1 diff -uNr linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv4.orig/ip_pool.h linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv4/ip_pool.h
2 --- linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv4.orig/ip_pool.h 1970-01-01 01:00:00.000000000 +0100
3 +++ linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv4/ip_pool.h 2004-03-28 17:56:33.830211432 +0200
8 +/***************************************************************************/
9 +/* This program is free software; you can redistribute it and/or modify */
10 +/* it under the terms of the GNU General Public License as published by */
11 +/* the Free Software Foundation; either version 2 of the License, or */
12 +/* (at your option) any later version. */
14 +/* This program is distributed in the hope that it will be useful, */
15 +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */
16 +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */
17 +/* GNU General Public License for more details. */
19 +/* You should have received a copy of the GNU General Public License */
20 +/* along with this program; if not, write to the Free Software */
21 +/* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA*/
22 +/***************************************************************************/
24 +/* A sockopt of such quality has hardly ever been seen before on the open
25 + * market! This little beauty, hardly ever used: above 64, so it's
26 + * traditionally used for firewalling, not touched (even once!) by the
27 + * 2.0, 2.2 and 2.4 kernels!
29 + * Comes with its own certificate of authenticity, valid anywhere in the
34 +#define SO_IP_POOL 81
36 +typedef int ip_pool_t; /* pool index */
37 +#define IP_POOL_NONE ((ip_pool_t)-1)
39 +struct ip_pool_request {
46 +/* NOTE: I deliberately break the first cut ippool utility. Nobody uses it. */
48 +#define IP_POOL_BAD001 0x00000010
50 +#define IP_POOL_FLUSH 0x00000011 /* req.index, no arguments */
51 +#define IP_POOL_INIT 0x00000012 /* from addr to addr2 incl. */
52 +#define IP_POOL_DESTROY 0x00000013 /* req.index, no arguments */
53 +#define IP_POOL_ADD_ADDR 0x00000014 /* add addr to pool */
54 +#define IP_POOL_DEL_ADDR 0x00000015 /* del addr from pool */
55 +#define IP_POOL_HIGH_NR 0x00000016 /* result in req.index */
56 +#define IP_POOL_LOOKUP 0x00000017 /* result in addr and addr2 */
57 +#define IP_POOL_USAGE 0x00000018 /* result in addr */
58 +#define IP_POOL_TEST_ADDR 0x00000019 /* result (0/1) returned */
60 +#endif /*_IP_POOL_H*/
61 diff -uNr linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv4.orig/ipt_addrtype.h linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv4/ipt_addrtype.h
62 --- linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv4.orig/ipt_addrtype.h 1970-01-01 01:00:00.000000000 +0100
63 +++ linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv4/ipt_addrtype.h 2004-03-22 21:13:43.000000000 +0100
65 +#ifndef _IPT_ADDRTYPE_H
66 +#define _IPT_ADDRTYPE_H
68 +struct ipt_addrtype_info {
69 + u_int16_t source; /* source-type mask */
70 + u_int16_t dest; /* dest-type mask */
76 diff -uNr linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv4.orig/ipt_childlevel.h linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv4/ipt_childlevel.h
77 --- linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv4.orig/ipt_childlevel.h 1970-01-01 01:00:00.000000000 +0100
78 +++ linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv4/ipt_childlevel.h 2004-03-22 21:13:43.000000000 +0100
81 + By Matthew Strait <quadong@users.sf.net>, Dec 2003.
82 + http://l7-filter.sf.net
84 + This program is free software; you can redistribute it and/or
85 + modify it under the terms of the GNU General Public License
86 + as published by the Free Software Foundation; either version
87 + 2 of the License, or (at your option) any later version.
