1 diff -urN linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv4/ip_conntrack.h linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv4/ip_conntrack.h
2 --- linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv4/ip_conntrack.h 2004-08-19 21:31:32.676498552 +0200
3 +++ linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv4/ip_conntrack.h 2004-08-19 21:32:30.805661576 +0200
6 #include <linux/netfilter_ipv4/ip_conntrack_tcp.h>
7 #include <linux/netfilter_ipv4/ip_conntrack_icmp.h>
8 +#include <linux/netfilter_ipv4/ip_conntrack_sctp.h>
10 /* per conntrack: protocol private data */
11 union ip_conntrack_proto {
12 /* insert conntrack proto private data here */
13 + struct ip_ct_sctp sctp;
15 struct ip_ct_icmp icmp;
17 diff -urN linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv4/ip_conntrack_sctp.h linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv4/ip_conntrack_sctp.h
18 --- linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv4/ip_conntrack_sctp.h 1970-01-01 01:00:00.000000000 +0100
19 +++ linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv4/ip_conntrack_sctp.h 2004-08-19 21:32:30.808661120 +0200
21 +#ifndef _IP_CONNTRACK_SCTP_H
22 +#define _IP_CONNTRACK_SCTP_H
25 +enum sctp_conntrack {
26 + SCTP_CONNTRACK_NONE,
27 + SCTP_CONNTRACK_CLOSED,
28 + SCTP_CONNTRACK_COOKIE_WAIT,
29 + SCTP_CONNTRACK_COOKIE_ECHOED,
30 + SCTP_CONNTRACK_ESTABLISHED,
31 + SCTP_CONNTRACK_SHUTDOWN_SENT,
32 + SCTP_CONNTRACK_SHUTDOWN_RECD,
33 + SCTP_CONNTRACK_SHUTDOWN_ACK_SENT,
39 + enum sctp_conntrack state;
41 + u_int32_t vtag[IP_CT_DIR_MAX];
42 + u_int32_t ttag[IP_CT_DIR_MAX];
45 +#endif /* _IP_CONNTRACK_SCTP_H */
46 diff -urN linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv4/ip_conntrack_tuple.h linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv4/ip_conntrack_tuple.h
47 --- linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv4/ip_conntrack_tuple.h 2004-08-19 21:31:32.670499464 +0200
48 +++ linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv4/ip_conntrack_tuple.h 2004-08-19 21:32:30.810660816 +0200
58 /* The manipulable part of the tuple. */
69 diff -urN linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv4/ip_logging.h linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv4/ip_logging.h
70 --- linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv4/ip_logging.h 1970-01-01 01:00:00.000000000 +0100
71 +++ linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv4/ip_logging.h 2004-08-19 21:32:30.813660360 +0200
73 +/* IPv4 macros for the internal logging interface. */
74 +#ifndef __IP_LOGGING_H
75 +#define __IP_LOGGING_H
77 +#endif /*__IP_LOGGING_H*/
78 diff -urN linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv4/ip_queue.h linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv4/ip_queue.h
79 --- linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv4/ip_queue.h 2004-08-19 21:31:32.665500224 +0200
80 +++ linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv4/ip_queue.h 2004-08-19 21:32:30.816659904 +0200
85 -#include <linux/if.h>
88 /* Messages sent from kernel */
89 typedef struct ipq_packet_msg {
91 unsigned char payload[0]; /* Optional replacement packet */
94 +typedef struct ipq_vwmark_msg {
95 + unsigned int value; /* Verdict to hand to netfilter */
96 + unsigned long id; /* Packet ID for this verdict */
97 + size_t data_len; /* Length of replacement data */
98 + unsigned char payload[0]; /* Optional replacement packet */
99 + unsigned long nfmark; /* Mark for the Packet */
103 typedef struct ipq_peer_msg {
105 ipq_verdict_msg_t verdict;
