1 diff -uNr linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ip_conntrack.h linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ip_conntrack.h
2 --- linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ip_conntrack.h 2004-01-18 00:04:34.000000000 +0100
3 +++ linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ip_conntrack.h 2004-06-20 12:25:47.132436408 +0200
6 #include <linux/netfilter_ipv4/ip_conntrack_tcp.h>
7 #include <linux/netfilter_ipv4/ip_conntrack_icmp.h>
8 +#include <linux/netfilter_ipv4/ip_conntrack_sctp.h>
10 /* per conntrack: protocol private data */
11 union ip_conntrack_proto {
12 /* insert conntrack proto private data here */
13 + struct ip_ct_sctp sctp;
15 struct ip_ct_icmp icmp;
20 /* Add protocol helper include file here */
21 +#include <linux/netfilter_ipv4/ip_conntrack_talk.h>
22 +#include <linux/netfilter_ipv4/ip_conntrack_rtsp.h>
23 +#include <linux/netfilter_ipv4/ip_conntrack_rsh.h>
24 +#include <linux/netfilter_ipv4/ip_conntrack_mms.h>
25 +#include <linux/netfilter_ipv4/ip_conntrack_h323.h>
26 #include <linux/netfilter_ipv4/ip_conntrack_amanda.h>
27 #include <linux/netfilter_ipv4/ip_conntrack_ftp.h>
28 #include <linux/netfilter_ipv4/ip_conntrack_irc.h>
30 /* per expectation: application helper private data */
31 union ip_conntrack_expect_help {
32 /* insert conntrack helper private data (expect) here */
33 + struct ip_ct_talk_expect exp_talk_info;
34 + struct ip_ct_rtsp_expect exp_rtsp_info;
35 + struct ip_ct_rsh_expect exp_rsh_info;
36 + struct ip_ct_mms_expect exp_mms_info;
37 + struct ip_ct_h225_expect exp_h225_info;
38 struct ip_ct_amanda_expect exp_amanda_info;
39 struct ip_ct_ftp_expect exp_ftp_info;
40 struct ip_ct_irc_expect exp_irc_info;
42 /* per conntrack: application helper private data */
43 union ip_conntrack_help {
44 /* insert conntrack helper private data (master) here */
45 + struct ip_ct_talk_master ct_talk_info;
46 + struct ip_ct_rtsp_master ct_rtsp_info;
47 + struct ip_ct_rsh_master ct_rsh_info;
48 + struct ip_ct_mms_master ct_mms_info;
49 + struct ip_ct_h225_master ct_h225_info;
50 struct ip_ct_ftp_master ct_ftp_info;
51 struct ip_ct_irc_master ct_irc_info;
53 diff -uNr linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ip_conntrack_h323.h linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ip_conntrack_h323.h
54 --- linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ip_conntrack_h323.h 1970-01-01 01:00:00.000000000 +0100
55 +++ linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ip_conntrack_h323.h 2004-06-20 12:21:50.425421344 +0200
57 +#ifndef _IP_CONNTRACK_H323_H
58 +#define _IP_CONNTRACK_H323_H
59 +/* H.323 connection tracking. */
61 +/* Default H.225 port */
62 +#define H225_PORT 1720
64 +/* This structure is per expected connection */
65 +struct ip_ct_h225_expect {
66 + u_int16_t port; /* Port of the H.225 helper/RTCP/RTP channel */
67 + enum ip_conntrack_dir dir; /* Direction of the original connection */
68 + unsigned int offset; /* offset of the address in the payload */
71 +/* This structure exists only once per master */
72 +struct ip_ct_h225_master {
73 + int is_h225; /* H.225 or H.245 connection */
74 +#ifdef CONFIG_IP_NF_NAT_NEEDED
75 + enum ip_conntrack_dir dir; /* Direction of the original connection */
76 + u_int32_t seq[IP_CT_DIR_MAX]; /* Exceptional packet mangling for signal addressess... */
77 + unsigned int offset[IP_CT_DIR_MAX]; /* ...and the offset of the addresses in the payload */
81 +#endif /* _IP_CONNTRACK_H323_H */
82 diff -uNr linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ip_conntrack_mms.h linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ip_conntrack_mms.h
83 --- linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ip_conntrack_mms.h 1970-01-01 01:00:00.000000000 +0100
84 +++ linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ip_conntrack_mms.h 2004-06-20 12:22:07.693796152 +0200
86 +#ifndef _IP_CONNTRACK_MMS_H
87 +#define _IP_CONNTRACK_MMS_H
90 +/* This structure is per expected connection */
91 +struct ip_ct_mms_expect {
97 +/* This structure exists only once per master */
98 +struct ip_ct_mms_master {
101 +#endif /* _IP_CONNTRACK_MMS_H */
102 diff -uNr linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ip_conntrack_quake3.h linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ip_conntrack_quake3.h
103 --- linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ip_conntrack_quake3.h 1970-01-01 01:00:00.000000000 +0100
104 +++ linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ip_conntrack_quake3.h 2004-06-20 12:02:52.000000000 +0200
106 +#ifndef _IP_CT_QUAKE3
107 +#define _IP_CT_QUAKE3
109 +/* Don't confuse with 27960, often used as the Server Port */
110 +#define QUAKE3_MASTER_PORT 27950
112 +struct quake3_search {
113 + const char marker[4]; /* always 0xff 0xff 0xff 0xff ? */
114 + const char *pattern;
118 +/* This structure is per expected connection */
119 +struct ip_ct_quake3_expect {
122 +/* This structure exists only once per master */
123 +struct ip_ct_quake3_master {
126 +#endif /* _IP_CT_QUAKE3 */
127 diff -uNr linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ip_conntrack_rsh.h linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ip_conntrack_rsh.h
128 --- linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ip_conntrack_rsh.h 1970-01-01 01:00:00.000000000 +0100
129 +++ linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ip_conntrack_rsh.h 2004-06-20 12:22:14.346784744 +0200
131 +/* RSH extension for IP connection tracking, Version 1.0
132 + * (C) 2002 by Ian (Larry) Latter <Ian.Latter@mq.edu.au>
133 + * based on HW's ip_conntrack_irc.c
135 + * ip_conntrack_rsh.c,v 1.0 2002/07/17 14:49:26
137 + * This program is free software; you can redistribute it and/or
138 + * modify it under the terms of the GNU General Public License
139 + * as published by the Free Software Foundation; either version
140 + * 2 of the License, or (at your option) any later version.
