- updated.

[packages/linux-libc-headers.git] / linux-libc-headers-netfilter.patch

diff -uNr linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ip_conntrack.h linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ip_conntrack.h
--- linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ip_conntrack.h 2004-01-18 00:04:34.000000000 +0100
+++ linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ip_conntrack.h      2004-06-20 12:25:47.132436408 +0200
@@ -49,10 +49,12 @@
 
 #include <linux/netfilter_ipv4/ip_conntrack_tcp.h>
 #include <linux/netfilter_ipv4/ip_conntrack_icmp.h>
+#include <linux/netfilter_ipv4/ip_conntrack_sctp.h>
 
 /* per conntrack: protocol private data */
 union ip_conntrack_proto {
        /* insert conntrack proto private data here */
+       struct ip_ct_sctp sctp;
        struct ip_ct_tcp tcp;
        struct ip_ct_icmp icmp;
 };
@@ -62,6 +64,11 @@
 };
 
 /* Add protocol helper include file here */
+#include <linux/netfilter_ipv4/ip_conntrack_talk.h>
+#include <linux/netfilter_ipv4/ip_conntrack_rtsp.h>
+#include <linux/netfilter_ipv4/ip_conntrack_rsh.h>
+#include <linux/netfilter_ipv4/ip_conntrack_mms.h>
+#include <linux/netfilter_ipv4/ip_conntrack_h323.h>
 #include <linux/netfilter_ipv4/ip_conntrack_amanda.h>
 #include <linux/netfilter_ipv4/ip_conntrack_ftp.h>
 #include <linux/netfilter_ipv4/ip_conntrack_irc.h>
@@ -69,6 +76,11 @@
 /* per expectation: application helper private data */
 union ip_conntrack_expect_help {
        /* insert conntrack helper private data (expect) here */
+       struct ip_ct_talk_expect exp_talk_info;
+       struct ip_ct_rtsp_expect exp_rtsp_info;
+       struct ip_ct_rsh_expect exp_rsh_info;
+       struct ip_ct_mms_expect exp_mms_info;
+       struct ip_ct_h225_expect exp_h225_info;
        struct ip_ct_amanda_expect exp_amanda_info;
        struct ip_ct_ftp_expect exp_ftp_info;
        struct ip_ct_irc_expect exp_irc_info;
@@ -83,6 +95,11 @@
 /* per conntrack: application helper private data */
 union ip_conntrack_help {
        /* insert conntrack helper private data (master) here */
+       struct ip_ct_talk_master ct_talk_info;
+       struct ip_ct_rtsp_master ct_rtsp_info;
+       struct ip_ct_rsh_master ct_rsh_info;
+       struct ip_ct_mms_master ct_mms_info;
+       struct ip_ct_h225_master ct_h225_info;
        struct ip_ct_ftp_master ct_ftp_info;
        struct ip_ct_irc_master ct_irc_info;
 };
diff -uNr linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ip_conntrack_h323.h linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ip_conntrack_h323.h
--- linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ip_conntrack_h323.h    1970-01-01 01:00:00.000000000 +0100
+++ linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ip_conntrack_h323.h 2004-06-20 12:21:50.425421344 +0200
@@ -0,0 +1,25 @@
+#ifndef _IP_CONNTRACK_H323_H
+#define _IP_CONNTRACK_H323_H
+/* H.323 connection tracking. */
+
+/* Default H.225 port */
+#define H225_PORT      1720
+
+/* This structure is per expected connection */
+struct ip_ct_h225_expect {
+       u_int16_t port;                 /* Port of the H.225 helper/RTCP/RTP channel */
+       enum ip_conntrack_dir dir;      /* Direction of the original connection */
+       unsigned int offset;            /* offset of the address in the payload */
+};
+
+/* This structure exists only once per master */
+struct ip_ct_h225_master {
+       int is_h225;                            /* H.225 or H.245 connection */
+#ifdef CONFIG_IP_NF_NAT_NEEDED
+       enum ip_conntrack_dir dir;              /* Direction of the original connection */
+       u_int32_t seq[IP_CT_DIR_MAX];           /* Exceptional packet mangling for signal addressess... */
+       unsigned int offset[IP_CT_DIR_MAX];     /* ...and the offset of the addresses in the payload */
+#endif
+};
+
+#endif /* _IP_CONNTRACK_H323_H */
diff -uNr linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ip_conntrack_mms.h linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ip_conntrack_mms.h
--- linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ip_conntrack_mms.h     1970-01-01 01:00:00.000000000 +0100
+++ linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ip_conntrack_mms.h  2004-06-20 12:22:07.693796152 +0200
@@ -0,0 +1,16 @@
+#ifndef _IP_CONNTRACK_MMS_H
+#define _IP_CONNTRACK_MMS_H
+/* MMS tracking. */
+
+/* This structure is per expected connection */
+struct ip_ct_mms_expect {
+       u_int32_t len;
+       u_int32_t padding;
+       u_int16_t port;
+};
+
+/* This structure exists only once per master */
+struct ip_ct_mms_master {
+};
+
+#endif /* _IP_CONNTRACK_MMS_H */
diff -uNr linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ip_conntrack_quake3.h linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ip_conntrack_quake3.h
--- linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ip_conntrack_quake3.h  1970-01-01 01:00:00.000000000 +0100
+++ linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ip_conntrack_quake3.h       2004-06-20 12:02:52.000000000 +0200
@@ -0,0 +1,21 @@
+#ifndef _IP_CT_QUAKE3
+#define _IP_CT_QUAKE3
+
+/* Don't confuse with 27960, often used as the Server Port */
+#define QUAKE3_MASTER_PORT 27950
+
+struct quake3_search {
+       const char marker[4]; /* always 0xff 0xff 0xff 0xff ? */
+       const char *pattern;
+       size_t plen;
+}; 
+
+/* This structure is per expected connection */
+struct ip_ct_quake3_expect {
+};
+
+/* This structure exists only once per master */
+struct ip_ct_quake3_master {
+};
+
+#endif /* _IP_CT_QUAKE3 */
diff -uNr linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ip_conntrack_rsh.h linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ip_conntrack_rsh.h
--- linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ip_conntrack_rsh.h     1970-01-01 01:00:00.000000000 +0100
+++ linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ip_conntrack_rsh.h  2004-06-20 12:22:14.346784744 +0200
@@ -0,0 +1,28 @@
+/* RSH extension for IP connection tracking, Version 1.0
+ * (C) 2002 by Ian (Larry) Latter <Ian.Latter@mq.edu.au>
+ * based on HW's ip_conntrack_irc.c     
+ *
+ * ip_conntrack_rsh.c,v 1.0 2002/07/17 14:49:26
+ *
+ *      This program is free software; you can redistribute it and/or
+ *      modify it under the terms of the GNU General Public License
+ *      as published by the Free Software Foundation; either version
+ *      2 of the License, or (at your option) any later version.
+ */
+#ifndef _IP_CONNTRACK_RSH_H
+#define _IP_CONNTRACK_RSH_H
+
+#define RSH_PORT       514
+
+/* This structure is per expected connection */
+struct ip_ct_rsh_expect
+{
+       u_int16_t port;
+};
+
+/* This structure exists only once per master */
+struct ip_ct_rsh_master {
+};
+
+#endif /* _IP_CONNTRACK_RSH_H */
+
diff -uNr linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ip_conntrack_rtsp.h linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ip_conntrack_rtsp.h
--- linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ip_conntrack_rtsp.h    1970-01-01 01:00:00.000000000 +0100
+++ linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ip_conntrack_rtsp.h 2004-06-20 12:22:20.382867120 +0200
@@ -0,0 +1,56 @@
+/*
+ * RTSP extension for IP connection tracking.
+ * (C) 2003 by Tom Marshall <tmarshall@real.com>
+ * based on ip_conntrack_irc.h
+ *
+ *      This program is free software; you can redistribute it and/or
+ *      modify it under the terms of the GNU General Public License
+ *      as published by the Free Software Foundation; either version
+ *      2 of the License, or (at your option) any later version.
+ */
+#ifndef _IP_CONNTRACK_RTSP_H
+#define _IP_CONNTRACK_RTSP_H
+
+/* #define IP_NF_RTSP_DEBUG */
+#define IP_NF_RTSP_VERSION "0.01"
+
+/* port block types */
+typedef enum {
+    pb_single,  /* client_port=x */
+    pb_range,   /* client_port=x-y */
+    pb_discon   /* client_port=x/y (rtspbis) */
+} portblock_t;
+
+/* We record seq number and length of rtsp headers here, all in host order. */
+
+/*
+ * This structure is per expected connection.  It is a member of struct
+ * ip_conntrack_expect.  The TCP SEQ for the conntrack expect is stored
+ * there and we are expected to only store the length of the data which
+ * needs replaced.  If a packet contains multiple RTSP messages, we create
+ * one expected connection per message.
+ *
+ * We use these variables to mark the entire header block.  This may seem
+ * like overkill, but the nature of RTSP requires it.  A header may appear