107 + ipq_vwmark_msg_t vwmark;
112 #define IPQM_MODE (IPQM_BASE + 1) /* Mode request from peer */
113 #define IPQM_VERDICT (IPQM_BASE + 2) /* Verdict from peer */
114 #define IPQM_PACKET (IPQM_BASE + 3) /* Packet from kernel */
115 -#define IPQM_MAX (IPQM_BASE + 4)
116 +#define IPQM_VWMARK (IPQM_BASE + 4) /* Verdict and mark from peer */
117 +#define IPQM_MAX (IPQM_BASE + 5)
119 #endif /*_IP_QUEUE_H*/
120 diff -urN linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv4/ipt_account.h linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv4/ipt_account.h
121 --- linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv4/ipt_account.h 1970-01-01 01:00:00.000000000 +0100
122 +++ linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv4/ipt_account.h 2004-08-19 21:32:35.740911304 +0200
125 + * accounting match (ipt_account.c)
126 + * (C) 2003,2004 by Piotr Gasid³o (quaker@barbara.eu.org)
130 + * This software is distributed under the terms of GNU GPL
133 +#ifndef _IPT_ACCOUNT_H_
134 +#define _IPT_ACCOUNT_H_
136 +#define IPT_ACCOUNT_NAME_LEN 64
138 +struct t_ipt_account_info {
139 + char name[IPT_ACCOUNT_NAME_LEN];
145 diff -urN linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv4/ipt_connlimit.h linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv4/ipt_connlimit.h
146 --- linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv4/ipt_connlimit.h 1970-01-01 01:00:00.000000000 +0100
147 +++ linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv4/ipt_connlimit.h 2004-08-19 21:32:37.256680872 +0200
149 +#ifndef _IPT_CONNLIMIT_H
150 +#define _IPT_CONNLIMIT_H
152 +struct ipt_connlimit_data;
154 +struct ipt_connlimit_info {
158 + struct ipt_connlimit_data *data;
160 +#endif /* _IPT_CONNLIMIT_H */
161 diff -urN linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv4/ipt_connmark.h linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv4/ipt_connmark.h
162 --- linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv4/ipt_connmark.h 1970-01-01 01:00:00.000000000 +0100
163 +++ linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv4/ipt_connmark.h 2004-08-19 21:32:37.257680720 +0200
165 +#ifndef _IPT_CONNMARK_H
166 +#define _IPT_CONNMARK_H
168 +/* Copyright (C) 2002,2004 MARA Systems AB <http://www.marasystems.com>
169 + * by Henrik Nordstrom <hno@marasystems.com>
171 + * This program is free software; you can redistribute it and/or modify
172 + * it under the terms of the GNU General Public License as published by
173 + * the Free Software Foundation; either version 2 of the License, or
174 + * (at your option) any later version.
177 +struct ipt_connmark_info {
178 + unsigned long mark, mask;
182 +#endif /*_IPT_CONNMARK_H*/
183 diff -urN linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv4/ipt_CONNMARK.h linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv4/ipt_CONNMARK.h
184 --- linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv4/ipt_CONNMARK.h 1970-01-01 01:00:00.000000000 +0100
185 +++ linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv4/ipt_CONNMARK.h 2004-08-19 21:32:37.258680568 +0200
187 +#ifndef _IPT_CONNMARK_H_target
188 +#define _IPT_CONNMARK_H_target
190 +/* Copyright (C) 2002,2004 MARA Systems AB <http://www.marasystems.com>
191 + * by Henrik Nordstrom <hno@marasystems.com>
193 + * This program is free software; you can redistribute it and/or modify
194 + * it under the terms of the GNU General Public License as published by
195 + * the Free Software Foundation; either version 2 of the License, or
196 + * (at your option) any later version.