142 +#ifndef _IP_CONNTRACK_RSH_H
143 +#define _IP_CONNTRACK_RSH_H
145 +#define RSH_PORT 514
147 +/* This structure is per expected connection */
148 +struct ip_ct_rsh_expect
153 +/* This structure exists only once per master */
154 +struct ip_ct_rsh_master {
157 +#endif /* _IP_CONNTRACK_RSH_H */
159 diff -uNr linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ip_conntrack_rtsp.h linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ip_conntrack_rtsp.h
160 --- linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ip_conntrack_rtsp.h 1970-01-01 01:00:00.000000000 +0100
161 +++ linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ip_conntrack_rtsp.h 2004-06-20 12:22:20.382867120 +0200
164 + * RTSP extension for IP connection tracking.
165 + * (C) 2003 by Tom Marshall <tmarshall@real.com>
166 + * based on ip_conntrack_irc.h
168 + * This program is free software; you can redistribute it and/or
169 + * modify it under the terms of the GNU General Public License
170 + * as published by the Free Software Foundation; either version
171 + * 2 of the License, or (at your option) any later version.
173 +#ifndef _IP_CONNTRACK_RTSP_H
174 +#define _IP_CONNTRACK_RTSP_H
176 +/* #define IP_NF_RTSP_DEBUG */
177 +#define IP_NF_RTSP_VERSION "0.01"
179 +/* port block types */
181 + pb_single, /* client_port=x */
182 + pb_range, /* client_port=x-y */
183 + pb_discon /* client_port=x/y (rtspbis) */
186 +/* We record seq number and length of rtsp headers here, all in host order. */
189 + * This structure is per expected connection. It is a member of struct
190 + * ip_conntrack_expect. The TCP SEQ for the conntrack expect is stored
191 + * there and we are expected to only store the length of the data which
192 + * needs replaced. If a packet contains multiple RTSP messages, we create
193 + * one expected connection per message.
195 + * We use these variables to mark the entire header block. This may seem
196 + * like overkill, but the nature of RTSP requires it. A header may appear
197 + * multiple times in a message. We must treat two Transport headers the
198 + * same as one Transport header with two entries.
200 +struct ip_ct_rtsp_expect
202 + u_int32_t len; /* length of header block */
203 + portblock_t pbtype; /* Type of port block that was requested */
204 + u_int16_t loport; /* Port that was requested, low or first */
205 + u_int16_t hiport; /* Port that was requested, high or second */
207 + uint method; /* RTSP method */
208 + uint cseq; /* CSeq from request */
212 +/* This structure exists only once per master */
213 +struct ip_ct_rtsp_master
218 +#endif /* _IP_CONNTRACK_RTSP_H */
219 diff -uNr linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ip_conntrack_sctp.h linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ip_conntrack_sctp.h
220 --- linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ip_conntrack_sctp.h 1970-01-01 01:00:00.000000000 +0100
221 +++ linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ip_conntrack_sctp.h 2004-06-20 12:02:52.000000000 +0200
223 +#ifndef _IP_CONNTRACK_SCTP_H
224 +#define _IP_CONNTRACK_SCTP_H
225 +/* SCTP tracking. */
227 +enum sctp_conntrack {
228 + SCTP_CONNTRACK_NONE,
229 + SCTP_CONNTRACK_CLOSED,
230 + SCTP_CONNTRACK_COOKIE_WAIT,
231 + SCTP_CONNTRACK_COOKIE_ECHOED,
232 + SCTP_CONNTRACK_ESTABLISHED,
233 + SCTP_CONNTRACK_SHUTDOWN_SENT,
234 + SCTP_CONNTRACK_SHUTDOWN_RECD,
235 + SCTP_CONNTRACK_SHUTDOWN_ACK_SENT,
241 + enum sctp_conntrack state;
243 + u_int32_t vtag[IP_CT_DIR_MAX];
244 + u_int32_t ttag[IP_CT_DIR_MAX];
247 +#endif /* _IP_CONNTRACK_SCTP_H */
248 diff -uNr linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ip_conntrack_talk.h linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ip_conntrack_talk.h
249 --- linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ip_conntrack_talk.h 1970-01-01 01:00:00.000000000 +0100
250 +++ linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ip_conntrack_talk.h 2004-06-20 12:22:28.016706600 +0200
252 +#ifndef _IP_CONNTRACK_TALK_H
253 +#define _IP_CONNTRACK_TALK_H
254 +/* TALK tracking. */
256 +#define TALK_PORT 517
257 +#define NTALK_PORT 518
259 +/* talk structures and constants from <protocols/talkd.h> */
262 + * 4.3BSD struct sockaddr
265 + u_int16_t ta_family;
268 + u_int32_t ta_junk1;
269 + u_int32_t ta_junk2;
272 +#define TALK_OLD_NSIZE 9
273 +#define TALK_NSIZE 12
274 +#define TALK_TTY_NSIZE 16
277 + * Client->server request message formats.
280 + u_char type; /* request type, see below */
281 + char l_name[TALK_OLD_NSIZE];/* caller's name */
282 + char r_name[TALK_OLD_NSIZE];/* callee's name */
284 + u_int32_t id_num; /* message id */
285 + int32_t pid; /* caller's process id */
286 + char r_tty[TALK_TTY_NSIZE];/* callee's tty name */
287 + struct talk_addr addr; /* old (4.3) style */
288 + struct talk_addr ctl_addr; /* old (4.3) style */
292 + u_char vers; /* protocol version */
293 + u_char type; /* request type, see below */
294 + u_char answer; /* not used */
296 + u_int32_t id_num; /* message id */
297 + struct talk_addr addr; /* old (4.3) style */
298 + struct talk_addr ctl_addr; /* old (4.3) style */
299 + int32_t pid; /* caller's process id */
300 + char l_name[TALK_NSIZE];/* caller's name */
301 + char r_name[TALK_NSIZE];/* callee's name */
302 + char r_tty[TALK_TTY_NSIZE];/* callee's tty name */
306 + u_char vers; /* talk protocol version */
307 + u_char type; /* request type */
308 + u_char answer; /* */
309 + u_char extended; /* !0 if additional parts */
310 + u_int32_t id_num; /* message id number (dels) */
311 + struct talk_addr addr; /* target address */
312 + struct talk_addr ctl_addr; /* reply to address */
313 + int32_t pid; /* caller's process id */
314 + char l_name[TALK_NSIZE]; /* caller's name */
315 + char r_name[TALK_NSIZE]; /* callee's name */
316 + char r_tty[TALK_TTY_NSIZE]; /* callee's tty */
320 + * Server->client response message formats.