88 + http://www.gnu.org/licenses/gpl.txt
91 +#ifndef _IPT_CHILDLEVEL_H
92 +#define _IPT_CHILDLEVEL_H
94 +typedef char *(*proc_ipt_search) (u_int32_t, u_int8_t);
96 +struct ipt_childlevel_info {
97 + u_int32_t childlevel;
101 +#endif /* _IPT_CHILDLEVEL_H */
102 diff -uNr linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv4.orig/ipt_connlimit.h linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv4/ipt_connlimit.h
103 --- linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv4.orig/ipt_connlimit.h 1970-01-01 01:00:00.000000000 +0100
104 +++ linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv4/ipt_connlimit.h 2004-03-22 21:13:43.000000000 +0100
106 +#ifndef _IPT_CONNLIMIT_H
107 +#define _IPT_CONNLIMIT_H
109 +struct ipt_connlimit_data;
111 +struct ipt_connlimit_info {
115 + struct ipt_connlimit_data *data;
117 +#endif /* _IPT_CONNLIMIT_H */
118 diff -uNr linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv4.orig/ipt_connmark.h linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv4/ipt_connmark.h
119 --- linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv4.orig/ipt_connmark.h 1970-01-01 01:00:00.000000000 +0100
120 +++ linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv4/ipt_connmark.h 2004-03-22 21:13:43.000000000 +0100
122 +#ifndef _IPT_CONNMARK_H
123 +#define _IPT_CONNMARK_H
125 +/* Copyright (C) 2002,2004 MARA Systems AB <http://www.marasystems.com>
126 + * by Henrik Nordstrom <hno@marasystems.com>
128 + * This program is free software; you can redistribute it and/or modify
129 + * it under the terms of the GNU General Public License as published by
130 + * the Free Software Foundation; either version 2 of the License, or
131 + * (at your option) any later version.
134 +struct ipt_connmark_info {
135 + unsigned long mark, mask;
139 +#endif /*_IPT_CONNMARK_H*/
140 diff -uNr linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv4.orig/ipt_CONNMARK.h linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv4/ipt_CONNMARK.h
141 --- linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv4.orig/ipt_CONNMARK.h 1970-01-01 01:00:00.000000000 +0100
142 +++ linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv4/ipt_CONNMARK.h 2004-03-22 21:13:43.000000000 +0100
144 +#ifndef _IPT_CONNMARK_H_target
145 +#define _IPT_CONNMARK_H_target
147 +/* Copyright (C) 2002,2004 MARA Systems AB <http://www.marasystems.com>
148 + * by Henrik Nordstrom <hno@marasystems.com>
150 + * This program is free software; you can redistribute it and/or modify
151 + * it under the terms of the GNU General Public License as published by
152 + * the Free Software Foundation; either version 2 of the License, or
153 + * (at your option) any later version.
157 + IPT_CONNMARK_SET = 0,
159 + IPT_CONNMARK_RESTORE
162 +struct ipt_connmark_target_info {
163 + unsigned long mark;
164 + unsigned long mask;
168 +#endif /*_IPT_CONNMARK_H_target*/
169 diff -uNr linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv4.orig/ipt_conntrack.h linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv4/ipt_conntrack.h
170 --- linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv4.orig/ipt_conntrack.h 2004-03-05 16:36:39.000000000 +0100
171 +++ linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv4/ipt_conntrack.h 2004-03-22 21:13:43.000000000 +0100
174 #define IPT_CONNTRACK_STATE_SNAT (1 << (IP_CT_NUMBER + 1))
175 #define IPT_CONNTRACK_STATE_DNAT (1 << (IP_CT_NUMBER + 2))
176 +#define IPT_CONNTRACK_STATE_UNTRACKED (1 << (IP_CT_NUMBER + 3))
178 /* flags, invflags: */
179 #define IPT_CONNTRACK_STATE 0x01
180 diff -uNr linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv4.orig/ipt_dstlimit.h linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv4/ipt_dstlimit.h
181 --- linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv4.orig/ipt_dstlimit.h 1970-01-01 01:00:00.000000000 +0100
182 +++ linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv4/ipt_dstlimit.h 2004-03-22 21:13:43.000000000 +0100
184 +#ifndef _IPT_DSTLIMIT_H
185 +#define _IPT_DSTLIMIT_H
187 +/* timings are in milliseconds. */
188 +#define IPT_DSTLIMIT_SCALE 10000
189 +/* 1/10,000 sec period => max of 10,000/sec. Min rate is then 429490
190 + seconds, or one every 59 hours. */
192 +/* details of this structure hidden by the implementation */
193 +struct ipt_dstlimit_htable;
195 +#define IPT_DSTLIMIT_HASH_DIP 0x0001
196 +#define IPT_DSTLIMIT_HASH_DPT 0x0002
197 +#define IPT_DSTLIMIT_HASH_SIP 0x0004
199 +struct dstlimit_cfg {
200 + u_int32_t mode; /* bitmask of IPT_DSTLIMIT_HASH_* */
201 + u_int32_t avg; /* Average secs between packets * scale */
202 + u_int32_t burst; /* Period multiplier for upper limit. */
204 + /* user specified */
205 + u_int32_t size; /* how many buckets */