+ * multiple times in a message.  We must treat two Transport headers the
+ * same as one Transport header with two entries.
+ */
+struct ip_ct_rtsp_expect
+{
+    u_int32_t   len;        /* length of header block */
+    portblock_t pbtype;     /* Type of port block that was requested */
+    u_int16_t   loport;     /* Port that was requested, low or first */
+    u_int16_t   hiport;     /* Port that was requested, high or second */
+#if 0
+    uint        method;     /* RTSP method */
+    uint        cseq;       /* CSeq from request */
+#endif
+};
+
+/* This structure exists only once per master */
+struct ip_ct_rtsp_master
+{
+    /* Empty (?) */
+};
+
+#endif /* _IP_CONNTRACK_RTSP_H */
diff -uNr linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ip_conntrack_sctp.h linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ip_conntrack_sctp.h
--- linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ip_conntrack_sctp.h    1970-01-01 01:00:00.000000000 +0100
+++ linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ip_conntrack_sctp.h 2004-06-20 12:02:52.000000000 +0200
@@ -0,0 +1,25 @@
+#ifndef _IP_CONNTRACK_SCTP_H
+#define _IP_CONNTRACK_SCTP_H
+/* SCTP tracking. */
+
+enum sctp_conntrack {
+       SCTP_CONNTRACK_NONE,
+       SCTP_CONNTRACK_CLOSED,
+       SCTP_CONNTRACK_COOKIE_WAIT,
+       SCTP_CONNTRACK_COOKIE_ECHOED,
+       SCTP_CONNTRACK_ESTABLISHED,
+       SCTP_CONNTRACK_SHUTDOWN_SENT,
+       SCTP_CONNTRACK_SHUTDOWN_RECD,
+       SCTP_CONNTRACK_SHUTDOWN_ACK_SENT,
+       SCTP_CONNTRACK_MAX
+};
+
+struct ip_ct_sctp
+{
+       enum sctp_conntrack state;
+
+       u_int32_t vtag[IP_CT_DIR_MAX];
+       u_int32_t ttag[IP_CT_DIR_MAX];
+};
+
+#endif /* _IP_CONNTRACK_SCTP_H */
diff -uNr linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ip_conntrack_talk.h linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ip_conntrack_talk.h
--- linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ip_conntrack_talk.h    1970-01-01 01:00:00.000000000 +0100
+++ linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ip_conntrack_talk.h 2004-06-20 12:22:28.016706600 +0200
@@ -0,0 +1,143 @@
+#ifndef _IP_CONNTRACK_TALK_H
+#define _IP_CONNTRACK_TALK_H
+/* TALK tracking. */
+
+#define TALK_PORT      517
+#define NTALK_PORT     518
+
+/* talk structures and constants from <protocols/talkd.h> */
+
+/*
+ * 4.3BSD struct sockaddr
+ */
+struct talk_addr {
+       u_int16_t ta_family;
+       u_int16_t ta_port;
+       u_int32_t ta_addr;
+       u_int32_t ta_junk1;
+       u_int32_t ta_junk2;
+};
+
+#define        TALK_OLD_NSIZE  9
+#define        TALK_NSIZE      12
+#define        TALK_TTY_NSIZE  16
+
+/*
+ * Client->server request message formats.
+ */
+struct talk_msg {
+       u_char  type;           /* request type, see below */
+       char    l_name[TALK_OLD_NSIZE];/* caller's name */
+       char    r_name[TALK_OLD_NSIZE];/* callee's name */
+       u_char  pad;
+       u_int32_t id_num;       /* message id */
+       int32_t pid;            /* caller's process id */
+       char    r_tty[TALK_TTY_NSIZE];/* callee's tty name */
+       struct  talk_addr addr;         /* old (4.3) style */
+       struct  talk_addr ctl_addr;     /* old (4.3) style */
+};
+
+struct ntalk_msg {
+       u_char  vers;           /* protocol version */
+       u_char  type;           /* request type, see below */
+       u_char  answer;         /* not used */
+       u_char  pad;
+       u_int32_t id_num;       /* message id */
+       struct  talk_addr addr;         /* old (4.3) style */
+       struct  talk_addr ctl_addr;     /* old (4.3) style */
+       int32_t pid;            /* caller's process id */
+       char    l_name[TALK_NSIZE];/* caller's name */
+       char    r_name[TALK_NSIZE];/* callee's name */
+       char    r_tty[TALK_TTY_NSIZE];/* callee's tty name */
+};
+
+struct ntalk2_msg {
+       u_char  vers;           /* talk protocol version    */
+       u_char  type;           /* request type             */
+       u_char  answer;         /*  */
+       u_char  extended;       /* !0 if additional parts   */
+       u_int32_t id_num;       /* message id number (dels) */
+       struct  talk_addr addr;         /* target address   */
+       struct  talk_addr ctl_addr;     /* reply to address */
+       int32_t pid;            /* caller's process id */
+       char    l_name[TALK_NSIZE];  /* caller's name */
+       char    r_name[TALK_NSIZE];  /* callee's name */
+       char    r_tty[TALK_TTY_NSIZE];    /* callee's tty */
+};
+
+/*
+ * Server->client response message formats.
+ */
+struct talk_response {
+       u_char  type;           /* type of request message, see below */
+       u_char  answer;         /* response to request message, see below */
+       u_char  pad[2];
+       u_int32_t id_num;       /* message id */
+       struct  talk_addr addr; /* address for establishing conversation */
+};
+
+struct ntalk_response {
+       u_char  vers;           /* protocol version */
+       u_char  type;           /* type of request message, see below */
+       u_char  answer;         /* response to request message, see below */
+       u_char  pad;
+       u_int32_t id_num;       /* message id */
+       struct  talk_addr addr; /* address for establishing conversation */
+};
+
+struct ntalk2_response {
+       u_char  vers;           /* protocol version         */
+       u_char  type;           /* type of request message  */
+       u_char  answer;         /* response to request      */
+       u_char  rvers;          /* Version of answering vers*/
+       u_int32_t id_num;       /* message id number        */
+       struct  talk_addr addr; /* address for connection   */
+       /* This is at the end to compatiblize this with NTALK version.   */
+       char    r_name[TALK_NSIZE]; /* callee's name            */
+};
+
+#define TALK_STR(data, talk_str, member) ((struct talk_str *)data)->member)
+#define TALK_RESP(data, ver, member) (ver ? ((struct ntalk_response *)data)->member : ((struct talk_response *)data)->member)
+#define TALK_MSG(data, ver, member) (ver ? ((struct ntalk_msg *)data)->member : ((struct talk_msg *)data)->member)
+
+#define        TALK_VERSION    0               /* protocol versions */
+#define        NTALK_VERSION   1
+#define        NTALK2_VERSION  2
+
+/* message type values */
+#define LEAVE_INVITE   0       /* leave invitation with server */
+#define LOOK_UP                1       /* check for invitation by callee */
+#define DELETE         2       /* delete invitation by caller */
+#define ANNOUNCE       3       /* announce invitation by caller */
+/* NTALK2 */
+#define REPLY_QUERY    4       /* request reply data from local daemon */
+
+/* answer values */
+#define SUCCESS                0       /* operation completed properly */
+#define NOT_HERE       1       /* callee not logged in */
+#define FAILED         2       /* operation failed for unexplained reason */
+#define MACHINE_UNKNOWN        3       /* caller's machine name unknown */
+#define PERMISSION_DENIED 4    /* callee's tty doesn't permit announce */
+#define UNKNOWN_REQUEST        5       /* request has invalid type value */
+#define        BADVERSION      6       /* request has invalid protocol version */
+#define        BADADDR         7       /* request has invalid addr value */
+#define        BADCTLADDR      8       /* request has invalid ctl_addr value */
+/* NTALK2 */
+#define NO_CALLER      9       /* no-one calling answer from REPLY   */
+#define TRY_HERE       10      /* Not on this machine, try this      */
+#define SELECTIVE_REFUSAL 11   /* User Filter refusal.               */
+#define MAX_RESPONSE_TYPE 11   /* Make sure this is updated          */
+
+/* We don't really need much for talk */
+struct ip_ct_talk_expect
+{
+       /* Port that was to be used */
+       u_int16_t port;
+};
+
+/* This structure exists only once per master */
+struct ip_ct_talk_master
+{
+};
+
+#endif /* _IP_CONNTRACK_TALK_H */
diff -uNr linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ip_conntrack_tuple.h linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ip_conntrack_tuple.h
--- linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ip_conntrack_tuple.h   2004-01-05 19:42:34.000000000 +0100
+++ linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ip_conntrack_tuple.h        2004-06-20 12:22:38.036183408 +0200
@@ -25,6 +25,9 @@
        struct {
                u_int16_t id;
        } icmp;
+       struct {
+               u_int16_t port;
+       } sctp;
 };
 