322 +struct talk_response {
323 + u_char type; /* type of request message, see below */
324 + u_char answer; /* response to request message, see below */
326 + u_int32_t id_num; /* message id */
327 + struct talk_addr addr; /* address for establishing conversation */
330 +struct ntalk_response {
331 + u_char vers; /* protocol version */
332 + u_char type; /* type of request message, see below */
333 + u_char answer; /* response to request message, see below */
335 + u_int32_t id_num; /* message id */
336 + struct talk_addr addr; /* address for establishing conversation */
339 +struct ntalk2_response {
340 + u_char vers; /* protocol version */
341 + u_char type; /* type of request message */
342 + u_char answer; /* response to request */
343 + u_char rvers; /* Version of answering vers*/
344 + u_int32_t id_num; /* message id number */
345 + struct talk_addr addr; /* address for connection */
346 + /* This is at the end to compatiblize this with NTALK version. */
347 + char r_name[TALK_NSIZE]; /* callee's name */
350 +#define TALK_STR(data, talk_str, member) ((struct talk_str *)data)->member)
351 +#define TALK_RESP(data, ver, member) (ver ? ((struct ntalk_response *)data)->member : ((struct talk_response *)data)->member)
352 +#define TALK_MSG(data, ver, member) (ver ? ((struct ntalk_msg *)data)->member : ((struct talk_msg *)data)->member)
354 +#define TALK_VERSION 0 /* protocol versions */
355 +#define NTALK_VERSION 1
356 +#define NTALK2_VERSION 2
358 +/* message type values */
359 +#define LEAVE_INVITE 0 /* leave invitation with server */
360 +#define LOOK_UP 1 /* check for invitation by callee */
361 +#define DELETE 2 /* delete invitation by caller */
362 +#define ANNOUNCE 3 /* announce invitation by caller */
364 +#define REPLY_QUERY 4 /* request reply data from local daemon */
367 +#define SUCCESS 0 /* operation completed properly */
368 +#define NOT_HERE 1 /* callee not logged in */
369 +#define FAILED 2 /* operation failed for unexplained reason */
370 +#define MACHINE_UNKNOWN 3 /* caller's machine name unknown */
371 +#define PERMISSION_DENIED 4 /* callee's tty doesn't permit announce */
372 +#define UNKNOWN_REQUEST 5 /* request has invalid type value */
373 +#define BADVERSION 6 /* request has invalid protocol version */
374 +#define BADADDR 7 /* request has invalid addr value */
375 +#define BADCTLADDR 8 /* request has invalid ctl_addr value */
377 +#define NO_CALLER 9 /* no-one calling answer from REPLY */
378 +#define TRY_HERE 10 /* Not on this machine, try this */
379 +#define SELECTIVE_REFUSAL 11 /* User Filter refusal. */
380 +#define MAX_RESPONSE_TYPE 11 /* Make sure this is updated */
382 +/* We don't really need much for talk */
383 +struct ip_ct_talk_expect
385 + /* Port that was to be used */
389 +/* This structure exists only once per master */
390 +struct ip_ct_talk_master
394 +#endif /* _IP_CONNTRACK_TALK_H */
395 diff -uNr linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ip_conntrack_tuple.h linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ip_conntrack_tuple.h
396 --- linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ip_conntrack_tuple.h 2004-01-05 19:42:34.000000000 +0100
397 +++ linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ip_conntrack_tuple.h 2004-06-20 12:22:38.036183408 +0200
407 /* The manipulable part of the tuple. */
418 diff -uNr linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ip_logging.h linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ip_logging.h
419 --- linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ip_logging.h 1970-01-01 01:00:00.000000000 +0100
420 +++ linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ip_logging.h 2004-06-20 12:23:04.351182920 +0200
422 +/* IPv4 macros for the internal logging interface. */
423 +#ifndef __IP_LOGGING_H
424 +#define __IP_LOGGING_H
426 +#endif /*__IP_LOGGING_H*/
427 diff -uNr linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ip_pool.h linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ip_pool.h
428 --- linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ip_pool.h 1970-01-01 01:00:00.000000000 +0100
429 +++ linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ip_pool.h 2004-06-20 12:23:32.177952608 +0200
434 +/***************************************************************************/
435 +/* This program is free software; you can redistribute it and/or modify */
436 +/* it under the terms of the GNU General Public License as published by */
437 +/* the Free Software Foundation; either version 2 of the License, or */
438 +/* (at your option) any later version. */
440 +/* This program is distributed in the hope that it will be useful, */
441 +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */
442 +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */
443 +/* GNU General Public License for more details. */
445 +/* You should have received a copy of the GNU General Public License */
446 +/* along with this program; if not, write to the Free Software */
447 +/* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA*/
448 +/***************************************************************************/
450 +/* A sockopt of such quality has hardly ever been seen before on the open
451 + * market! This little beauty, hardly ever used: above 64, so it's
452 + * traditionally used for firewalling, not touched (even once!) by the
453 + * 2.0, 2.2 and 2.4 kernels!
455 + * Comes with its own certificate of authenticity, valid anywhere in the
460 +#define SO_IP_POOL 81
462 +typedef int ip_pool_t; /* pool index */
463 +#define IP_POOL_NONE ((ip_pool_t)-1)
465 +struct ip_pool_request {
472 +/* NOTE: I deliberately break the first cut ippool utility. Nobody uses it. */
474 +#define IP_POOL_BAD001 0x00000010
476 +#define IP_POOL_FLUSH 0x00000011 /* req.index, no arguments */
477 +#define IP_POOL_INIT 0x00000012 /* from addr to addr2 incl. */
478 +#define IP_POOL_DESTROY 0x00000013 /* req.index, no arguments */
479 +#define IP_POOL_ADD_ADDR 0x00000014 /* add addr to pool */
480 +#define IP_POOL_DEL_ADDR 0x00000015 /* del addr from pool */
481 +#define IP_POOL_HIGH_NR 0x00000016 /* result in req.index */
482 +#define IP_POOL_LOOKUP 0x00000017 /* result in addr and addr2 */
483 +#define IP_POOL_USAGE 0x00000018 /* result in addr */
484 +#define IP_POOL_TEST_ADDR 0x00000019 /* result (0/1) returned */
486 +#endif /*_IP_POOL_H*/
487 diff -uNr linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ip_queue.h linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ip_queue.h
488 --- linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ip_queue.h 2004-06-09 14:00:52.000000000 +0200
489 +++ linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ip_queue.h 2004-06-20 12:23:43.764191232 +0200