200 + IPT_CONNMARK_SET = 0,
202 + IPT_CONNMARK_RESTORE
205 +struct ipt_connmark_target_info {
206 + unsigned long mark;
207 + unsigned long mask;
211 +#endif /*_IPT_CONNMARK_H_target*/
212 diff -urN linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv4/ipt_dstlimit.h linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv4/ipt_dstlimit.h
213 --- linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv4/ipt_dstlimit.h 1970-01-01 01:00:00.000000000 +0100
214 +++ linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv4/ipt_dstlimit.h 2004-08-19 21:32:37.273678288 +0200
216 +#ifndef _IPT_DSTLIMIT_H
217 +#define _IPT_DSTLIMIT_H
219 +/* timings are in milliseconds. */
220 +#define IPT_DSTLIMIT_SCALE 10000
221 +/* 1/10,000 sec period => max of 10,000/sec. Min rate is then 429490
222 + seconds, or one every 59 hours. */
224 +/* details of this structure hidden by the implementation */
225 +struct ipt_dstlimit_htable;
227 +#define IPT_DSTLIMIT_HASH_DIP 0x0001
228 +#define IPT_DSTLIMIT_HASH_DPT 0x0002
229 +#define IPT_DSTLIMIT_HASH_SIP 0x0004
231 +struct dstlimit_cfg {
232 + u_int32_t mode; /* bitmask of IPT_DSTLIMIT_HASH_* */
233 + u_int32_t avg; /* Average secs between packets * scale */
234 + u_int32_t burst; /* Period multiplier for upper limit. */
236 + /* user specified */
237 + u_int32_t size; /* how many buckets */
238 + u_int32_t max; /* max number of entries */
239 + u_int32_t gc_interval; /* gc interval */
240 + u_int32_t expire; /* when do entries expire? */
243 +struct ipt_dstlimit_info {
244 + char name [IFNAMSIZ]; /* name */
245 + struct dstlimit_cfg cfg;
246 + struct ipt_dstlimit_htable *hinfo;
248 + /* Used internally by the kernel */
251 + struct ipt_dstlimit_info *master;
254 +#endif /*_IPT_DSTLIMIT_H*/
255 diff -urN linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv4/ipt_fuzzy.h linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv4/ipt_fuzzy.h
256 --- linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv4/ipt_fuzzy.h 1970-01-01 01:00:00.000000000 +0100
257 +++ linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv4/ipt_fuzzy.h 2004-08-19 21:32:37.275677984 +0200
259 +#ifndef _IPT_FUZZY_H
260 +#define _IPT_FUZZY_H
262 +#include <linux/param.h>
263 +#include <linux/types.h>
265 +#define MAXFUZZYRATE 10000000
266 +#define MINFUZZYRATE 3
268 +struct ipt_fuzzy_info {
269 + u_int32_t minimum_rate;
270 + u_int32_t maximum_rate;
271 + u_int32_t packets_total;
272 + u_int32_t bytes_total;
273 + u_int32_t previous_time;
274 + u_int32_t present_time;
275 + u_int32_t mean_rate;
276 + u_int8_t acceptance_rate;
279 +#endif /*_IPT_FUZZY_H*/
280 diff -urN linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv4/ipt_IMQ.h linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv4/ipt_IMQ.h
281 --- linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv4/ipt_IMQ.h 1970-01-01 01:00:00.000000000 +0100
282 +++ linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv4/ipt_IMQ.h 2004-08-19 21:32:37.277677680 +0200
287 +struct ipt_imq_info {
288 + unsigned int todev; /* target imq device */
291 +#endif /* _IPT_IMQ_H */
292 diff -urN linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv4/ipt_IPMARK.h linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv4/ipt_IPMARK.h
293 --- linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv4/ipt_IPMARK.h 1970-01-01 01:00:00.000000000 +0100
294 +++ linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv4/ipt_IPMARK.h 2004-08-19 21:32:37.280677224 +0200
296 +#ifndef _IPT_IPMARK_H_target
297 +#define _IPT_IPMARK_H_target
299 +struct ipt_ipmark_target_info {
300 + unsigned long andmask;
301 + unsigned long ormask;
305 +#define IPT_IPMARK_SRC 0
306 +#define IPT_IPMARK_DST 1
308 +#endif /*_IPT_IPMARK_H_target*/
309 diff -urN linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv4/ipt_ipv4options.h linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv4/ipt_ipv4options.h
310 --- linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv4/ipt_ipv4options.h 1970-01-01 01:00:00.000000000 +0100
311 +++ linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv4/ipt_ipv4options.h 2004-08-19 21:32:37.282676920 +0200
313 +#ifndef __ipt_ipv4options_h_included__
314 +#define __ipt_ipv4options_h_included__
316 +#define IPT_IPV4OPTION_MATCH_SSRR 0x01 /* For strict source routing */
317 +#define IPT_IPV4OPTION_MATCH_LSRR 0x02 /* For loose source routing */
318 +#define IPT_IPV4OPTION_DONT_MATCH_SRR 0x04 /* any source routing */
319 +#define IPT_IPV4OPTION_MATCH_RR 0x08 /* For Record route */
320 +#define IPT_IPV4OPTION_DONT_MATCH_RR 0x10
321 +#define IPT_IPV4OPTION_MATCH_TIMESTAMP 0x20 /* For timestamp request */
322 +#define IPT_IPV4OPTION_DONT_MATCH_TIMESTAMP 0x40
323 +#define IPT_IPV4OPTION_MATCH_ROUTER_ALERT 0x80 /* For router-alert */
324 +#define IPT_IPV4OPTION_DONT_MATCH_ROUTER_ALERT 0x100
325 +#define IPT_IPV4OPTION_MATCH_ANY_OPT 0x200 /* match packet with any option */
326 +#define IPT_IPV4OPTION_DONT_MATCH_ANY_OPT 0x400 /* match packet with no option */
328 +struct ipt_ipv4options_info {
333 +#endif /* __ipt_ipv4options_h_included__ */
334 diff -urN linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv4/ipt_layer7.h linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv4/ipt_layer7.h
335 --- linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv4/ipt_layer7.h 1970-01-01 01:00:00.000000000 +0100
336 +++ linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv4/ipt_layer7.h 2004-08-19 21:32:37.284676616 +0200
339 + By Matthew Strait <quadong@users.sf.net>, Dec 2003.