 /* The manipulable part of the tuple. */
@@ -55,6 +58,9 @@
                        struct {
                                u_int8_t type, code;
                        } icmp;
+                       struct {
+                               u_int16_t port;
+                       } sctp;
                } u;
 
                /* The protocol. */
diff -uNr linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ip_logging.h linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ip_logging.h
--- linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ip_logging.h   1970-01-01 01:00:00.000000000 +0100
+++ linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ip_logging.h        2004-06-20 12:23:04.351182920 +0200
@@ -0,0 +1,5 @@
+/* IPv4 macros for the internal logging interface. */
+#ifndef __IP_LOGGING_H
+#define __IP_LOGGING_H
+
+#endif /*__IP_LOGGING_H*/
diff -uNr linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ip_pool.h linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ip_pool.h
--- linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ip_pool.h      1970-01-01 01:00:00.000000000 +0100
+++ linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ip_pool.h   2004-06-20 12:23:32.177952608 +0200
@@ -0,0 +1,56 @@
+#ifndef _IP_POOL_H
+#define _IP_POOL_H
+
+/***************************************************************************/
+/*  This program is free software; you can redistribute it and/or modify   */
+/*  it under the terms of the GNU General Public License as published by   */
+/*  the Free Software Foundation; either version 2 of the License, or     */
+/*  (at your option) any later version.                                           */
+/*                                                                        */
+/*  This program is distributed in the hope that it will be useful,       */
+/*  but WITHOUT ANY WARRANTY; without even the implied warranty of        */
+/*  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         */
+/*  GNU General Public License for more details.                          */
+/*                                                                        */
+/*  You should have received a copy of the GNU General Public License     */
+/*  along with this program; if not, write to the Free Software                   */
+/*  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA*/
+/***************************************************************************/
+
+/* A sockopt of such quality has hardly ever been seen before on the open
+ * market!  This little beauty, hardly ever used: above 64, so it's
+ * traditionally used for firewalling, not touched (even once!) by the
+ * 2.0, 2.2 and 2.4 kernels!
+ *
+ * Comes with its own certificate of authenticity, valid anywhere in the
+ * Free world!
+ *
+ * Rusty, 19.4.2000
+ */
+#define SO_IP_POOL 81
+
+typedef int ip_pool_t;                 /* pool index */
+#define IP_POOL_NONE   ((ip_pool_t)-1)
+
+struct ip_pool_request {
+       int op;
+       ip_pool_t index;
+       u_int32_t addr;
+       u_int32_t addr2;
+};
+
+/* NOTE: I deliberately break the first cut ippool utility. Nobody uses it. */
+
+#define IP_POOL_BAD001         0x00000010
+
+#define IP_POOL_FLUSH          0x00000011      /* req.index, no arguments */
+#define IP_POOL_INIT           0x00000012      /* from addr to addr2 incl. */
+#define IP_POOL_DESTROY                0x00000013      /* req.index, no arguments */
+#define IP_POOL_ADD_ADDR       0x00000014      /* add addr to pool */
+#define IP_POOL_DEL_ADDR       0x00000015      /* del addr from pool */
+#define IP_POOL_HIGH_NR                0x00000016      /* result in req.index */
+#define IP_POOL_LOOKUP         0x00000017      /* result in addr and addr2 */
+#define IP_POOL_USAGE          0x00000018      /* result in addr */
+#define IP_POOL_TEST_ADDR      0x00000019      /* result (0/1) returned */
+
+#endif /*_IP_POOL_H*/
diff -uNr linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ip_queue.h linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ip_queue.h
--- linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ip_queue.h     2004-06-09 14:00:52.000000000 +0200
+++ linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ip_queue.h  2004-06-20 12:23:43.764191232 +0200
@@ -7,7 +7,7 @@
 #ifndef _IP_QUEUE_H
 #define _IP_QUEUE_H
 
-#include <linux/if.h>
+#include <net/if.h>
 
 /* Messages sent from kernel */
 typedef struct ipq_packet_msg {
diff -uNr linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ip_tables.h linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ip_tables.h
--- linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ip_tables.h    2004-01-05 19:42:34.000000000 +0100
+++ linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ip_tables.h 2004-06-20 12:25:57.484862600 +0200
@@ -127,6 +127,12 @@
        /* Back pointer */
        unsigned int comefrom;
 
+       /* Name of the chain */
+       char *chainname;
+       
+       /* Rule number in the chain. */
+       u_int32_t rulenum;
+
        /* Packet and byte counters. */
        struct ipt_counters counters;
 
@@ -245,7 +251,7 @@
        /* Number of counters (must be equal to current number of entries). */
        unsigned int num_counters;
        /* The old entries' counters. */
-       struct ipt_counters *counters;
+       struct ipt_counters __user *counters;
 
        /* The entries (hang off end: not really an array). */
        struct ipt_entry entries[0];
@@ -276,6 +282,8 @@
        struct ipt_entry entrytable[0];
 };
 