206 + u_int32_t max; /* max number of entries */
207 + u_int32_t gc_interval; /* gc interval */
208 + u_int32_t expire; /* when do entries expire? */
211 +struct ipt_dstlimit_info {
212 + char name [IFNAMSIZ]; /* name */
213 + struct dstlimit_cfg cfg;
214 + struct ipt_dstlimit_htable *hinfo;
216 + /* Used internally by the kernel */
219 + struct ipt_dstlimit_info *master;
222 +#endif /*_IPT_DSTLIMIT_H*/
223 diff -uNr linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv4.orig/ipt_fuzzy.h linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv4/ipt_fuzzy.h
224 --- linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv4.orig/ipt_fuzzy.h 1970-01-01 01:00:00.000000000 +0100
225 +++ linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv4/ipt_fuzzy.h 2004-03-22 21:13:43.000000000 +0100
227 +#ifndef _IPT_FUZZY_H
228 +#define _IPT_FUZZY_H
230 +#include <linux/param.h>
231 +#include <linux/types.h>
233 +#define MAXFUZZYRATE 10000000
234 +#define MINFUZZYRATE 3
236 +struct ipt_fuzzy_info {
237 + u_int32_t minimum_rate;
238 + u_int32_t maximum_rate;
239 + u_int32_t packets_total;
240 + u_int32_t bytes_total;
241 + u_int32_t previous_time;
242 + u_int32_t present_time;
243 + u_int32_t mean_rate;
244 + u_int8_t acceptance_rate;
247 +#endif /*_IPT_FUZZY_H*/
248 diff -uNr linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv4.orig/ipt_IMQ.h linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv4/ipt_IMQ.h
249 --- linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv4.orig/ipt_IMQ.h 1970-01-01 01:00:00.000000000 +0100
250 +++ linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv4/ipt_IMQ.h 2004-03-22 21:13:43.000000000 +0100
255 +struct ipt_imq_info {
256 + unsigned int todev; /* target imq device */
259 +#endif /* _IPT_IMQ_H */
260 diff -uNr linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv4.orig/ipt_IPMARK.h linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv4/ipt_IPMARK.h
261 --- linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv4.orig/ipt_IPMARK.h 1970-01-01 01:00:00.000000000 +0100
262 +++ linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv4/ipt_IPMARK.h 2004-03-22 21:13:43.000000000 +0100
264 +#ifndef _IPT_IPMARK_H_target
265 +#define _IPT_IPMARK_H_target
267 +struct ipt_ipmark_target_info {
268 + unsigned long andmask;
269 + unsigned long ormask;
273 +#define IPT_IPMARK_SRC 0
274 +#define IPT_IPMARK_DST 1
276 +#endif /*_IPT_IPMARK_H_target*/
277 diff -uNr linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv4.orig/ipt_ipv4options.h linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv4/ipt_ipv4options.h
278 --- linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv4.orig/ipt_ipv4options.h 1970-01-01 01:00:00.000000000 +0100
279 +++ linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv4/ipt_ipv4options.h 2004-03-22 21:13:43.000000000 +0100
281 +#ifndef __ipt_ipv4options_h_included__
282 +#define __ipt_ipv4options_h_included__
284 +#define IPT_IPV4OPTION_MATCH_SSRR 0x01 /* For strict source routing */
285 +#define IPT_IPV4OPTION_MATCH_LSRR 0x02 /* For loose source routing */
286 +#define IPT_IPV4OPTION_DONT_MATCH_SRR 0x04 /* any source routing */
287 +#define IPT_IPV4OPTION_MATCH_RR 0x08 /* For Record route */
288 +#define IPT_IPV4OPTION_DONT_MATCH_RR 0x10
289 +#define IPT_IPV4OPTION_MATCH_TIMESTAMP 0x20 /* For timestamp request */
290 +#define IPT_IPV4OPTION_DONT_MATCH_TIMESTAMP 0x40
291 +#define IPT_IPV4OPTION_MATCH_ROUTER_ALERT 0x80 /* For router-alert */
292 +#define IPT_IPV4OPTION_DONT_MATCH_ROUTER_ALERT 0x100
293 +#define IPT_IPV4OPTION_MATCH_ANY_OPT 0x200 /* match packet with any option */
294 +#define IPT_IPV4OPTION_DONT_MATCH_ANY_OPT 0x400 /* match packet with no option */
296 +struct ipt_ipv4options_info {
301 +#endif /* __ipt_ipv4options_h_included__ */
302 diff -uNr linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv4.orig/ipt_mport.h linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv4/ipt_mport.h
303 --- linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv4.orig/ipt_mport.h 1970-01-01 01:00:00.000000000 +0100
304 +++ linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv4/ipt_mport.h 2004-03-22 21:13:43.000000000 +0100
306 +#ifndef _IPT_MPORT_H
307 +#define _IPT_MPORT_H
308 +#include <linux/netfilter_ipv4/ip_tables.h>
310 +#define IPT_MPORT_SOURCE (1<<0)
311 +#define IPT_MPORT_DESTINATION (1<<1)
312 +#define IPT_MPORT_EITHER (IPT_MPORT_SOURCE|IPT_MPORT_DESTINATION)
314 +#define IPT_MULTI_PORTS 15
316 +/* Must fit inside union ipt_matchinfo: 32 bytes */
317 +/* every entry in ports[] except for the last one has one bit in pflags
318 + * associated with it. If this bit is set, the port is the first port of
319 + * a portrange, with the next entry being the last.