340 + http://l7-filter.sf.net
342 + This program is free software; you can redistribute it and/or
343 + modify it under the terms of the GNU General Public License
344 + as published by the Free Software Foundation; either version
345 + 2 of the License, or (at your option) any later version.
346 + http://www.gnu.org/licenses/gpl.txt
349 +#ifndef _IPT_LAYER7_H
350 +#define _IPT_LAYER7_H
352 +#define MAX_PATTERN_LEN 8192
353 +#define MAX_PROTOCOL_LEN 256
355 +typedef char *(*proc_ipt_search) (char *, char, char *);
357 +struct ipt_layer7_info {
358 + char protocol[MAX_PROTOCOL_LEN];
360 + char pattern[MAX_PATTERN_LEN];
363 +#endif /* _IPT_LAYER7_H */
364 diff -urN linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv4/ipt_mport.h linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv4/ipt_mport.h
365 --- linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv4/ipt_mport.h 1970-01-01 01:00:00.000000000 +0100
366 +++ linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv4/ipt_mport.h 2004-08-19 21:32:37.286676312 +0200
368 +#ifndef _IPT_MPORT_H
369 +#define _IPT_MPORT_H
370 +#include <linux/netfilter_ipv4/ip_tables.h>
372 +#define IPT_MPORT_SOURCE (1<<0)
373 +#define IPT_MPORT_DESTINATION (1<<1)
374 +#define IPT_MPORT_EITHER (IPT_MPORT_SOURCE|IPT_MPORT_DESTINATION)
376 +#define IPT_MULTI_PORTS 15
378 +/* Must fit inside union ipt_matchinfo: 32 bytes */
379 +/* every entry in ports[] except for the last one has one bit in pflags
380 + * associated with it. If this bit is set, the port is the first port of
381 + * a portrange, with the next entry being the last.
382 + * End of list is marked with pflags bit set and port=65535.
383 + * If 14 ports are used (last one does not have a pflag), the last port
384 + * is repeated to fill the last entry in ports[] */
387 + u_int8_t flags:2; /* Type of comparison */
388 + u_int16_t pflags:14; /* Port flags */
389 + u_int16_t ports[IPT_MULTI_PORTS]; /* Ports */
391 +#endif /*_IPT_MPORT_H*/
392 diff -urN linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv4/ipt_nth.h linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv4/ipt_nth.h
393 --- linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv4/ipt_nth.h 1970-01-01 01:00:00.000000000 +0100
394 +++ linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv4/ipt_nth.h 2004-08-19 21:32:37.289675856 +0200
399 +#include <linux/param.h>
400 +#include <linux/types.h>
402 +#ifndef IPT_NTH_NUM_COUNTERS
403 +#define IPT_NTH_NUM_COUNTERS 16
406 +struct ipt_nth_info {
414 +#endif /*_IPT_NTH_H*/
415 diff -urN linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv4/ipt_policy.h linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv4/ipt_policy.h
416 --- linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv4/ipt_policy.h 1970-01-01 01:00:00.000000000 +0100
417 +++ linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv4/ipt_policy.h 2004-08-19 21:32:37.291675552 +0200
419 +#ifndef _IPT_POLICY_H
420 +#define _IPT_POLICY_H
422 +#define POLICY_MAX_ELEM 4
424 +enum ipt_policy_flags
426 + POLICY_MATCH_IN = 0x1,
427 + POLICY_MATCH_OUT = 0x2,
428 + POLICY_MATCH_NONE = 0x4,
429 + POLICY_MATCH_STRICT = 0x8,
432 +enum ipt_policy_modes
434 + POLICY_MODE_TRANSPORT,
438 +struct ipt_policy_spec
448 +struct ipt_policy_elem
459 + struct ipt_policy_spec match;
460 + struct ipt_policy_spec invert;
463 +struct ipt_policy_info
465 + struct ipt_policy_elem pol[POLICY_MAX_ELEM];
470 +#endif /* _IPT_POLICY_H */
471 diff -urN linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv4/ipt_psd.h linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv4/ipt_psd.h
472 --- linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv4/ipt_psd.h 1970-01-01 01:00:00.000000000 +0100
473 +++ linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv4/ipt_psd.h 2004-08-19 21:32:37.293675248 +0200
478 +#include <linux/param.h>
479 +#include <linux/types.h>
482 + * High port numbers have a lower weight to reduce the frequency of false
483 + * positives, such as from passive mode FTP transfers.