494 -#include <linux/if.h>
497 /* Messages sent from kernel */
498 typedef struct ipq_packet_msg {
499 diff -uNr linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ip_tables.h linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ip_tables.h
500 --- linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ip_tables.h 2004-01-05 19:42:34.000000000 +0100
501 +++ linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ip_tables.h 2004-06-20 12:25:57.484862600 +0200
504 unsigned int comefrom;
506 + /* Name of the chain */
509 + /* Rule number in the chain. */
512 /* Packet and byte counters. */
513 struct ipt_counters counters;
516 /* Number of counters (must be equal to current number of entries). */
517 unsigned int num_counters;
518 /* The old entries' counters. */
519 - struct ipt_counters *counters;
520 + struct ipt_counters __user *counters;
522 /* The entries (hang off end: not really an array). */
523 struct ipt_entry entries[0];
525 struct ipt_entry entrytable[0];
528 +extern struct semaphore ipt_mutex;
530 /* Standard return verdict, or do jump. */
531 #define IPT_STANDARD_TARGET ""
533 diff -uNr linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ipt_account.h linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ipt_account.h
534 --- linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ipt_account.h 1970-01-01 01:00:00.000000000 +0100
535 +++ linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ipt_account.h 2004-06-20 12:02:53.000000000 +0200
538 + * accounting match (ipt_account.c)
539 + * (C) 2003,2004 by Piotr Gasid³o (quaker@barbara.eu.org)
543 + * This software is distributed under the terms of GNU GPL
546 +#ifndef _IPT_ACCOUNT_H_
547 +#define _IPT_ACCOUNT_H_
549 +#define IPT_ACCOUNT_NAME_LEN 64
551 +struct t_ipt_account_info {
552 + char name[IPT_ACCOUNT_NAME_LEN];
558 diff -uNr linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ipt_addrtype.h linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ipt_addrtype.h
559 --- linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ipt_addrtype.h 1970-01-01 01:00:00.000000000 +0100
560 +++ linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ipt_addrtype.h 2004-06-20 12:02:52.000000000 +0200
562 +#ifndef _IPT_ADDRTYPE_H
563 +#define _IPT_ADDRTYPE_H
565 +struct ipt_addrtype_info {
566 + u_int16_t source; /* source-type mask */
567 + u_int16_t dest; /* dest-type mask */
573 diff -uNr linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ipt_connlimit.h linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ipt_connlimit.h
574 --- linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ipt_connlimit.h 1970-01-01 01:00:00.000000000 +0100
575 +++ linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ipt_connlimit.h 2004-06-20 12:02:52.000000000 +0200
577 +#ifndef _IPT_CONNLIMIT_H
578 +#define _IPT_CONNLIMIT_H
580 +struct ipt_connlimit_data;
582 +struct ipt_connlimit_info {
586 + struct ipt_connlimit_data *data;
588 +#endif /* _IPT_CONNLIMIT_H */
589 diff -uNr linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ipt_connmark.h linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ipt_connmark.h
590 --- linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ipt_connmark.h 1970-01-01 01:00:00.000000000 +0100
591 +++ linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ipt_connmark.h 2004-06-20 12:02:52.000000000 +0200
593 +#ifndef _IPT_CONNMARK_H
594 +#define _IPT_CONNMARK_H
596 +/* Copyright (C) 2002,2004 MARA Systems AB <http://www.marasystems.com>
597 + * by Henrik Nordstrom <hno@marasystems.com>
599 + * This program is free software; you can redistribute it and/or modify
600 + * it under the terms of the GNU General Public License as published by
601 + * the Free Software Foundation; either version 2 of the License, or
602 + * (at your option) any later version.
605 +struct ipt_connmark_info {
606 + unsigned long mark, mask;
610 +#endif /*_IPT_CONNMARK_H*/
611 diff -uNr linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ipt_CONNMARK.h linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ipt_CONNMARK.h
612 --- linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ipt_CONNMARK.h 1970-01-01 01:00:00.000000000 +0100
613 +++ linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ipt_CONNMARK.h 2004-06-20 12:02:52.000000000 +0200
615 +#ifndef _IPT_CONNMARK_H_target
616 +#define _IPT_CONNMARK_H_target
618 +/* Copyright (C) 2002,2004 MARA Systems AB <http://www.marasystems.com>
619 + * by Henrik Nordstrom <hno@marasystems.com>
621 + * This program is free software; you can redistribute it and/or modify
622 + * it under the terms of the GNU General Public License as published by
623 + * the Free Software Foundation; either version 2 of the License, or
624 + * (at your option) any later version.
628 + IPT_CONNMARK_SET = 0,
630 + IPT_CONNMARK_RESTORE
633 +struct ipt_connmark_target_info {
634 + unsigned long mark;
635 + unsigned long mask;
639 +#endif /*_IPT_CONNMARK_H_target*/
640 diff -uNr linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ipt_dstlimit.h linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ipt_dstlimit.h
641 --- linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ipt_dstlimit.h 1970-01-01 01:00:00.000000000 +0100
642 +++ linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ipt_dstlimit.h 2004-06-20 12:02:52.000000000 +0200
644 +#ifndef _IPT_DSTLIMIT_H
645 +#define _IPT_DSTLIMIT_H
647 +/* timings are in milliseconds. */
648 +#define IPT_DSTLIMIT_SCALE 10000
649 +/* 1/10,000 sec period => max of 10,000/sec. Min rate is then 429490
650 + seconds, or one every 59 hours. */
652 +/* details of this structure hidden by the implementation */
653 +struct ipt_dstlimit_htable;
655 +#define IPT_DSTLIMIT_HASH_DIP 0x0001
656 +#define IPT_DSTLIMIT_HASH_DPT 0x0002
657 +#define IPT_DSTLIMIT_HASH_SIP 0x0004
659 +struct dstlimit_cfg {
660 + u_int32_t mode; /* bitmask of IPT_DSTLIMIT_HASH_* */
661 + u_int32_t avg; /* Average secs between packets * scale */
662 + u_int32_t burst; /* Period multiplier for upper limit. */
664 + /* user specified */
665 + u_int32_t size; /* how many buckets */
666 + u_int32_t max; /* max number of entries */
667 + u_int32_t gc_interval; /* gc interval */
668 + u_int32_t expire; /* when do entries expire? */
671 +struct ipt_dstlimit_info {
672 + char name [IFNAMSIZ]; /* name */
673 + struct dstlimit_cfg cfg;
674 + struct ipt_dstlimit_htable *hinfo;
676 + /* Used internally by the kernel */
679 + struct ipt_dstlimit_info *master;
682 +#endif /*_IPT_DSTLIMIT_H*/
683 diff -uNr linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ipt_fuzzy.h linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ipt_fuzzy.h