320 + * End of list is marked with pflags bit set and port=65535.
321 + * If 14 ports are used (last one does not have a pflag), the last port
322 + * is repeated to fill the last entry in ports[] */
325 + u_int8_t flags:2; /* Type of comparison */
326 + u_int16_t pflags:14; /* Port flags */
327 + u_int16_t ports[IPT_MULTI_PORTS]; /* Ports */
329 +#endif /*_IPT_MPORT_H*/
330 diff -uNr linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv4.orig/ipt_nth.h linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv4/ipt_nth.h
331 --- linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv4.orig/ipt_nth.h 1970-01-01 01:00:00.000000000 +0100
332 +++ linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv4/ipt_nth.h 2004-03-22 21:13:43.000000000 +0100
337 +#include <linux/param.h>
338 +#include <linux/types.h>
340 +#ifndef IPT_NTH_NUM_COUNTERS
341 +#define IPT_NTH_NUM_COUNTERS 16
344 +struct ipt_nth_info {
352 +#endif /*_IPT_NTH_H*/
353 diff -uNr linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv4.orig/ipt_osf.h linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv4/ipt_osf.h
354 --- linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv4.orig/ipt_osf.h 1970-01-01 01:00:00.000000000 +0100
355 +++ linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv4/ipt_osf.h 2004-03-28 18:01:24.309051936 +0200
360 + * Copyright (c) 2003 Evgeniy Polyakov <johnpol@2ka.mipt.ru>
363 + * This program is free software; you can redistribute it and/or modify
364 + * it under the terms of the GNU General Public License as published by
365 + * the Free Software Foundation; either version 2 of the License, or
366 + * (at your option) any later version.
368 + * This program is distributed in the hope that it will be useful,
369 + * but WITHOUT ANY WARRANTY; without even the implied warranty of
370 + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
371 + * GNU General Public License for more details.
373 + * You should have received a copy of the GNU General Public License
374 + * along with this program; if not, write to the Free Software
375 + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
381 +#define MAXGENRELEN 32
382 +#define MAXDETLEN 64
384 +#define IPT_OSF_GENRE 1
385 +#define IPT_OSF_SMART 2
386 +#define IPT_OSF_LOG 4
387 +#define IPT_OSF_NETLINK 8
389 +#define IPT_OSF_LOGLEVEL_ALL 0
390 +#define IPT_OSF_LOGLEVEL_FIRST 1
393 +#include <netinet/ip.h>
394 +#include <netinet/tcp.h>
398 + struct list_head *prev, *next;
403 + char genre[MAXGENRELEN];
405 + unsigned long flags;
407 + int invert; /* UNSUPPORTED */
416 +/* This struct represents IANA options
417 + * http://www.iana.org/assignments/tcp-parameters
421 + unsigned char kind;
422 + unsigned char length;
428 + struct list_head flist;
433 + unsigned char genre[MAXGENRELEN];
434 + unsigned char version[MAXGENRELEN], subtype[MAXGENRELEN];
436 + /* Not needed, but for consistency with original table from Michal Zalewski */
437 + unsigned char details[MAXDETLEN];
440 + struct osf_opt opt[MAX_IPOPTLEN]; /* In case it is all NOP or EOL */
444 +struct ipt_osf_nlmsg
446 + struct osf_finger f;