+extern struct semaphore ipt_mutex;
+
 /* Standard return verdict, or do jump. */
 #define IPT_STANDARD_TARGET ""
 /* Error verdict. */
diff -uNr linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ipt_account.h linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ipt_account.h
--- linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ipt_account.h  1970-01-01 01:00:00.000000000 +0100
+++ linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ipt_account.h       2004-06-20 12:02:53.000000000 +0200
@@ -0,0 +1,21 @@
+/* 
+ * accounting match (ipt_account.c)
+ * (C) 2003,2004 by Piotr Gasid³o (quaker@barbara.eu.org)
+ *
+ * Version: 0.1.5
+ *
+ * This software is distributed under the terms of GNU GPL
+ */
+
+#ifndef _IPT_ACCOUNT_H_
+#define _IPT_ACCOUNT_H_
+
+#define IPT_ACCOUNT_NAME_LEN 64
+
+struct t_ipt_account_info {
+       char name[IPT_ACCOUNT_NAME_LEN];
+       u_int32_t network;
+       u_int32_t netmask;
+};
+
+#endif
diff -uNr linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ipt_addrtype.h linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ipt_addrtype.h
--- linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ipt_addrtype.h 1970-01-01 01:00:00.000000000 +0100
+++ linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ipt_addrtype.h      2004-06-20 12:02:52.000000000 +0200
@@ -0,0 +1,11 @@
+#ifndef _IPT_ADDRTYPE_H
+#define _IPT_ADDRTYPE_H
+
+struct ipt_addrtype_info {
+       u_int16_t       source;         /* source-type mask */
+       u_int16_t       dest;           /* dest-type mask */
+       int             invert_source;
+       int             invert_dest;
+};
+
+#endif
diff -uNr linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ipt_connlimit.h linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ipt_connlimit.h
--- linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ipt_connlimit.h        1970-01-01 01:00:00.000000000 +0100
+++ linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ipt_connlimit.h     2004-06-20 12:02:52.000000000 +0200
@@ -0,0 +1,12 @@
+#ifndef _IPT_CONNLIMIT_H
+#define _IPT_CONNLIMIT_H
+
+struct ipt_connlimit_data;
+
+struct ipt_connlimit_info {
+       int limit;
+       int inverse;
+       u_int32_t mask;
+       struct ipt_connlimit_data *data;
+};
+#endif /* _IPT_CONNLIMIT_H */
diff -uNr linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ipt_connmark.h linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ipt_connmark.h
--- linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ipt_connmark.h 1970-01-01 01:00:00.000000000 +0100
+++ linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ipt_connmark.h      2004-06-20 12:02:52.000000000 +0200
@@ -0,0 +1,18 @@
+#ifndef _IPT_CONNMARK_H
+#define _IPT_CONNMARK_H
+
+/* Copyright (C) 2002,2004 MARA Systems AB <http://www.marasystems.com>
+ * by Henrik Nordstrom <hno@marasystems.com>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ */
+
+struct ipt_connmark_info {
+       unsigned long mark, mask;
+       u_int8_t invert;
+};
+
+#endif /*_IPT_CONNMARK_H*/
diff -uNr linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ipt_CONNMARK.h linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ipt_CONNMARK.h
--- linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ipt_CONNMARK.h 1970-01-01 01:00:00.000000000 +0100
+++ linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ipt_CONNMARK.h      2004-06-20 12:02:52.000000000 +0200
@@ -0,0 +1,25 @@
+#ifndef _IPT_CONNMARK_H_target
+#define _IPT_CONNMARK_H_target
+
+/* Copyright (C) 2002,2004 MARA Systems AB <http://www.marasystems.com>
+ * by Henrik Nordstrom <hno@marasystems.com>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ */
+
+enum {
+       IPT_CONNMARK_SET = 0,
+       IPT_CONNMARK_SAVE,
+       IPT_CONNMARK_RESTORE
+};
+
+struct ipt_connmark_target_info {
+       unsigned long mark;
+       unsigned long mask;
+       u_int8_t mode;
+};
+
+#endif /*_IPT_CONNMARK_H_target*/
diff -uNr linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ipt_dstlimit.h linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ipt_dstlimit.h
--- linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ipt_dstlimit.h 1970-01-01 01:00:00.000000000 +0100
+++ linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ipt_dstlimit.h      2004-06-20 12:02:52.000000000 +0200
@@ -0,0 +1,39 @@
+#ifndef _IPT_DSTLIMIT_H
+#define _IPT_DSTLIMIT_H
+
+/* timings are in milliseconds. */
+#define IPT_DSTLIMIT_SCALE 10000
+/* 1/10,000 sec period => max of 10,000/sec.  Min rate is then 429490
+   seconds, or one every 59 hours. */
+
+/* details of this structure hidden by the implementation */
+struct ipt_dstlimit_htable;
+
+#define IPT_DSTLIMIT_HASH_DIP  0x0001
+#define IPT_DSTLIMIT_HASH_DPT  0x0002
+#define IPT_DSTLIMIT_HASH_SIP  0x0004
+
+struct dstlimit_cfg {
+       u_int32_t mode;   /* bitmask of IPT_DSTLIMIT_HASH_* */
+       u_int32_t avg;    /* Average secs between packets * scale */
+       u_int32_t burst;  /* Period multiplier for upper limit. */
+
+       /* user specified */
+       u_int32_t size;         /* how many buckets */
+       u_int32_t max;          /* max number of entries */
+       u_int32_t gc_interval;  /* gc interval */
+       u_int32_t expire;       /* when do entries expire? */
+};
+
+struct ipt_dstlimit_info {
+       char name [IFNAMSIZ];           /* name */
+       struct dstlimit_cfg cfg;
+       struct ipt_dstlimit_htable *hinfo;
+
+       /* Used internally by the kernel */
+       union {
+               void *ptr;
+               struct ipt_dstlimit_info *master;
+       } u;
+};
+#endif /*_IPT_DSTLIMIT_H*/
diff -uNr linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ipt_fuzzy.h linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ipt_fuzzy.h
--- linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ipt_fuzzy.h    1970-01-01 01:00:00.000000000 +0100
+++ linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ipt_fuzzy.h 2004-06-20 12:02:52.000000000 +0200
@@ -0,0 +1,21 @@
+#ifndef _IPT_FUZZY_H
+#define _IPT_FUZZY_H
+
+#include <linux/param.h>
+#include <linux/types.h>
+
+#define MAXFUZZYRATE 10000000
+#define MINFUZZYRATE 3
+
+struct ipt_fuzzy_info {
+       u_int32_t minimum_rate;
+       u_int32_t maximum_rate;
+       u_int32_t packets_total;
+       u_int32_t bytes_total;
+       u_int32_t previous_time;
+       u_int32_t present_time;
+       u_int32_t mean_rate;
+       u_int8_t acceptance_rate;
+};
+
+#endif /*_IPT_FUZZY_H*/
diff -uNr linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ipt_IMQ.h linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ipt_IMQ.h
--- linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ipt_IMQ.h      1970-01-01 01:00:00.000000000 +0100
+++ linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ipt_IMQ.h   2004-06-20 12:02:53.000000000 +0200
@@ -0,0 +1,8 @@
+#ifndef _IPT_IMQ_H
+#define _IPT_IMQ_H
+
+struct ipt_imq_info {
+       unsigned int todev;     /* target imq device */
+};
+
+#endif /* _IPT_IMQ_H */
diff -uNr linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ipt_IPMARK.h linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ipt_IPMARK.h
--- linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ipt_IPMARK.h   1970-01-01 01:00:00.000000000 +0100
+++ linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ipt_IPMARK.h        2004-06-20 12:02:52.000000000 +0200
@@ -0,0 +1,13 @@
+#ifndef _IPT_IPMARK_H_target
+#define _IPT_IPMARK_H_target
+
+struct ipt_ipmark_target_info {
+       unsigned long andmask;
+       unsigned long ormask;
+       unsigned int addr;
+};
+
+#define IPT_IPMARK_SRC    0
+#define IPT_IPMARK_DST    1
+
+#endif /*_IPT_IPMARK_H_target*/
diff -uNr linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ipt_ipv4options.h linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ipt_ipv4options.h
--- linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ipt_ipv4options.h      1970-01-01 01:00:00.000000000 +0100
+++ linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ipt_ipv4options.h   2004-06-20 12:02:52.000000000 +0200
@@ -0,0 +1,21 @@
+#ifndef __ipt_ipv4options_h_included__
+#define __ipt_ipv4options_h_included__
+
+#define IPT_IPV4OPTION_MATCH_SSRR              0x01  /* For strict source routing */
+#define IPT_IPV4OPTION_MATCH_LSRR              0x02  /* For loose source routing */
+#define IPT_IPV4OPTION_DONT_MATCH_SRR          0x04  /* any source routing */
+#define IPT_IPV4OPTION_MATCH_RR                        0x08  /* For Record route */
+#define IPT_IPV4OPTION_DONT_MATCH_RR           0x10
+#define IPT_IPV4OPTION_MATCH_TIMESTAMP         0x20  /* For timestamp request */
+#define IPT_IPV4OPTION_DONT_MATCH_TIMESTAMP    0x40
+#define IPT_IPV4OPTION_MATCH_ROUTER_ALERT      0x80  /* For router-alert */
+#define IPT_IPV4OPTION_DONT_MATCH_ROUTER_ALERT 0x100
+#define IPT_IPV4OPTION_MATCH_ANY_OPT           0x200 /* match packet with any option */
+#define IPT_IPV4OPTION_DONT_MATCH_ANY_OPT      0x400 /* match packet with no option */
+
+struct ipt_ipv4options_info {
+       u_int16_t options;
+};
+
+
+#endif /* __ipt_ipv4options_h_included__ */
diff -uNr linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ipt_mport.h linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ipt_mport.h
--- linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ipt_mport.h    1970-01-01 01:00:00.000000000 +0100
+++ linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ipt_mport.h 2004-06-20 12:02:52.000000000 +0200
@@ -0,0 +1,24 @@
+#ifndef _IPT_MPORT_H
+#define _IPT_MPORT_H
+#include <linux/netfilter_ipv4/ip_tables.h>
+
+#define IPT_MPORT_SOURCE (1<<0)
+#define IPT_MPORT_DESTINATION (1<<1)
+#define IPT_MPORT_EITHER (IPT_MPORT_SOURCE|IPT_MPORT_DESTINATION)
+
+#define IPT_MULTI_PORTS        15
+
+/* Must fit inside union ipt_matchinfo: 32 bytes */
+/* every entry in ports[] except for the last one has one bit in pflags
+ * associated with it. If this bit is set, the port is the first port of
+ * a portrange, with the next entry being the last.
+ * End of list is marked with pflags bit set and port=65535.
+ * If 14 ports are used (last one does not have a pflag), the last port
+ * is repeated to fill the last entry in ports[] */
+struct ipt_mport
+{
+       u_int8_t flags:2;                       /* Type of comparison */
+       u_int16_t pflags:14;                    /* Port flags */
+       u_int16_t ports[IPT_MULTI_PORTS];       /* Ports */
+};
+#endif /*_IPT_MPORT_H*/
diff -uNr linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ipt_NETLINK.h linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ipt_NETLINK.h
--- linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ipt_NETLINK.h  1970-01-01 01:00:00.000000000 +0100
+++ linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ipt_NETLINK.h       2004-06-20 12:02:52.000000000 +0200
@@ -0,0 +1,27 @@
+#ifndef _IPT_FWMON_H
+#define _IPT_FWMON_H
+
+/* Bitmask macros */
+#define MASK(x,y) (x & y)
+#define MASK_SET(x,y) x |= y
+#define MASK_UNSET(x,y) x &= ~y
+
+#define USE_MARK       0x00000001
+#define USE_DROP       0x00000002
+#define USE_SIZE       0x00000004
+
+struct ipt_nldata
+{      
+       unsigned int flags;
+       unsigned int mark;
+       unsigned int size;
+};
+
+/* Old header */
+struct netlink_t {
+       unsigned int len;
+       unsigned int mark;
+       char iface[IFNAMSIZ];
+};
+
+#endif /*_IPT_FWMON_H*/
diff -uNr linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ipt_nth.h linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ipt_nth.h
--- linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ipt_nth.h      1970-01-01 01:00:00.000000000 +0100
+++ linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ipt_nth.h   2004-06-20 12:02:52.000000000 +0200
@@ -0,0 +1,19 @@
+#ifndef _IPT_NTH_H
+#define _IPT_NTH_H
+
+#include <linux/param.h>
+#include <linux/types.h>
+
+#ifndef IPT_NTH_NUM_COUNTERS
+#define IPT_NTH_NUM_COUNTERS 16
+#endif
+
+struct ipt_nth_info {
+       u_int8_t every;
+       u_int8_t not;
+       u_int8_t startat;
+       u_int8_t counter;
+       u_int8_t packet;
+};
+
+#endif /*_IPT_NTH_H*/
diff -uNr linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ipt_osf.h linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ipt_osf.h
--- linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ipt_osf.h      1970-01-01 01:00:00.000000000 +0100
+++ linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ipt_osf.h   2004-06-20 12:26:56.140945520 +0200
@@ -0,0 +1,94 @@
+/*
+ * ipt_osf.h
+ *
+ * Copyright (c) 2003 Evgeniy Polyakov <johnpol@2ka.mipt.ru>
+ *
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ */
+
+#ifndef _IPT_OSF_H
+#define _IPT_OSF_H
+
+#define MAXGENRELEN            32
+#define MAXDETLEN              64
+
+#define IPT_OSF_GENRE          1
+#define        IPT_OSF_SMART           2
+#define IPT_OSF_LOG            4
+#define IPT_OSF_NETLINK                8
+
+#define IPT_OSF_LOGLEVEL_ALL   0
+#define IPT_OSF_LOGLEVEL_FIRST 1
+
+#include <netinet/ip.h>
+#include <netinet/tcp.h>
+
+struct list_head
+{
+       struct list_head *prev, *next;
+};
+
+struct ipt_osf_info
+{
+       char                    genre[MAXGENRELEN];
+       int                     len;
+       unsigned long           flags;
+       int                     loglevel;
+       int                     invert; /* UNSUPPORTED */
+};
+
+struct osf_wc
+{
+       char                    wc;
+       unsigned long           val;
+};
+
+/* This struct represents IANA options
+ * http://www.iana.org/assignments/tcp-parameters
+ */
+struct osf_opt
+{
+       unsigned char           kind;
+       unsigned char           length;
+       struct osf_wc           wc;
+};
+
+struct osf_finger
+{
+       struct list_head        flist;
+       struct osf_wc           wss;
+       unsigned char           ttl;
+       unsigned char           df;
+       unsigned long           ss;
+       unsigned char           genre[MAXGENRELEN];
+       unsigned char           version[MAXGENRELEN], subtype[MAXGENRELEN];
+       
+       /* Not needed, but for consistency with original table from Michal Zalewski */
+       unsigned char           details[MAXDETLEN]; 
+
+       int                     opt_num;
+       struct osf_opt          opt[MAX_IPOPTLEN]; /* In case it is all NOP or EOL */
+
+};
+
+struct ipt_osf_nlmsg
+{
+       struct osf_finger       f;
+       struct iphdr            ip;
+       struct tcphdr           tcp;
+};
+
+#endif /* _IPT_OSF_H */
diff -uNr linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ipt_policy.h linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ipt_policy.h
--- linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ipt_policy.h   1970-01-01 01:00:00.000000000 +0100
+++ linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ipt_policy.h        2004-06-20 12:02:52.000000000 +0200
@@ -0,0 +1,52 @@
+#ifndef _IPT_POLICY_H
+#define _IPT_POLICY_H
+
+#define POLICY_MAX_ELEM        4
+
+enum ipt_policy_flags
+{
+       POLICY_MATCH_IN         = 0x1,
+       POLICY_MATCH_OUT        = 0x2,
+       POLICY_MATCH_NONE       = 0x4,
+       POLICY_MATCH_STRICT     = 0x8,
+};
+
+enum ipt_policy_modes
+{
+       POLICY_MODE_TRANSPORT,
+       POLICY_MODE_TUNNEL
+};
+
+struct ipt_policy_spec
+{
+       u_int8_t        saddr:1,
+                       daddr:1,
+                       proto:1,
+                       mode:1,
+                       spi:1,
+                       reqid:1;
+};
+
+struct ipt_policy_elem
+{
+       u_int32_t       saddr;
+       u_int32_t       smask;
+       u_int32_t       daddr;
+       u_int32_t       dmask;
+       u_int32_t       spi;
+       u_int32_t       reqid;
+       u_int8_t        proto;
+       u_int8_t        mode;
+
+       struct ipt_policy_spec  match;
+       struct ipt_policy_spec  invert;
+};
+
+struct ipt_policy_info
+{
+       struct ipt_policy_elem pol[POLICY_MAX_ELEM];
+       u_int16_t flags;
+       u_int16_t len;
+};
+
+#endif /* _IPT_POLICY_H */
diff -uNr linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ipt_pool.h linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ipt_pool.h
--- linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ipt_pool.h     1970-01-01 01:00:00.000000000 +0100
+++ linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ipt_pool.h  2004-06-20 12:02:52.000000000 +0200
@@ -0,0 +1,25 @@
+#ifndef _IPT_POOL_H
+#define _IPT_POOL_H
+
+#include <linux/netfilter_ipv4/ip_pool.h>
+
+#define IPT_POOL_INV_SRC       0x00000001
+#define IPT_POOL_INV_DST       0x00000002
+#define IPT_POOL_DEL_SRC       0x00000004
+#define IPT_POOL_DEL_DST       0x00000008
+#define IPT_POOL_INV_MOD_SRC   0x00000010
+#define IPT_POOL_INV_MOD_DST   0x00000020
+#define IPT_POOL_MOD_SRC_ACCEPT        0x00000040
+#define IPT_POOL_MOD_DST_ACCEPT        0x00000080
+#define IPT_POOL_MOD_SRC_DROP  0x00000100
+#define IPT_POOL_MOD_DST_DROP  0x00000200
+
+/* match info */
+struct ipt_pool_info
+{
+       ip_pool_t src;
+       ip_pool_t dst;
+       unsigned flags;
+};
+
+#endif /*_IPT_POOL_H*/
diff -uNr linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ipt_psd.h linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ipt_psd.h
--- linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ipt_psd.h      1970-01-01 01:00:00.000000000 +0100
+++ linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ipt_psd.h   2004-06-20 12:02:52.000000000 +0200
@@ -0,0 +1,40 @@
+#ifndef _IPT_PSD_H
+#define _IPT_PSD_H
+
+#include <linux/param.h>
+#include <linux/types.h>
+
+/*
+ * High port numbers have a lower weight to reduce the frequency of false
+ * positives, such as from passive mode FTP transfers.
+ */
+#define PORT_WEIGHT_PRIV               3
+#define PORT_WEIGHT_HIGH               1
+
+/*
+ * Port scan detection thresholds: at least COUNT ports need to be scanned
+ * from the same source, with no longer than DELAY ticks between ports.
+ */
+#define SCAN_MIN_COUNT                 7
+#define SCAN_MAX_COUNT                 (SCAN_MIN_COUNT * PORT_WEIGHT_PRIV)
+#define SCAN_WEIGHT_THRESHOLD          SCAN_MAX_COUNT
+#define SCAN_DELAY_THRESHOLD           (300) /* old usage of HZ here was erroneously and broke under uml */
+
+/*
+ * Keep track of up to LIST_SIZE source addresses, using a hash table of
+ * HASH_SIZE entries for faster lookups, but limiting hash collisions to
+ * HASH_MAX source addresses per the same hash value.
+ */
+#define LIST_SIZE                      0x100
+#define HASH_LOG                       9
+#define HASH_SIZE                      (1 << HASH_LOG)
+#define HASH_MAX                       0x10
+
+struct ipt_psd_info {
+       unsigned int weight_threshold;
+       unsigned int delay_threshold;
+       unsigned short lo_ports_weight;
+       unsigned short hi_ports_weight;
+};
+
+#endif /*_IPT_PSD_H*/
diff -uNr linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ipt_quota.h linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ipt_quota.h
--- linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ipt_quota.h    1970-01-01 01:00:00.000000000 +0100
+++ linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ipt_quota.h 2004-06-20 12:02:52.000000000 +0200
@@ -0,0 +1,11 @@
+#ifndef _IPT_QUOTA_H
+#define _IPT_QUOTA_H
+
+/* print debug info in both kernel/netfilter module & iptable library */
+//#define DEBUG_IPT_QUOTA
+
+struct ipt_quota_info {
+        u_int64_t quota;
+};
+
+#endif /*_IPT_QUOTA_H*/
diff -uNr linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ipt_random.h linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ipt_random.h
--- linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ipt_random.h   1970-01-01 01:00:00.000000000 +0100
+++ linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ipt_random.h        2004-06-20 12:02:52.000000000 +0200
@@ -0,0 +1,11 @@
+#ifndef _IPT_RAND_H
+#define _IPT_RAND_H
+
+#include <linux/param.h>
+#include <linux/types.h>
+
+struct ipt_rand_info {
+       u_int8_t average;
+};
+
+#endif /*_IPT_RAND_H*/
diff -uNr linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ipt_realm.h linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ipt_realm.h
--- linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ipt_realm.h    1970-01-01 01:00:00.000000000 +0100
+++ linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ipt_realm.h 2004-06-20 12:02:52.000000000 +0200
@@ -0,0 +1,9 @@
+#ifndef _IPT_REALM_H
+#define _IPT_REALM_H
+
+struct ipt_realm_info {
+       u_int32_t id;
+       u_int32_t mask;
+       u_int8_t invert;
+};
+#endif /*_IPT_REALM_H*/
diff -uNr linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ipt_ROUTE.h linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ipt_ROUTE.h
--- linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ipt_ROUTE.h    1970-01-01 01:00:00.000000000 +0100
+++ linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ipt_ROUTE.h 2004-06-20 12:02:52.000000000 +0200
@@ -0,0 +1,22 @@
+/* Header file for iptables ipt_ROUTE target
+ *
+ * (C) 2002 by Cédric de Launois <delaunois@info.ucl.ac.be>
+ *
+ * This software is distributed under GNU GPL v2, 1991
+ */