485 +#define PORT_WEIGHT_PRIV 3
486 +#define PORT_WEIGHT_HIGH 1
489 + * Port scan detection thresholds: at least COUNT ports need to be scanned
490 + * from the same source, with no longer than DELAY ticks between ports.
492 +#define SCAN_MIN_COUNT 7
493 +#define SCAN_MAX_COUNT (SCAN_MIN_COUNT * PORT_WEIGHT_PRIV)
494 +#define SCAN_WEIGHT_THRESHOLD SCAN_MAX_COUNT
495 +#define SCAN_DELAY_THRESHOLD (300) /* old usage of HZ here was erroneously and broke under uml */
498 + * Keep track of up to LIST_SIZE source addresses, using a hash table of
499 + * HASH_SIZE entries for faster lookups, but limiting hash collisions to
500 + * HASH_MAX source addresses per the same hash value.
502 +#define LIST_SIZE 0x100
504 +#define HASH_SIZE (1 << HASH_LOG)
505 +#define HASH_MAX 0x10
507 +struct ipt_psd_info {
508 + unsigned int weight_threshold;
509 + unsigned int delay_threshold;
510 + unsigned short lo_ports_weight;
511 + unsigned short hi_ports_weight;
514 +#endif /*_IPT_PSD_H*/
515 diff -urN linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv4/ipt_quota.h linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv4/ipt_quota.h
516 --- linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv4/ipt_quota.h 1970-01-01 01:00:00.000000000 +0100
517 +++ linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv4/ipt_quota.h 2004-08-19 21:32:37.295674944 +0200
519 +#ifndef _IPT_QUOTA_H
520 +#define _IPT_QUOTA_H
522 +/* print debug info in both kernel/netfilter module & iptable library */
523 +//#define DEBUG_IPT_QUOTA
525 +struct ipt_quota_info {
529 +#endif /*_IPT_QUOTA_H*/
530 diff -urN linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv4/ipt_ROUTE.h linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv4/ipt_ROUTE.h
531 --- linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv4/ipt_ROUTE.h 1970-01-01 01:00:00.000000000 +0100
532 +++ linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv4/ipt_ROUTE.h 2004-08-19 21:32:38.942424600 +0200
534 +/* Header file for iptables ipt_ROUTE target
536 + * (C) 2002 by Cédric de Launois <delaunois@info.ucl.ac.be>
538 + * This software is distributed under GNU GPL v2, 1991
540 +#ifndef _IPT_ROUTE_H_target
541 +#define _IPT_ROUTE_H_target
543 +#define IPT_ROUTE_IFNAMSIZ 16
545 +struct ipt_route_target_info {
546 + char oif[IPT_ROUTE_IFNAMSIZ]; /* Output Interface Name */
547 + char iif[IPT_ROUTE_IFNAMSIZ]; /* Input Interface Name */
548 + u_int32_t gw; /* IP address of gateway */
552 +/* Values for "flags" field */
553 +#define IPT_ROUTE_CONTINUE 0x01
555 +#endif /*_IPT_ROUTE_H_target*/
556 diff -urN linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv4/ipt_sctp.h linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv4/ipt_sctp.h
557 --- linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv4/ipt_sctp.h 1970-01-01 01:00:00.000000000 +0100
558 +++ linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv4/ipt_sctp.h 2004-08-19 21:32:38.943424448 +0200
560 +#ifndef _IPT_SCTP_H_
561 +#define _IPT_SCTP_H_
563 +#define IPT_SCTP_SRC_PORTS 0x01
564 +#define IPT_SCTP_DEST_PORTS 0x02
565 +#define IPT_SCTP_CHUNK_TYPES 0x04
567 +#define IPT_SCTP_VALID_FLAGS 0x07
569 +#define ELEMCOUNT(x) (sizeof(x)/sizeof(x[0]))
572 +struct ipt_sctp_flag_info {
573 + u_int8_t chunktype;
575 + u_int8_t flag_mask;
578 +#define IPT_NUM_SCTP_FLAGS 4
580 +struct ipt_sctp_info {
581 + u_int16_t dpts[2]; /* Min, Max */
582 + u_int16_t spts[2]; /* Min, Max */