451 +#endif /* _IPT_OSF_H */
452 diff -uNr linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv4.orig/ipt_policy.h linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv4/ipt_policy.h
453 --- linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv4.orig/ipt_policy.h 1970-01-01 01:00:00.000000000 +0100
454 +++ linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv4/ipt_policy.h 2004-03-22 21:13:43.000000000 +0100
456 +#ifndef _IPT_POLICY_H
457 +#define _IPT_POLICY_H
459 +#define POLICY_MAX_ELEM 4
461 +enum ipt_policy_flags
463 + POLICY_MATCH_IN = 0x1,
464 + POLICY_MATCH_OUT = 0x2,
465 + POLICY_MATCH_NONE = 0x4,
466 + POLICY_MATCH_STRICT = 0x8,
469 +enum ipt_policy_modes
471 + POLICY_MODE_TRANSPORT,
475 +struct ipt_policy_spec
485 +struct ipt_policy_elem
496 + struct ipt_policy_spec match;
497 + struct ipt_policy_spec invert;
500 +struct ipt_policy_info
502 + struct ipt_policy_elem pol[POLICY_MAX_ELEM];
507 +#endif /* _IPT_POLICY_H */
508 diff -uNr linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv4.orig/ipt_pool.h linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv4/ipt_pool.h
509 --- linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv4.orig/ipt_pool.h 1970-01-01 01:00:00.000000000 +0100
510 +++ linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv4/ipt_pool.h 2004-03-22 21:13:43.000000000 +0100
515 +#include <linux/netfilter_ipv4/ip_pool.h>
517 +#define IPT_POOL_INV_SRC 0x00000001
518 +#define IPT_POOL_INV_DST 0x00000002
519 +#define IPT_POOL_DEL_SRC 0x00000004
520 +#define IPT_POOL_DEL_DST 0x00000008
521 +#define IPT_POOL_INV_MOD_SRC 0x00000010
522 +#define IPT_POOL_INV_MOD_DST 0x00000020
523 +#define IPT_POOL_MOD_SRC_ACCEPT 0x00000040
524 +#define IPT_POOL_MOD_DST_ACCEPT 0x00000080
525 +#define IPT_POOL_MOD_SRC_DROP 0x00000100
526 +#define IPT_POOL_MOD_DST_DROP 0x00000200
529 +struct ipt_pool_info
536 +#endif /*_IPT_POOL_H*/
537 diff -uNr linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv4.orig/ipt_psd.h linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv4/ipt_psd.h
538 --- linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv4.orig/ipt_psd.h 1970-01-01 01:00:00.000000000 +0100
539 +++ linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv4/ipt_psd.h 2004-03-22 21:13:43.000000000 +0100
544 +#include <linux/param.h>
545 +#include <linux/types.h>
548 + * High port numbers have a lower weight to reduce the frequency of false
549 + * positives, such as from passive mode FTP transfers.
551 +#define PORT_WEIGHT_PRIV 3
552 +#define PORT_WEIGHT_HIGH 1
555 + * Port scan detection thresholds: at least COUNT ports need to be scanned
556 + * from the same source, with no longer than DELAY ticks between ports.
558 +#define SCAN_MIN_COUNT 7
559 +#define SCAN_MAX_COUNT (SCAN_MIN_COUNT * PORT_WEIGHT_PRIV)
560 +#define SCAN_WEIGHT_THRESHOLD SCAN_MAX_COUNT
561 +#define SCAN_DELAY_THRESHOLD (HZ * 3)
564 + * Keep track of up to LIST_SIZE source addresses, using a hash table of
565 + * HASH_SIZE entries for faster lookups, but limiting hash collisions to
566 + * HASH_MAX source addresses per the same hash value.