+#ifndef _IPT_ROUTE_H_target
+#define _IPT_ROUTE_H_target
+
+#define IPT_ROUTE_IFNAMSIZ 16
+
+struct ipt_route_target_info {
+       char      oif[IPT_ROUTE_IFNAMSIZ];      /* Output Interface Name */
+       char      iif[IPT_ROUTE_IFNAMSIZ];      /* Input Interface Name  */
+       u_int32_t gw;                           /* IP address of gateway */
+       u_int8_t  flags;
+};
+
+/* Values for "flags" field */
+#define IPT_ROUTE_CONTINUE        0x01
+
+#endif /*_IPT_ROUTE_H_target*/
diff -uNr linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ipt_sctp.h linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ipt_sctp.h
--- linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ipt_sctp.h     1970-01-01 01:00:00.000000000 +0100
+++ linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ipt_sctp.h  2004-06-20 12:02:52.000000000 +0200
@@ -0,0 +1,107 @@
+#ifndef _IPT_SCTP_H_
+#define _IPT_SCTP_H_
+
+#define IPT_SCTP_SRC_PORTS             0x01
+#define IPT_SCTP_DEST_PORTS            0x02
+#define IPT_SCTP_CHUNK_TYPES           0x04
+
+#define IPT_SCTP_VALID_FLAGS           0x07
+
+#define ELEMCOUNT(x) (sizeof(x)/sizeof(x[0]))
+
+
+struct ipt_sctp_flag_info {
+       u_int8_t chunktype;
+       u_int8_t flag;
+       u_int8_t flag_mask;
+};
+
+#define IPT_NUM_SCTP_FLAGS     4
+
+struct ipt_sctp_info {
+       u_int16_t dpts[2];  /* Min, Max */
+       u_int16_t spts[2];  /* Min, Max */
+
+       u_int32_t chunkmap[256 / sizeof (u_int32_t)];  /* Bit mask of chunks to be matched according to RFC 2960 */
+
+#define SCTP_CHUNK_MATCH_ANY   0x01  /* Match if any of the chunk types are present */
+#define SCTP_CHUNK_MATCH_ALL   0x02  /* Match if all of the chunk types are present */
+#define SCTP_CHUNK_MATCH_ONLY  0x04  /* Match if these are the only chunk types present */
+
+       u_int32_t chunk_match_type;
+       struct ipt_sctp_flag_info flag_info[IPT_NUM_SCTP_FLAGS];
+       int flag_count;
+
+       u_int32_t flags;
+       u_int32_t invflags;
+};
+
+#define bytes(type) (sizeof(type) * 8)
+
+#define SCTP_CHUNKMAP_SET(chunkmap, type)              \
+       do {                                            \
+               chunkmap[type / bytes(u_int32_t)] |=    \
+                       1 << (type % bytes(u_int32_t)); \
+       } while (0)
+
+#define SCTP_CHUNKMAP_CLEAR(chunkmap, type)                    \
+       do {                                                    \
+               chunkmap[type / bytes(u_int32_t)] &=            \
+                       ~(1 << (type % bytes(u_int32_t)));      \
+       } while (0)
+
+#define SCTP_CHUNKMAP_IS_SET(chunkmap, type)                   \
+({                                                             \
+       (chunkmap[type / bytes (u_int32_t)] &                   \
+               (1 << (type % bytes (u_int32_t)))) ? 1: 0;      \
+})
+
+#define SCTP_CHUNKMAP_RESET(chunkmap)                          \
+       do {                                                    \
+               int i;                                          \
+               for (i = 0; i < ELEMCOUNT(chunkmap); i++)       \
+                       chunkmap[i] = 0;                        \
+       } while (0)
+
+#define SCTP_CHUNKMAP_SET_ALL(chunkmap)                        \
+       do {                                                    \
+               int i;                                          \
+               for (i = 0; i < ELEMCOUNT(chunkmap); i++)       \
+                       chunkmap[i] = ~0;                       \
+       } while (0)
+
+#define SCTP_CHUNKMAP_COPY(destmap, srcmap)                    \
+       do {                                                    \
+               int i;                                          \
+               for (i = 0; i < ELEMCOUNT(chunkmap); i++)       \
+                       destmap[i] = srcmap[i];                 \
+       } while (0)
+
+#define SCTP_CHUNKMAP_IS_CLEAR(chunkmap)               \
+({                                                     \
+       int i;                                          \
+       int flag = 1;                                   \
+       for (i = 0; i < ELEMCOUNT(chunkmap); i++) {     \
+               if (chunkmap[i]) {                      \
+                       flag = 0;                       \
+                       break;                          \
+               }                                       \
+       }                                               \
+        flag;                                          \
+})
+
+#define SCTP_CHUNKMAP_IS_ALL_SET(chunkmap)             \
+({                                                     \
+       int i;                                          \
+       int flag = 1;                                   \
+       for (i = 0; i < ELEMCOUNT(chunkmap); i++) {     \
+               if (chunkmap[i] != ~0) {                \
+                       flag = 0;                       \
+                               break;                  \
+               }                                       \
+       }                                               \
+        flag;                                          \
+})
+
+#endif /* _IPT_SCTP_H_ */
+
diff -uNr linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ipt_string.h linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ipt_string.h
--- linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ipt_string.h   1970-01-01 01:00:00.000000000 +0100
+++ linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ipt_string.h        2004-06-20 12:02:52.000000000 +0200
@@ -0,0 +1,21 @@
+#ifndef _IPT_STRING_H
+#define _IPT_STRING_H
+
+/* *** PERFORMANCE TWEAK ***
+ * Packet size and search string threshold,
+ * above which sublinear searches is used. */
+#define IPT_STRING_HAYSTACK_THRESH     100
+#define IPT_STRING_NEEDLE_THRESH       20
+
+#define BM_MAX_NLEN 256
+#define BM_MAX_HLEN 1024
+
+typedef char *(*proc_ipt_search) (char *, char *, int, int);
+
+struct ipt_string_info {
+    char string[BM_MAX_NLEN];
+    u_int16_t invert;
+    u_int16_t len;
+};
+
+#endif /* _IPT_STRING_H */
diff -uNr linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ipt_time.h linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ipt_time.h
--- linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ipt_time.h     1970-01-01 01:00:00.000000000 +0100
+++ linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ipt_time.h  2004-06-20 12:02:52.000000000 +0200
@@ -0,0 +1,15 @@
+#ifndef __ipt_time_h_included__
+#define __ipt_time_h_included__
+
+
+struct ipt_time_info {
+       u_int8_t  days_match;   /* 1 bit per day. -SMTWTFS                      */
+       u_int16_t time_start;   /* 0 < time_start < 23*60+59 = 1439             */
+       u_int16_t time_stop;    /* 0:0 < time_stat < 23:59                      */
+       u_int8_t  kerneltime;   /* ignore skb time (and use kerneltime) or not. */
+       time_t    date_start;
+       time_t    date_stop;
+};
+
+
+#endif /* __ipt_time_h_included__ */
diff -uNr linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ipt_TTL.h linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ipt_TTL.h
--- linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ipt_TTL.h      1970-01-01 01:00:00.000000000 +0100
+++ linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ipt_TTL.h   2004-06-20 12:02:52.000000000 +0200
@@ -0,0 +1,21 @@
+/* TTL modification module for IP tables
+ * (C) 2000 by Harald Welte <laforge@gnumonks.org> */
+
+#ifndef _IPT_TTL_H
+#define _IPT_TTL_H
+
+enum {
+       IPT_TTL_SET = 0,
+       IPT_TTL_INC,
+       IPT_TTL_DEC
+};
+
+#define IPT_TTL_MAXMODE        IPT_TTL_DEC
+
+struct ipt_TTL_info {
+       u_int8_t        mode;
+       u_int8_t        ttl;
+};
+
+
+#endif
diff -uNr linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ipt_u32.h linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ipt_u32.h
--- linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ipt_u32.h      1970-01-01 01:00:00.000000000 +0100
+++ linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ipt_u32.h   2004-06-20 12:02:52.000000000 +0200
@@ -0,0 +1,40 @@
+#ifndef _IPT_U32_H
+#define _IPT_U32_H
+#include <linux/netfilter_ipv4/ip_tables.h>
+
+enum ipt_u32_ops
+{
+       IPT_U32_AND,
+       IPT_U32_LEFTSH,
+       IPT_U32_RIGHTSH,
+       IPT_U32_AT
+};
+
+struct ipt_u32_location_element
+{
+       u_int32_t number;
+       u_int8_t nextop;
+};
+struct ipt_u32_value_element
+{
+       u_int32_t min;
+       u_int32_t max;
+};
+/* *** any way to allow for an arbitrary number of elements?
+   for now I settle for a limit of 10 of each */
+#define U32MAXSIZE 10
+struct ipt_u32_test
+{
+       u_int8_t nnums;
+       struct ipt_u32_location_element location[U32MAXSIZE+1];
+       u_int8_t nvalues;
+       struct ipt_u32_value_element value[U32MAXSIZE+1];
+};
+
+struct ipt_u32
+{
+       u_int8_t ntests;
+       struct ipt_u32_test tests[U32MAXSIZE+1];
+};
+
+#endif /*_IPT_U32_H*/
diff -uNr linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ipt_XOR.h linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ipt_XOR.h
--- linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ipt_XOR.h      1970-01-01 01:00:00.000000000 +0100
+++ linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ipt_XOR.h   2004-06-20 12:02:52.000000000 +0200
@@ -0,0 +1,9 @@
+#ifndef _IPT_XOR_H
+#define _IPT_XOR_H
+
+struct ipt_XOR_info {
+       char            key[30];
+       u_int8_t        block_size;
+};
+
+#endif /* _IPT_XOR_H */
diff -uNr linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv6/ip6_logging.h linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv6/ip6_logging.h
--- linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv6/ip6_logging.h  1970-01-01 01:00:00.000000000 +0100
+++ linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv6/ip6_logging.h       2004-06-20 12:10:49.995821904 +0200
@@ -0,0 +1,5 @@
+/* IPv6 macros for the nternal logging interface. */
+#ifndef __IP6_LOGGING_H
+#define __IP6_LOGGING_H
+
+#endif /*__IP6_LOGGING_H*/
diff -uNr linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv6/ip6_tables.h linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv6/ip6_tables.h
--- linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv6/ip6_tables.h   2004-01-05 19:42:34.000000000 +0100
+++ linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv6/ip6_tables.h        2004-06-20 12:26:05.731608904 +0200
@@ -133,6 +133,12 @@
        /* Back pointer */
        unsigned int comefrom;
 