584 + u_int32_t chunkmap[256 / sizeof (u_int32_t)]; /* Bit mask of chunks to be matched according to RFC 2960 */
586 +#define SCTP_CHUNK_MATCH_ANY 0x01 /* Match if any of the chunk types are present */
587 +#define SCTP_CHUNK_MATCH_ALL 0x02 /* Match if all of the chunk types are present */
588 +#define SCTP_CHUNK_MATCH_ONLY 0x04 /* Match if these are the only chunk types present */
590 + u_int32_t chunk_match_type;
591 + struct ipt_sctp_flag_info flag_info[IPT_NUM_SCTP_FLAGS];
595 + u_int32_t invflags;
598 +#define bytes(type) (sizeof(type) * 8)
600 +#define SCTP_CHUNKMAP_SET(chunkmap, type) \
602 + chunkmap[type / bytes(u_int32_t)] |= \
603 + 1 << (type % bytes(u_int32_t)); \
606 +#define SCTP_CHUNKMAP_CLEAR(chunkmap, type) \
608 + chunkmap[type / bytes(u_int32_t)] &= \
609 + ~(1 << (type % bytes(u_int32_t))); \
612 +#define SCTP_CHUNKMAP_IS_SET(chunkmap, type) \
614 + (chunkmap[type / bytes (u_int32_t)] & \
615 + (1 << (type % bytes (u_int32_t)))) ? 1: 0; \
618 +#define SCTP_CHUNKMAP_RESET(chunkmap) \
621 + for (i = 0; i < ELEMCOUNT(chunkmap); i++) \
625 +#define SCTP_CHUNKMAP_SET_ALL(chunkmap) \
628 + for (i = 0; i < ELEMCOUNT(chunkmap); i++) \
629 + chunkmap[i] = ~0; \
632 +#define SCTP_CHUNKMAP_COPY(destmap, srcmap) \
635 + for (i = 0; i < ELEMCOUNT(chunkmap); i++) \
636 + destmap[i] = srcmap[i]; \
639 +#define SCTP_CHUNKMAP_IS_CLEAR(chunkmap) \
643 + for (i = 0; i < ELEMCOUNT(chunkmap); i++) { \
644 + if (chunkmap[i]) { \
652 +#define SCTP_CHUNKMAP_IS_ALL_SET(chunkmap) \
656 + for (i = 0; i < ELEMCOUNT(chunkmap); i++) { \
657 + if (chunkmap[i] != ~0) { \
665 +#endif /* _IPT_SCTP_H_ */
667 diff -urN linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv4/ipt_string.h linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv4/ipt_string.h
668 --- linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv4/ipt_string.h 1970-01-01 01:00:00.000000000 +0100
669 +++ linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv4/ipt_string.h 2004-08-19 21:32:38.945424144 +0200
671 +#ifndef _IPT_STRING_H
672 +#define _IPT_STRING_H
674 +/* *** PERFORMANCE TWEAK ***
675 + * Packet size and search string threshold,
676 + * above which sublinear searches is used. */
677 +#define IPT_STRING_HAYSTACK_THRESH 100
678 +#define IPT_STRING_NEEDLE_THRESH 20
680 +#define BM_MAX_NLEN 256
681 +#define BM_MAX_HLEN 1024
683 +typedef char *(*proc_ipt_search) (char *, char *, int, int);
685 +struct ipt_string_info {
686 + char string[BM_MAX_NLEN];
691 +#endif /* _IPT_STRING_H */
692 diff -urN linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv4/ipt_time.h linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv4/ipt_time.h
693 --- linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv4/ipt_time.h 1970-01-01 01:00:00.000000000 +0100
694 +++ linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv4/ipt_time.h 2004-08-19 21:32:38.947423840 +0200
696 +#ifndef __ipt_time_h_included__
697 +#define __ipt_time_h_included__
700 +struct ipt_time_info {
701 + u_int8_t days_match; /* 1 bit per day. -SMTWTFS */
702 + u_int16_t time_start; /* 0 < time_start < 23*60+59 = 1439 */
703 + u_int16_t time_stop; /* 0:0 < time_stat < 23:59 */
704 + u_int8_t kerneltime; /* ignore skb time (and use kerneltime) or not. */
710 +#endif /* __ipt_time_h_included__ */
711 diff -urN linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv4/ipt_TTL.h linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv4/ipt_TTL.h
712 --- linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv4/ipt_TTL.h 1970-01-01 01:00:00.000000000 +0100