684 --- linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ipt_fuzzy.h 1970-01-01 01:00:00.000000000 +0100
685 +++ linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ipt_fuzzy.h 2004-06-20 12:02:52.000000000 +0200
687 +#ifndef _IPT_FUZZY_H
688 +#define _IPT_FUZZY_H
690 +#include <linux/param.h>
691 +#include <linux/types.h>
693 +#define MAXFUZZYRATE 10000000
694 +#define MINFUZZYRATE 3
696 +struct ipt_fuzzy_info {
697 + u_int32_t minimum_rate;
698 + u_int32_t maximum_rate;
699 + u_int32_t packets_total;
700 + u_int32_t bytes_total;
701 + u_int32_t previous_time;
702 + u_int32_t present_time;
703 + u_int32_t mean_rate;
704 + u_int8_t acceptance_rate;
707 +#endif /*_IPT_FUZZY_H*/
708 diff -uNr linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ipt_IMQ.h linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ipt_IMQ.h
709 --- linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ipt_IMQ.h 1970-01-01 01:00:00.000000000 +0100
710 +++ linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ipt_IMQ.h 2004-06-20 12:02:53.000000000 +0200
715 +struct ipt_imq_info {
716 + unsigned int todev; /* target imq device */
719 +#endif /* _IPT_IMQ_H */
720 diff -uNr linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ipt_IPMARK.h linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ipt_IPMARK.h
721 --- linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ipt_IPMARK.h 1970-01-01 01:00:00.000000000 +0100
722 +++ linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ipt_IPMARK.h 2004-06-20 12:02:52.000000000 +0200
724 +#ifndef _IPT_IPMARK_H_target
725 +#define _IPT_IPMARK_H_target
727 +struct ipt_ipmark_target_info {
728 + unsigned long andmask;
729 + unsigned long ormask;
733 +#define IPT_IPMARK_SRC 0
734 +#define IPT_IPMARK_DST 1
736 +#endif /*_IPT_IPMARK_H_target*/
737 diff -uNr linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ipt_ipv4options.h linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ipt_ipv4options.h
738 --- linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ipt_ipv4options.h 1970-01-01 01:00:00.000000000 +0100
739 +++ linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ipt_ipv4options.h 2004-06-20 12:02:52.000000000 +0200
741 +#ifndef __ipt_ipv4options_h_included__
742 +#define __ipt_ipv4options_h_included__
744 +#define IPT_IPV4OPTION_MATCH_SSRR 0x01 /* For strict source routing */
745 +#define IPT_IPV4OPTION_MATCH_LSRR 0x02 /* For loose source routing */
746 +#define IPT_IPV4OPTION_DONT_MATCH_SRR 0x04 /* any source routing */
747 +#define IPT_IPV4OPTION_MATCH_RR 0x08 /* For Record route */
748 +#define IPT_IPV4OPTION_DONT_MATCH_RR 0x10
749 +#define IPT_IPV4OPTION_MATCH_TIMESTAMP 0x20 /* For timestamp request */
750 +#define IPT_IPV4OPTION_DONT_MATCH_TIMESTAMP 0x40
751 +#define IPT_IPV4OPTION_MATCH_ROUTER_ALERT 0x80 /* For router-alert */
752 +#define IPT_IPV4OPTION_DONT_MATCH_ROUTER_ALERT 0x100
753 +#define IPT_IPV4OPTION_MATCH_ANY_OPT 0x200 /* match packet with any option */
754 +#define IPT_IPV4OPTION_DONT_MATCH_ANY_OPT 0x400 /* match packet with no option */
756 +struct ipt_ipv4options_info {
761 +#endif /* __ipt_ipv4options_h_included__ */
762 diff -uNr linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ipt_mport.h linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ipt_mport.h
763 --- linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ipt_mport.h 1970-01-01 01:00:00.000000000 +0100
764 +++ linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ipt_mport.h 2004-06-20 12:02:52.000000000 +0200
766 +#ifndef _IPT_MPORT_H
767 +#define _IPT_MPORT_H
768 +#include <linux/netfilter_ipv4/ip_tables.h>
770 +#define IPT_MPORT_SOURCE (1<<0)
771 +#define IPT_MPORT_DESTINATION (1<<1)
772 +#define IPT_MPORT_EITHER (IPT_MPORT_SOURCE|IPT_MPORT_DESTINATION)
774 +#define IPT_MULTI_PORTS 15
776 +/* Must fit inside union ipt_matchinfo: 32 bytes */
777 +/* every entry in ports[] except for the last one has one bit in pflags
778 + * associated with it. If this bit is set, the port is the first port of
779 + * a portrange, with the next entry being the last.
780 + * End of list is marked with pflags bit set and port=65535.
781 + * If 14 ports are used (last one does not have a pflag), the last port
782 + * is repeated to fill the last entry in ports[] */
785 + u_int8_t flags:2; /* Type of comparison */
786 + u_int16_t pflags:14; /* Port flags */
787 + u_int16_t ports[IPT_MULTI_PORTS]; /* Ports */
789 +#endif /*_IPT_MPORT_H*/
790 diff -uNr linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ipt_NETLINK.h linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ipt_NETLINK.h
791 --- linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ipt_NETLINK.h 1970-01-01 01:00:00.000000000 +0100
792 +++ linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ipt_NETLINK.h 2004-06-20 12:02:52.000000000 +0200
794 +#ifndef _IPT_FWMON_H
795 +#define _IPT_FWMON_H
797 +/* Bitmask macros */
798 +#define MASK(x,y) (x & y)
799 +#define MASK_SET(x,y) x |= y
800 +#define MASK_UNSET(x,y) x &= ~y
802 +#define USE_MARK 0x00000001
803 +#define USE_DROP 0x00000002
804 +#define USE_SIZE 0x00000004
808 + unsigned int flags;
817 + char iface[IFNAMSIZ];
820 +#endif /*_IPT_FWMON_H*/
821 diff -uNr linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ipt_nth.h linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ipt_nth.h
822 --- linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ipt_nth.h 1970-01-01 01:00:00.000000000 +0100
823 +++ linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ipt_nth.h 2004-06-20 12:02:52.000000000 +0200
828 +#include <linux/param.h>
829 +#include <linux/types.h>
831 +#ifndef IPT_NTH_NUM_COUNTERS
832 +#define IPT_NTH_NUM_COUNTERS 16
835 +struct ipt_nth_info {
843 +#endif /*_IPT_NTH_H*/
844 diff -uNr linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ipt_osf.h linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ipt_osf.h
845 --- linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ipt_osf.h 1970-01-01 01:00:00.000000000 +0100
846 +++ linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ipt_osf.h 2004-06-20 12:26:56.140945520 +0200
851 + * Copyright (c) 2003 Evgeniy Polyakov <johnpol@2ka.mipt.ru>
854 + * This program is free software; you can redistribute it and/or modify
855 + * it under the terms of the GNU General Public License as published by
856 + * the Free Software Foundation; either version 2 of the License, or
857 + * (at your option) any later version.
859 + * This program is distributed in the hope that it will be useful,
860 + * but WITHOUT ANY WARRANTY; without even the implied warranty of
861 + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
862 + * GNU General Public License for more details.