+       /* Name of the chain */
+       char *chainname;
+       
+       /* Rule number in the chain. */
+       u_int32_t rulenum;
+
        /* Packet and byte counters. */
        struct ip6t_counters counters;
 
@@ -251,7 +257,7 @@
        /* Number of counters (must be equal to current number of entries). */
        unsigned int num_counters;
        /* The old entries' counters. */
-       struct ip6t_counters *counters;
+       struct ip6t_counters __user *counters;
 
        /* The entries (hang off end: not really an array). */
        struct ip6t_entry entries[0];
diff -uNr linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv6/ip6t_fuzzy.h linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv6/ip6t_fuzzy.h
--- linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv6/ip6t_fuzzy.h   1970-01-01 01:00:00.000000000 +0100
+++ linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv6/ip6t_fuzzy.h        2004-06-20 12:02:52.000000000 +0200
@@ -0,0 +1,21 @@
+#ifndef _IP6T_FUZZY_H
+#define _IP6T_FUZZY_H
+
+#include <linux/param.h>
+#include <linux/types.h>
+
+#define MAXFUZZYRATE 10000000
+#define MINFUZZYRATE 3
+
+struct ip6t_fuzzy_info {
+       u_int32_t minimum_rate;
+       u_int32_t maximum_rate;
+       u_int32_t packets_total;
+       u_int32_t bytes_total;
+       u_int32_t previous_time;
+       u_int32_t present_time;
+       u_int32_t mean_rate;
+       u_int8_t acceptance_rate;
+};
+
+#endif /*_IP6T_FUZZY_H*/
diff -uNr linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv6/ip6t_HL.h linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv6/ip6t_HL.h
--- linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv6/ip6t_HL.h      1970-01-01 01:00:00.000000000 +0100
+++ linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv6/ip6t_HL.h   2004-06-20 12:02:52.000000000 +0200
@@ -0,0 +1,22 @@
+/* Hop Limit modification module for ip6tables
+ * Maciej Soltysiak <solt@dns.toxicfilms.tv>
+ * Based on HW's TTL module */
+
+#ifndef _IP6T_HL_H
+#define _IP6T_HL_H
+
+enum {
+       IP6T_HL_SET = 0,
+       IP6T_HL_INC,
+       IP6T_HL_DEC
+};
+
+#define IP6T_HL_MAXMODE        IP6T_HL_DEC
+
+struct ip6t_HL_info {
+       u_int8_t        mode;
+       u_int8_t        hop_limit;
+};
+
+
+#endif
diff -uNr linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv6/ip6t_nth.h linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv6/ip6t_nth.h
--- linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv6/ip6t_nth.h     1970-01-01 01:00:00.000000000 +0100
+++ linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv6/ip6t_nth.h  2004-06-20 12:02:52.000000000 +0200
@@ -0,0 +1,19 @@
+#ifndef _IP6T_NTH_H
+#define _IP6T_NTH_H
+
+#include <linux/param.h>
+#include <linux/types.h>
+
+#ifndef IP6T_NTH_NUM_COUNTERS
+#define IP6T_NTH_NUM_COUNTERS 16
+#endif
+
+struct ip6t_nth_info {
+       u_int8_t every;
+       u_int8_t not;
+       u_int8_t startat;
+       u_int8_t counter;
+       u_int8_t packet;
+};
+
+#endif /*_IP6T_NTH_H*/
diff -uNr linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv6/ip6t_owner.h linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv6/ip6t_owner.h
--- linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv6/ip6t_owner.h   2003-12-15 19:46:58.000000000 +0100
+++ linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv6/ip6t_owner.h        2004-06-20 12:02:52.000000000 +0200
@@ -6,12 +6,14 @@
 #define IP6T_OWNER_GID 0x02
 #define IP6T_OWNER_PID 0x04
 #define IP6T_OWNER_SID 0x08
+#define IP6T_OWNER_COMM 0x10
 