713 +++ linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv4/ipt_TTL.h 2004-08-19 21:32:38.949423536 +0200
715 +/* TTL modification module for IP tables
716 + * (C) 2000 by Harald Welte <laforge@gnumonks.org> */
727 +#define IPT_TTL_MAXMODE IPT_TTL_DEC
729 +struct ipt_TTL_info {
736 diff -urN linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv4/ipt_XOR.h linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv4/ipt_XOR.h
737 --- linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv4/ipt_XOR.h 1970-01-01 01:00:00.000000000 +0100
738 +++ linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv4/ipt_XOR.h 2004-08-19 21:32:38.950423384 +0200
743 +struct ipt_XOR_info {
745 + u_int8_t block_size;
748 +#endif /* _IPT_XOR_H */
749 diff -urN linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv6/ip6_logging.h linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv6/ip6_logging.h
750 --- linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv6/ip6_logging.h 1970-01-01 01:00:00.000000000 +0100
751 +++ linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv6/ip6_logging.h 2004-08-19 21:32:38.952423080 +0200
753 +/* IPv6 macros for the nternal logging interface. */
754 +#ifndef __IP6_LOGGING_H
755 +#define __IP6_LOGGING_H
757 +#endif /*__IP6_LOGGING_H*/
758 diff -urN linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv6/ip6t_fuzzy.h linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv6/ip6t_fuzzy.h
759 --- linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv6/ip6t_fuzzy.h 1970-01-01 01:00:00.000000000 +0100
760 +++ linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv6/ip6t_fuzzy.h 2004-08-19 21:32:39.921275792 +0200
762 +#ifndef _IP6T_FUZZY_H
763 +#define _IP6T_FUZZY_H
765 +#include <linux/param.h>
766 +#include <linux/types.h>
768 +#define MAXFUZZYRATE 10000000
769 +#define MINFUZZYRATE 3
771 +struct ip6t_fuzzy_info {
772 + u_int32_t minimum_rate;
773 + u_int32_t maximum_rate;
774 + u_int32_t packets_total;
775 + u_int32_t bytes_total;
776 + u_int32_t previous_time;
777 + u_int32_t present_time;
778 + u_int32_t mean_rate;
779 + u_int8_t acceptance_rate;
782 +#endif /*_IP6T_FUZZY_H*/
783 diff -urN linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv6/ip6t_HL.h linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv6/ip6t_HL.h
784 --- linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv6/ip6t_HL.h 1970-01-01 01:00:00.000000000 +0100
785 +++ linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv6/ip6t_HL.h 2004-08-19 21:32:39.922275640 +0200
787 +/* Hop Limit modification module for ip6tables
788 + * Maciej Soltysiak <solt@dns.toxicfilms.tv>
789 + * Based on HW's TTL module */
800 +#define IP6T_HL_MAXMODE IP6T_HL_DEC
802 +struct ip6t_HL_info {
804 + u_int8_t hop_limit;
809 diff -urN linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv6/ip6t_nth.h linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv6/ip6t_nth.h
810 --- linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv6/ip6t_nth.h 1970-01-01 01:00:00.000000000 +0100
811 +++ linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv6/ip6t_nth.h 2004-08-19 21:32:39.924275336 +0200
816 +#include <linux/param.h>
817 +#include <linux/types.h>
819 +#ifndef IP6T_NTH_NUM_COUNTERS
820 +#define IP6T_NTH_NUM_COUNTERS 16
823 +struct ip6t_nth_info {
831 +#endif /*_IP6T_NTH_H*/
832 diff -urN linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv6/ip6t_owner.h linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv6/ip6t_owner.h
