_route_target_info {
+       char      oif[IP6T_ROUTE_IFNAMSIZ];     /* Output Interface Name */
+       char      iif[IP6T_ROUTE_IFNAMSIZ];     /* Input Interface Name  */
+       u_int32_t gw[4];                        /* IPv6 address of gateway */
+       u_int8_t  flags;
+};
+
+/* Values for "flags" field */
+#define IP6T_ROUTE_CONTINUE        0x01
+
+#endif /*_IP6T_ROUTE_H_target*/