864 + * You should have received a copy of the GNU General Public License
865 + * along with this program; if not, write to the Free Software
866 + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
872 +#define MAXGENRELEN 32
873 +#define MAXDETLEN 64
875 +#define IPT_OSF_GENRE 1
876 +#define IPT_OSF_SMART 2
877 +#define IPT_OSF_LOG 4
878 +#define IPT_OSF_NETLINK 8
880 +#define IPT_OSF_LOGLEVEL_ALL 0
881 +#define IPT_OSF_LOGLEVEL_FIRST 1
883 +#include <netinet/ip.h>
884 +#include <netinet/tcp.h>
888 + struct list_head *prev, *next;
893 + char genre[MAXGENRELEN];
895 + unsigned long flags;
897 + int invert; /* UNSUPPORTED */
906 +/* This struct represents IANA options
907 + * http://www.iana.org/assignments/tcp-parameters
911 + unsigned char kind;
912 + unsigned char length;
918 + struct list_head flist;
923 + unsigned char genre[MAXGENRELEN];
924 + unsigned char version[MAXGENRELEN], subtype[MAXGENRELEN];
926 + /* Not needed, but for consistency with original table from Michal Zalewski */
927 + unsigned char details[MAXDETLEN];
930 + struct osf_opt opt[MAX_IPOPTLEN]; /* In case it is all NOP or EOL */
934 +struct ipt_osf_nlmsg
936 + struct osf_finger f;
941 +#endif /* _IPT_OSF_H */
942 diff -uNr linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ipt_policy.h linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ipt_policy.h
943 --- linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ipt_policy.h 1970-01-01 01:00:00.000000000 +0100
944 +++ linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ipt_policy.h 2004-06-20 12:02:52.000000000 +0200
946 +#ifndef _IPT_POLICY_H
947 +#define _IPT_POLICY_H
949 +#define POLICY_MAX_ELEM 4
951 +enum ipt_policy_flags
953 + POLICY_MATCH_IN = 0x1,
954 + POLICY_MATCH_OUT = 0x2,
955 + POLICY_MATCH_NONE = 0x4,
956 + POLICY_MATCH_STRICT = 0x8,
959 +enum ipt_policy_modes
961 + POLICY_MODE_TRANSPORT,
965 +struct ipt_policy_spec
975 +struct ipt_policy_elem
986 + struct ipt_policy_spec match;
987 + struct ipt_policy_spec invert;
990 +struct ipt_policy_info
992 + struct ipt_policy_elem pol[POLICY_MAX_ELEM];
997 +#endif /* _IPT_POLICY_H */
998 diff -uNr linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ipt_pool.h linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ipt_pool.h
999 --- linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ipt_pool.h 1970-01-01 01:00:00.000000000 +0100
1000 +++ linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ipt_pool.h 2004-06-20 12:02:52.000000000 +0200
1002 +#ifndef _IPT_POOL_H
1003 +#define _IPT_POOL_H
1005 +#include <linux/netfilter_ipv4/ip_pool.h>
1007 +#define IPT_POOL_INV_SRC 0x00000001
1008 +#define IPT_POOL_INV_DST 0x00000002
1009 +#define IPT_POOL_DEL_SRC 0x00000004
1010 +#define IPT_POOL_DEL_DST 0x00000008
1011 +#define IPT_POOL_INV_MOD_SRC 0x00000010
1012 +#define IPT_POOL_INV_MOD_DST 0x00000020
1013 +#define IPT_POOL_MOD_SRC_ACCEPT 0x00000040
1014 +#define IPT_POOL_MOD_DST_ACCEPT 0x00000080
1015 +#define IPT_POOL_MOD_SRC_DROP 0x00000100
1016 +#define IPT_POOL_MOD_DST_DROP 0x00000200
1019 +struct ipt_pool_info
1026 +#endif /*_IPT_POOL_H*/
1027 diff -uNr linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ipt_psd.h linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ipt_psd.h
1028 --- linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ipt_psd.h 1970-01-01 01:00:00.000000000 +0100
1029 +++ linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ipt_psd.h 2004-06-20 12:02:52.000000000 +0200
1034 +#include <linux/param.h>
1035 +#include <linux/types.h>
1038 + * High port numbers have a lower weight to reduce the frequency of false
1039 + * positives, such as from passive mode FTP transfers.
1041 +#define PORT_WEIGHT_PRIV 3
1042 +#define PORT_WEIGHT_HIGH 1
1045 + * Port scan detection thresholds: at least COUNT ports need to be scanned
1046 + * from the same source, with no longer than DELAY ticks between ports.
1048 +#define SCAN_MIN_COUNT 7
1049 +#define SCAN_MAX_COUNT (SCAN_MIN_COUNT * PORT_WEIGHT_PRIV)
1050 +#define SCAN_WEIGHT_THRESHOLD SCAN_MAX_COUNT
1051 +#define SCAN_DELAY_THRESHOLD (300) /* old usage of HZ here was erroneously and broke under uml */
1054 + * Keep track of up to LIST_SIZE source addresses, using a hash table of
1055 + * HASH_SIZE entries for faster lookups, but limiting hash collisions to
1056 + * HASH_MAX source addresses per the same hash value.