568 +#define LIST_SIZE 0x100
570 +#define HASH_SIZE (1 << HASH_LOG)
571 +#define HASH_MAX 0x10
573 +struct ipt_psd_info {
574 + unsigned int weight_threshold;
575 + unsigned int delay_threshold;
576 + unsigned short lo_ports_weight;
577 + unsigned short hi_ports_weight;
580 +#endif /*_IPT_PSD_H*/
581 diff -uNr linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv4.orig/ipt_quota.h linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv4/ipt_quota.h
582 --- linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv4.orig/ipt_quota.h 1970-01-01 01:00:00.000000000 +0100
583 +++ linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv4/ipt_quota.h 2004-03-22 21:13:43.000000000 +0100
585 +#ifndef _IPT_QUOTA_H
586 +#define _IPT_QUOTA_H
588 +/* print debug info in both kernel/netfilter module & iptable library */
589 +//#define DEBUG_IPT_QUOTA
591 +struct ipt_quota_info {
595 +#endif /*_IPT_QUOTA_H*/
596 diff -uNr linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv4.orig/ipt_random.h linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv4/ipt_random.h
597 --- linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv4.orig/ipt_random.h 1970-01-01 01:00:00.000000000 +0100
598 +++ linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv4/ipt_random.h 2004-03-22 21:13:43.000000000 +0100
603 +#include <linux/param.h>
604 +#include <linux/types.h>
606 +struct ipt_rand_info {
610 +#endif /*_IPT_RAND_H*/
611 diff -uNr linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv4.orig/ipt_realm.h linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv4/ipt_realm.h
612 --- linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv4.orig/ipt_realm.h 1970-01-01 01:00:00.000000000 +0100
613 +++ linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv4/ipt_realm.h 2004-03-22 21:13:43.000000000 +0100
615 +#ifndef _IPT_REALM_H
616 +#define _IPT_REALM_H
618 +struct ipt_realm_info {
623 +#endif /*_IPT_REALM_H*/
624 diff -uNr linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv4.orig/ipt_sctp.h linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv4/ipt_sctp.h
625 --- linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv4.orig/ipt_sctp.h 1970-01-01 01:00:00.000000000 +0100
626 +++ linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv4/ipt_sctp.h 2004-03-22 21:13:43.000000000 +0100
628 +#ifndef _IPT_SCTP_H_
629 +#define _IPT_SCTP_H_
631 +#define IPT_SCTP_SRC_PORTS 0x01
632 +#define IPT_SCTP_DEST_PORTS 0x02
633 +#define IPT_SCTP_CHUNK_TYPES 0x04
635 +#define IPT_SCTP_VALID_FLAGS 0x07
637 +#define ELEMCOUNT(x) (sizeof(x)/sizeof(x[0]))
640 +struct ipt_sctp_flag_info {
641 + u_int8_t chunktype;
643 + u_int8_t flag_mask;
646 +#define IPT_NUM_SCTP_FLAGS 4
648 +struct ipt_sctp_info {
649 + u_int16_t dpts[2]; /* Min, Max */
650 + u_int16_t spts[2]; /* Min, Max */
652 + u_int32_t chunkmap[256 / sizeof (u_int32_t)]; /* Bit mask of chunks to be matched according to RFC 2960 */
654 +#define SCTP_CHUNK_MATCH_ANY 0x01 /* Match if any of the chunk types are present */
655 +#define SCTP_CHUNK_MATCH_ALL 0x02 /* Match if all of the chunk types are present */
656 +#define SCTP_CHUNK_MATCH_ONLY 0x04 /* Match if these are the only chunk types present */
658 + u_int32_t chunk_match_type;
659 + struct ipt_sctp_flag_info flag_info[IPT_NUM_SCTP_FLAGS];
663 + u_int32_t invflags;
666 +#define bytes(type) (sizeof(type) * 8)
668 +#define SCTP_CHUNKMAP_SET(chunkmap, type) \
670 + chunkmap[type / bytes(u_int32_t)] |= \
671 + 1 << (type % bytes(u_int32_t)); \