 struct ip6t_owner_info {
     uid_t uid;
     gid_t gid;
     pid_t pid;
     pid_t sid;
+    char comm[16];
     u_int8_t match, invert;    /* flags */
 };
 
diff -uNr linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv6/ip6t_policy.h linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv6/ip6t_policy.h
--- linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv6/ip6t_policy.h  1970-01-01 01:00:00.000000000 +0100
+++ linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv6/ip6t_policy.h       2004-06-20 12:02:52.000000000 +0200
@@ -0,0 +1,52 @@
+#ifndef _IP6T_POLICY_H
+#define _IP6T_POLICY_H
+
+#define POLICY_MAX_ELEM        4
+
+enum ip6t_policy_flags
+{
+       POLICY_MATCH_IN         = 0x1,
+       POLICY_MATCH_OUT        = 0x2,
+       POLICY_MATCH_NONE       = 0x4,
+       POLICY_MATCH_STRICT     = 0x8,
+};
+
+enum ip6t_policy_modes
+{
+       POLICY_MODE_TRANSPORT,
+       POLICY_MODE_TUNNEL
+};
+
+struct ip6t_policy_spec
+{
+       u_int8_t        saddr:1,
+                       daddr:1,
+                       proto:1,
+                       mode:1,
+                       spi:1,
+                       reqid:1;
+};
+
+struct ip6t_policy_elem
+{
+       struct in6_addr saddr;
+       struct in6_addr smask;
+       struct in6_addr daddr;
+       struct in6_addr dmask;
+       u_int32_t       spi;
+       u_int32_t       reqid;
+       u_int8_t        proto;
+       u_int8_t        mode;
+
+       struct ip6t_policy_spec match;
+       struct ip6t_policy_spec invert;
+};
+
+struct ip6t_policy_info
+{
+       struct ip6t_policy_elem pol[POLICY_MAX_ELEM];
+       u_int16_t flags;
+       u_int16_t len;
+};
+
+#endif /* _IP6T_POLICY_H */
diff -uNr linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv6/ip6t_random.h linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv6/ip6t_random.h
--- linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv6/ip6t_random.h  1970-01-01 01:00:00.000000000 +0100
+++ linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv6/ip6t_random.h       2004-06-20 12:02:52.000000000 +0200
@@ -0,0 +1,11 @@
+#ifndef _IP6T_RAND_H
+#define _IP6T_RAND_H
+
+#include <linux/param.h>
+#include <linux/types.h>
+
+struct ip6t_rand_info {
+       u_int8_t average;
+};
+
+#endif /*_IP6T_RAND_H*/
diff -uNr linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv6/ip6t_REJECT.h linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv6/ip6t_REJECT.h
--- linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv6/ip6t_REJECT.h  2004-03-05 16:36:39.000000000 +0100
+++ linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv6/ip6t_REJECT.h       2004-06-20 12:02:52.000000000 +0200
@@ -2,15 +2,17 @@
 #define _IP6T_REJECT_H
 
 enum ip6t_reject_with {
-       IP6T_ICMP_NET_UNREACHABLE,
-       IP6T_ICMP_HOST_UNREACHABLE,
-       IP6T_ICMP_PROT_UNREACHABLE,
-       IP6T_ICMP_PORT_UNREACHABLE,
-       IP6T_ICMP_ECHOREPLY
+       IP6T_ICMP6_NO_ROUTE,
+       IP6T_ICMP6_ADM_PROHIBITED,
+       IP6T_ICMP6_NOT_NEIGHBOUR,
+       IP6T_ICMP6_ADDR_UNREACH,
+       IP6T_ICMP6_PORT_UNREACH,
+       IP6T_ICMP6_ECHOREPLY,
+       IP6T_TCP_RESET
 };
 
 struct ip6t_reject_info {
        enum ip6t_reject_with with;      /* reject type */
 };
 
-#endif /*_IPT_REJECT_H*/
+#endif /*_IP6T_REJECT_H*/
diff -uNr linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv6/ip6t_ROUTE.h linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv6/ip6t_ROUTE.h
--- linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv6/ip6t_ROUTE.h   1970-01-01 01:00:00.000000000 +0100
+++ linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv6/ip6t_ROUTE.h        2004-06-20 12:02:52.000000000 +0200
@@ -0,0 +1,22 @@
+/* Header file for iptables ip6t_ROUTE target
+ *
+ * (C) 2003 by Cédric de Launois <delaunois@info.ucl.ac.be>
+ *
+ * This software is distributed under GNU GPL v2, 1991
+ */
+#ifndef _IPT_ROUTE_H_target
+#define _IPT_ROUTE_H_target
+
+#define IP6T_ROUTE_IFNAMSIZ 16
+
+struct ip6t_route_target_info {
+       char      oif[IP6T_ROUTE_IFNAMSIZ];     /* Output Interface Name */
+       char      iif[IP6T_ROUTE_IFNAMSIZ];     /* Input Interface Name  */
+       u_int32_t gw[4];                        /* IPv6 address of gateway */
+       u_int8_t  flags;
+};
+
+/* Values for "flags" field */
+#define IP6T_ROUTE_CONTINUE        0x01
+
+#endif /*_IP6T_ROUTE_H_target*/