1058 +#define LIST_SIZE 0x100
1060 +#define HASH_SIZE (1 << HASH_LOG)
1061 +#define HASH_MAX 0x10
1063 +struct ipt_psd_info {
1064 + unsigned int weight_threshold;
1065 + unsigned int delay_threshold;
1066 + unsigned short lo_ports_weight;
1067 + unsigned short hi_ports_weight;
1070 +#endif /*_IPT_PSD_H*/
1071 diff -uNr linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ipt_quota.h linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ipt_quota.h
1072 --- linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ipt_quota.h 1970-01-01 01:00:00.000000000 +0100
1073 +++ linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ipt_quota.h 2004-06-20 12:02:52.000000000 +0200
1075 +#ifndef _IPT_QUOTA_H
1076 +#define _IPT_QUOTA_H
1078 +/* print debug info in both kernel/netfilter module & iptable library */
1079 +//#define DEBUG_IPT_QUOTA
1081 +struct ipt_quota_info {
1085 +#endif /*_IPT_QUOTA_H*/
1086 diff -uNr linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ipt_random.h linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ipt_random.h
1087 --- linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ipt_random.h 1970-01-01 01:00:00.000000000 +0100
1088 +++ linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ipt_random.h 2004-06-20 12:02:52.000000000 +0200
1090 +#ifndef _IPT_RAND_H
1091 +#define _IPT_RAND_H
1093 +#include <linux/param.h>
1094 +#include <linux/types.h>
1096 +struct ipt_rand_info {
1100 +#endif /*_IPT_RAND_H*/
1101 diff -uNr linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ipt_realm.h linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ipt_realm.h
1102 --- linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ipt_realm.h 1970-01-01 01:00:00.000000000 +0100
1103 +++ linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ipt_realm.h 2004-06-20 12:02:52.000000000 +0200
1105 +#ifndef _IPT_REALM_H
1106 +#define _IPT_REALM_H
1108 +struct ipt_realm_info {
1113 +#endif /*_IPT_REALM_H*/
1114 diff -uNr linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ipt_ROUTE.h linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ipt_ROUTE.h
1115 --- linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ipt_ROUTE.h 1970-01-01 01:00:00.000000000 +0100
1116 +++ linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ipt_ROUTE.h 2004-06-20 12:02:52.000000000 +0200
1118 +/* Header file for iptables ipt_ROUTE target
1120 + * (C) 2002 by Cédric de Launois <delaunois@info.ucl.ac.be>
1122 + * This software is distributed under GNU GPL v2, 1991
1124 +#ifndef _IPT_ROUTE_H_target
1125 +#define _IPT_ROUTE_H_target
1127 +#define IPT_ROUTE_IFNAMSIZ 16
1129 +struct ipt_route_target_info {
1130 + char oif[IPT_ROUTE_IFNAMSIZ]; /* Output Interface Name */
1131 + char iif[IPT_ROUTE_IFNAMSIZ]; /* Input Interface Name */
1132 + u_int32_t gw; /* IP address of gateway */
1136 +/* Values for "flags" field */
1137 +#define IPT_ROUTE_CONTINUE 0x01
1139 +#endif /*_IPT_ROUTE_H_target*/
1140 diff -uNr linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ipt_sctp.h linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ipt_sctp.h
1141 --- linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ipt_sctp.h 1970-01-01 01:00:00.000000000 +0100
1142 +++ linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ipt_sctp.h 2004-06-20 12:02:52.000000000 +0200
1144 +#ifndef _IPT_SCTP_H_
1145 +#define _IPT_SCTP_H_
1147 +#define IPT_SCTP_SRC_PORTS 0x01
1148 +#define IPT_SCTP_DEST_PORTS 0x02
1149 +#define IPT_SCTP_CHUNK_TYPES 0x04
1151 +#define IPT_SCTP_VALID_FLAGS 0x07
1153 +#define ELEMCOUNT(x) (sizeof(x)/sizeof(x[0]))
1156 +struct ipt_sctp_flag_info {
1157 + u_int8_t chunktype;
1159 + u_int8_t flag_mask;
1162 +#define IPT_NUM_SCTP_FLAGS 4
1164 +struct ipt_sctp_info {
1165 + u_int16_t dpts[2]; /* Min, Max */
1166 + u_int16_t spts[2]; /* Min, Max */
1168 + u_int32_t chunkmap[256 / sizeof (u_int32_t)]; /* Bit mask of chunks to be matched according to RFC 2960 */
1170 +#define SCTP_CHUNK_MATCH_ANY 0x01 /* Match if any of the chunk types are present */
1171 +#define SCTP_CHUNK_MATCH_ALL 0x02 /* Match if all of the chunk types are present */
1172 +#define SCTP_CHUNK_MATCH_ONLY 0x04 /* Match if these are the only chunk types present */
1174 + u_int32_t chunk_match_type;
1175 + struct ipt_sctp_flag_info flag_info[IPT_NUM_SCTP_FLAGS];
1179 + u_int32_t invflags;
1182 +#define bytes(type) (sizeof(type) * 8)
1184 +#define SCTP_CHUNKMAP_SET(chunkmap, type) \
1186 + chunkmap[type / bytes(u_int32_t)] |= \
1187 + 1 << (type % bytes(u_int32_t)); \
1190 +#define SCTP_CHUNKMAP_CLEAR(chunkmap, type) \
1192 + chunkmap[type / bytes(u_int32_t)] &= \
1193 + ~(1 << (type % bytes(u_int32_t))); \
1196 +#define SCTP_CHUNKMAP_IS_SET(chunkmap, type) \
1198 + (chunkmap[type / bytes (u_int32_t)] & \
1199 + (1 << (type % bytes (u_int32_t)))) ? 1: 0; \
1202 +#define SCTP_CHUNKMAP_RESET(chunkmap) \
1205 + for (i = 0; i < ELEMCOUNT(chunkmap); i++) \
1206 + chunkmap[i] = 0; \
1209 +#define SCTP_CHUNKMAP_SET_ALL(chunkmap) \
1212 + for (i = 0; i < ELEMCOUNT(chunkmap); i++) \
1213 + chunkmap[i] = ~0; \
1216 +#define SCTP_CHUNKMAP_COPY(destmap, srcmap) \
1219 + for (i = 0; i < ELEMCOUNT(chunkmap); i++) \
1220 + destmap[i] = srcmap[i]; \
1223 +#define SCTP_CHUNKMAP_IS_CLEAR(chunkmap) \
1227 + for (i = 0; i < ELEMCOUNT(chunkmap); i++) { \
1228 + if (chunkmap[i]) { \
1236 +#define SCTP_CHUNKMAP_IS_ALL_SET(chunkmap) \
1240 + for (i = 0; i < ELEMCOUNT(chunkmap); i++) { \
1241 + if (chunkmap[i] != ~0) { \
1249 +#endif /* _IPT_SCTP_H_ */
1251 diff -uNr linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ipt_string.h linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ipt_string.h
1252 --- linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ipt_string.h 1970-01-01 01:00:00.000000000 +0100
1253 +++ linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ipt_string.h 2004-06-20 12:02:52.000000000 +0200
1255 +#ifndef _IPT_STRING_H
1256 +#define _IPT_STRING_H
1258 +/* *** PERFORMANCE TWEAK ***
1259 + * Packet size and search string threshold,
1260 + * above which sublinear searches is used. */
1261 +#define IPT_STRING_HAYSTACK_THRESH 100
1262 +#define IPT_STRING_NEEDLE_THRESH 20
1264 +#define BM_MAX_NLEN 256
1265 +#define BM_MAX_HLEN 1024
1267 +typedef char *(*proc_ipt_search) (char *, char *, int, int);
1269 +struct ipt_string_info {
1270 + char string[BM_MAX_NLEN];
1275 +#endif /* _IPT_STRING_H */
1276 diff -uNr linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ipt_time.h linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ipt_time.h
1277 --- linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ipt_time.h 1970-01-01 01:00:00.000000000 +0100
1278 +++ linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ipt_time.h 2004-06-20 12:02:52.000000000 +0200
1280 +#ifndef __ipt_time_h_included__
1281 +#define __ipt_time_h_included__
1284 +struct ipt_time_info {
1285 + u_int8_t days_match; /* 1 bit per day. -SMTWTFS */
1286 + u_int16_t time_start; /* 0 < time_start < 23*60+59 = 1439 */
1287 + u_int16_t time_stop; /* 0:0 < time_stat < 23:59 */
1288 + u_int8_t kerneltime; /* ignore skb time (and use kerneltime) or not. */
1289 + time_t date_start;
1294 +#endif /* __ipt_time_h_included__ */
1295 diff -uNr linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ipt_TTL.h linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ipt_TTL.h
1296 --- linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ipt_TTL.h 1970-01-01 01:00:00.000000000 +0100
1297 +++ linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ipt_TTL.h 2004-06-20 12:02:52.000000000 +0200
1299 +/* TTL modification module for IP tables
1300 + * (C) 2000 by Harald Welte <laforge@gnumonks.org> */
1311 +#define IPT_TTL_MAXMODE IPT_TTL_DEC
1313 +struct ipt_TTL_info {
1320 diff -uNr linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ipt_u32.h linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ipt_u32.h
1321 --- linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ipt_u32.h 1970-01-01 01:00:00.000000000 +0100
1322 +++ linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ipt_u32.h 2004-06-20 12:02:52.000000000 +0200
1326 +#include <linux/netfilter_ipv4/ip_tables.h>
1336 +struct ipt_u32_location_element
1341 +struct ipt_u32_value_element
1346 +/* *** any way to allow for an arbitrary number of elements?