674 +#define SCTP_CHUNKMAP_CLEAR(chunkmap, type) \
676 + chunkmap[type / bytes(u_int32_t)] &= \
677 + ~(1 << (type % bytes(u_int32_t))); \
680 +#define SCTP_CHUNKMAP_IS_SET(chunkmap, type) \
682 + (chunkmap[type / bytes (u_int32_t)] & \
683 + (1 << (type % bytes (u_int32_t)))) ? 1: 0; \
686 +#define SCTP_CHUNKMAP_RESET(chunkmap) \
689 + for (i = 0; i < ELEMCOUNT(chunkmap); i++) \
693 +#define SCTP_CHUNKMAP_SET_ALL(chunkmap) \
696 + for (i = 0; i < ELEMCOUNT(chunkmap); i++) \
697 + chunkmap[i] = ~0; \
700 +#define SCTP_CHUNKMAP_COPY(destmap, srcmap) \
703 + for (i = 0; i < ELEMCOUNT(chunkmap); i++) \
704 + destmap[i] = srcmap[i]; \
707 +#define SCTP_CHUNKMAP_IS_CLEAR(chunkmap) \
711 + for (i = 0; i < ELEMCOUNT(chunkmap); i++) { \
712 + if (chunkmap[i]) { \
720 +#define SCTP_CHUNKMAP_IS_ALL_SET(chunkmap) \
724 + for (i = 0; i < ELEMCOUNT(chunkmap); i++) { \
725 + if (chunkmap[i] != ~0) { \
733 +#endif /* _IPT_SCTP_H_ */
735 diff -uNr linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv4.orig/ipt_state.h linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv4/ipt_state.h
736 --- linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv4.orig/ipt_state.h 2004-03-05 16:36:39.000000000 +0100
737 +++ linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv4/ipt_state.h 2004-03-22 21:13:43.000000000 +0100
739 #define IPT_STATE_BIT(ctinfo) (1 << ((ctinfo)%IP_CT_IS_REPLY+1))
740 #define IPT_STATE_INVALID (1 << 0)
742 +#define IPT_STATE_UNTRACKED (1 << (IP_CT_NUMBER + 1))
744 struct ipt_state_info
746 unsigned int statemask;
747 diff -uNr linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv4.orig/ipt_time.h linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv4/ipt_time.h
748 --- linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv4.orig/ipt_time.h 1970-01-01 01:00:00.000000000 +0100
749 +++ linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv4/ipt_time.h 2004-03-22 21:13:43.000000000 +0100
751 +#ifndef __ipt_time_h_included__
752 +#define __ipt_time_h_included__
755 +struct ipt_time_info {
756 + u_int8_t days_match; /* 1 bit per day. -SMTWTFS */
757 + u_int16_t time_start; /* 0 < time_start < 23*60+59 = 1439 */
758 + u_int16_t time_stop; /* 0:0 < time_stat < 23:59 */
759 + u_int8_t kerneltime; /* ignore skb time (and use kerneltime) or not. */
763 +#endif /* __ipt_time_h_included__ */
764 diff -uNr linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv4.orig/ipt_TTL.h linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv4/ipt_TTL.h
765 --- linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv4.orig/ipt_TTL.h 1970-01-01 01:00:00.000000000 +0100
766 +++ linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv4/ipt_TTL.h 2004-03-22 21:13:43.000000000 +0100
768 +/* TTL modification module for IP tables
769 + * (C) 2000 by Harald Welte <laforge@gnumonks.org> */
780 +#define IPT_TTL_MAXMODE IPT_TTL_DEC
782 +struct ipt_TTL_info {
789 diff -uNr linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv4.orig/ipt_u32.h linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv4/ipt_u32.h
790 --- linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv4.orig/ipt_u32.h 1970-01-01 01:00:00.000000000 +0100
791 +++ linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv4/ipt_u32.h 2004-03-22 21:13:43.000000000 +0100
795 +#include <linux/netfilter_ipv4/ip_tables.h>
805 +struct ipt_u32_location_element
810 +struct ipt_u32_value_element
815 +/* *** any way to allow for an arbitrary number of elements?