833 --- linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv6/ip6t_owner.h 2004-08-19 21:31:32.681497792 +0200
834 +++ linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv6/ip6t_owner.h 2004-08-19 21:32:39.925275184 +0200
836 #define IP6T_OWNER_GID 0x02
837 #define IP6T_OWNER_PID 0x04
838 #define IP6T_OWNER_SID 0x08
839 +#define IP6T_OWNER_COMM 0x10
841 struct ip6t_owner_info {
847 u_int8_t match, invert; /* flags */
850 diff -urN linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv6/ip6t_policy.h linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv6/ip6t_policy.h
851 --- linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv6/ip6t_policy.h 1970-01-01 01:00:00.000000000 +0100
852 +++ linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv6/ip6t_policy.h 2004-08-19 21:32:39.926275032 +0200
854 +#ifndef _IP6T_POLICY_H
855 +#define _IP6T_POLICY_H
857 +#define POLICY_MAX_ELEM 4
859 +enum ip6t_policy_flags
861 + POLICY_MATCH_IN = 0x1,
862 + POLICY_MATCH_OUT = 0x2,
863 + POLICY_MATCH_NONE = 0x4,
864 + POLICY_MATCH_STRICT = 0x8,
867 +enum ip6t_policy_modes
869 + POLICY_MODE_TRANSPORT,
873 +struct ip6t_policy_spec
883 +struct ip6t_policy_elem
885 + struct in6_addr saddr;
886 + struct in6_addr smask;
887 + struct in6_addr daddr;
888 + struct in6_addr dmask;
894 + struct ip6t_policy_spec match;
895 + struct ip6t_policy_spec invert;
898 +struct ip6t_policy_info
900 + struct ip6t_policy_elem pol[POLICY_MAX_ELEM];
905 +#endif /* _IP6T_POLICY_H */
906 diff -urN linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv6/ip6t_REJECT.h linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv6/ip6t_REJECT.h
907 --- linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv6/ip6t_REJECT.h 2004-08-19 21:31:32.678498248 +0200
908 +++ linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv6/ip6t_REJECT.h 2004-08-19 21:32:39.927274880 +0200
910 #define _IP6T_REJECT_H
912 enum ip6t_reject_with {
913 - IP6T_ICMP_NET_UNREACHABLE,
914 - IP6T_ICMP_HOST_UNREACHABLE,
915 - IP6T_ICMP_PROT_UNREACHABLE,
916 - IP6T_ICMP_PORT_UNREACHABLE,
917 - IP6T_ICMP_ECHOREPLY
918 + IP6T_ICMP6_NO_ROUTE,
919 + IP6T_ICMP6_ADM_PROHIBITED,
920 + IP6T_ICMP6_NOT_NEIGHBOUR,
921 + IP6T_ICMP6_ADDR_UNREACH,
922 + IP6T_ICMP6_PORT_UNREACH,
923 + IP6T_ICMP6_ECHOREPLY,
927 struct ip6t_reject_info {
928 enum ip6t_reject_with with; /* reject type */
931 -#endif /*_IPT_REJECT_H*/
932 +#endif /*_IP6T_REJECT_H*/
933 diff -urN linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv6/ip6t_ROUTE.h linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv6/ip6t_ROUTE.h
934 --- linux-libc-headers-2.6.8.0.org/include/linux/netfilter_ipv6/ip6t_ROUTE.h 1970-01-01 01:00:00.000000000 +0100
935 +++ linux-libc-headers-2.6.8.0/include/linux/netfilter_ipv6/ip6t_ROUTE.h 2004-08-19 21:32:39.928274728 +0200
937 +/* Header file for iptables ip6t_ROUTE target
939 + * (C) 2003 by Cédric de Launois <delaunois@info.ucl.ac.be>
941 + * This software is distributed under GNU GPL v2, 1991
943 +#ifndef _IPT_ROUTE_H_target
944 +#define _IPT_ROUTE_H_target
946 +#define IP6T_ROUTE_IFNAMSIZ 16
948 +struct ip6t_route_target_info {
949 + char oif[IP6T_ROUTE_IFNAMSIZ]; /* Output Interface Name */
950 + char iif[IP6T_ROUTE_IFNAMSIZ]; /* Input Interface Name */
951 + u_int32_t gw[4]; /* IPv6 address of gateway */
955 +/* Values for "flags" field */
956 +#define IP6T_ROUTE_CONTINUE 0x01
958 +#endif /*_IP6T_ROUTE_H_target*/