816 + for now I settle for a limit of 10 of each */
817 +#define U32MAXSIZE 10
821 + struct ipt_u32_location_element location[U32MAXSIZE+1];
823 + struct ipt_u32_value_element value[U32MAXSIZE+1];
829 + struct ipt_u32_test tests[U32MAXSIZE+1];
832 +#endif /*_IPT_U32_H*/
833 diff -uNr linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv4.orig/ipt_ULOG.h linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv4/ipt_ULOG.h
834 --- linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv4.orig/ipt_ULOG.h 2004-03-05 16:36:39.000000000 +0100
835 +++ linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv4/ipt_ULOG.h 2004-03-22 21:13:43.000000000 +0100
837 #define NETLINK_NFLOG 5
840 +#define ULOG_DEFAULT_NLGROUP 1
841 +#define ULOG_DEFAULT_QTHRESHOLD 1
843 #define ULOG_MAC_LEN 80
844 #define ULOG_PREFIX_LEN 32
846 diff -uNr linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv4.orig/ipt_XOR.h linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv4/ipt_XOR.h
847 --- linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv4.orig/ipt_XOR.h 1970-01-01 01:00:00.000000000 +0100
848 +++ linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv4/ipt_XOR.h 2004-03-22 21:13:43.000000000 +0100
853 +struct ipt_XOR_info {
855 + u_int8_t block_size;
858 +#endif /* _IPT_XOR_H */
859 diff -uNr linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv6.orig/ip6t_fuzzy.h linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv6/ip6t_fuzzy.h
860 --- linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv6.orig/ip6t_fuzzy.h 1970-01-01 01:00:00.000000000 +0100
861 +++ linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv6/ip6t_fuzzy.h 2004-03-22 21:13:43.000000000 +0100
863 +#ifndef _IP6T_FUZZY_H
864 +#define _IP6T_FUZZY_H
866 +#include <linux/param.h>
867 +#include <linux/types.h>
869 +#define MAXFUZZYRATE 10000000
870 +#define MINFUZZYRATE 3
872 +struct ip6t_fuzzy_info {
873 + u_int32_t minimum_rate;
874 + u_int32_t maximum_rate;
875 + u_int32_t packets_total;
876 + u_int32_t bytes_total;
877 + u_int32_t previous_time;
878 + u_int32_t present_time;
879 + u_int32_t mean_rate;
880 + u_int8_t acceptance_rate;
883 +#endif /*_IP6T_FUZZY_H*/
884 diff -uNr linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv6.orig/ip6t_HL.h linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv6/ip6t_HL.h
885 --- linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv6.orig/ip6t_HL.h 1970-01-01 01:00:00.000000000 +0100
886 +++ linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv6/ip6t_HL.h 2004-03-22 21:13:43.000000000 +0100
888 +/* Hop Limit modification module for ip6tables
889 + * Maciej Soltysiak <solt@dns.toxicfilms.tv>
890 + * Based on HW's TTL module */
901 +#define IP6T_HL_MAXMODE IP6T_HL_DEC
903 +struct ip6t_HL_info {
905 + u_int8_t hop_limit;
910 diff -uNr linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv6.orig/ip6t_nth.h linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv6/ip6t_nth.h
911 --- linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv6.orig/ip6t_nth.h 1970-01-01 01:00:00.000000000 +0100
912 +++ linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv6/ip6t_nth.h 2004-03-22 21:13:43.000000000 +0100
917 +#include <linux/param.h>
918 +#include <linux/types.h>
920 +#ifndef IP6T_NTH_NUM_COUNTERS
921 +#define IP6T_NTH_NUM_COUNTERS 16
924 +struct ip6t_nth_info {
932 +#endif /*_IP6T_NTH_H*/
933 diff -uNr linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv6.orig/ip6t_random.h linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv6/ip6t_random.h
934 --- linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv6.orig/ip6t_random.h 1970-01-01 01:00:00.000000000 +0100
935 +++ linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv6/ip6t_random.h 2004-03-22 21:13:43.000000000 +0100
937 +#ifndef _IP6T_RAND_H
938 +#define _IP6T_RAND_H
940 +#include <linux/param.h>
941 +#include <linux/types.h>
943 +struct ip6t_rand_info {
947 +#endif /*_IP6T_RAND_H*/
948 diff -uNr linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv6.orig/ip6t_REJECT.h linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv6/ip6t_REJECT.h
949 --- linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv6.orig/ip6t_REJECT.h 2004-03-05 16:36:39.000000000 +0100
950 +++ linux-libc-headers-2.6.4.0/include/linux/netfilter_ipv6/ip6t_REJECT.h 2004-03-22 21:13:43.000000000 +0100
952 #define _IP6T_REJECT_H
954 enum ip6t_reject_with {
955 - IP6T_ICMP_NET_UNREACHABLE,
956 - IP6T_ICMP_HOST_UNREACHABLE,
957 - IP6T_ICMP_PROT_UNREACHABLE,
958 - IP6T_ICMP_PORT_UNREACHABLE,
959 - IP6T_ICMP_ECHOREPLY
960 + IP6T_ICMP6_NO_ROUTE,
961 + IP6T_ICMP6_ADM_PROHIBITED,
962 + IP6T_ICMP6_NOT_NEIGHBOUR,
963 + IP6T_ICMP6_ADDR_UNREACH,
964 + IP6T_ICMP6_PORT_UNREACH,
965 + IP6T_ICMP6_ECHOREPLY,
969 struct ip6t_reject_info {
970 enum ip6t_reject_with with; /* reject type */
973 -#endif /*_IPT_REJECT_H*/
974 +#endif /*_IP6T_REJECT_H*/