1347 + for now I settle for a limit of 10 of each */
1348 +#define U32MAXSIZE 10
1349 +struct ipt_u32_test
1352 + struct ipt_u32_location_element location[U32MAXSIZE+1];
1354 + struct ipt_u32_value_element value[U32MAXSIZE+1];
1360 + struct ipt_u32_test tests[U32MAXSIZE+1];
1363 +#endif /*_IPT_U32_H*/
1364 diff -uNr linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ipt_XOR.h linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ipt_XOR.h
1365 --- linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv4/ipt_XOR.h 1970-01-01 01:00:00.000000000 +0100
1366 +++ linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv4/ipt_XOR.h 2004-06-20 12:02:52.000000000 +0200
1371 +struct ipt_XOR_info {
1373 + u_int8_t block_size;
1376 +#endif /* _IPT_XOR_H */
1377 diff -uNr linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv6/ip6_logging.h linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv6/ip6_logging.h
1378 --- linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv6/ip6_logging.h 1970-01-01 01:00:00.000000000 +0100
1379 +++ linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv6/ip6_logging.h 2004-06-20 12:10:49.995821904 +0200
1381 +/* IPv6 macros for the nternal logging interface. */
1382 +#ifndef __IP6_LOGGING_H
1383 +#define __IP6_LOGGING_H
1385 +#endif /*__IP6_LOGGING_H*/
1386 diff -uNr linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv6/ip6_tables.h linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv6/ip6_tables.h
1387 --- linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv6/ip6_tables.h 2004-01-05 19:42:34.000000000 +0100
1388 +++ linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv6/ip6_tables.h 2004-06-20 12:26:05.731608904 +0200
1389 @@ -133,6 +133,12 @@
1391 unsigned int comefrom;
1393 + /* Name of the chain */
1396 + /* Rule number in the chain. */
1397 + u_int32_t rulenum;
1399 /* Packet and byte counters. */
1400 struct ip6t_counters counters;
1403 /* Number of counters (must be equal to current number of entries). */
1404 unsigned int num_counters;
1405 /* The old entries' counters. */
1406 - struct ip6t_counters *counters;
1407 + struct ip6t_counters __user *counters;
1409 /* The entries (hang off end: not really an array). */
1410 struct ip6t_entry entries[0];
1411 diff -uNr linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv6/ip6t_fuzzy.h linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv6/ip6t_fuzzy.h
1412 --- linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv6/ip6t_fuzzy.h 1970-01-01 01:00:00.000000000 +0100
1413 +++ linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv6/ip6t_fuzzy.h 2004-06-20 12:02:52.000000000 +0200
1415 +#ifndef _IP6T_FUZZY_H
1416 +#define _IP6T_FUZZY_H
1418 +#include <linux/param.h>
1419 +#include <linux/types.h>
1421 +#define MAXFUZZYRATE 10000000
1422 +#define MINFUZZYRATE 3
1424 +struct ip6t_fuzzy_info {
1425 + u_int32_t minimum_rate;
1426 + u_int32_t maximum_rate;
1427 + u_int32_t packets_total;
1428 + u_int32_t bytes_total;
1429 + u_int32_t previous_time;
1430 + u_int32_t present_time;
1431 + u_int32_t mean_rate;
1432 + u_int8_t acceptance_rate;
1435 +#endif /*_IP6T_FUZZY_H*/
1436 diff -uNr linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv6/ip6t_HL.h linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv6/ip6t_HL.h
1437 --- linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv6/ip6t_HL.h 1970-01-01 01:00:00.000000000 +0100
1438 +++ linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv6/ip6t_HL.h 2004-06-20 12:02:52.000000000 +0200
1440 +/* Hop Limit modification module for ip6tables
1441 + * Maciej Soltysiak <solt@dns.toxicfilms.tv>
1442 + * Based on HW's TTL module */
1453 +#define IP6T_HL_MAXMODE IP6T_HL_DEC
1455 +struct ip6t_HL_info {
1457 + u_int8_t hop_limit;
1462 diff -uNr linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv6/ip6t_nth.h linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv6/ip6t_nth.h
1463 --- linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv6/ip6t_nth.h 1970-01-01 01:00:00.000000000 +0100
1464 +++ linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv6/ip6t_nth.h 2004-06-20 12:02:52.000000000 +0200
1466 +#ifndef _IP6T_NTH_H
1467 +#define _IP6T_NTH_H
1469 +#include <linux/param.h>
1470 +#include <linux/types.h>
1472 +#ifndef IP6T_NTH_NUM_COUNTERS
1473 +#define IP6T_NTH_NUM_COUNTERS 16
1476 +struct ip6t_nth_info {
1484 +#endif /*_IP6T_NTH_H*/
1485 diff -uNr linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv6/ip6t_owner.h linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv6/ip6t_owner.h
1486 --- linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv6/ip6t_owner.h 2003-12-15 19:46:58.000000000 +0100
1487 +++ linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv6/ip6t_owner.h 2004-06-20 12:02:52.000000000 +0200
1489 #define IP6T_OWNER_GID 0x02
1490 #define IP6T_OWNER_PID 0x04
1491 #define IP6T_OWNER_SID 0x08
1492 +#define IP6T_OWNER_COMM 0x10
1494 struct ip6t_owner_info {
1500 u_int8_t match, invert; /* flags */
1503 diff -uNr linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv6/ip6t_policy.h linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv6/ip6t_policy.h
1504 --- linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv6/ip6t_policy.h 1970-01-01 01:00:00.000000000 +0100
1505 +++ linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv6/ip6t_policy.h 2004-06-20 12:02:52.000000000 +0200
1507 +#ifndef _IP6T_POLICY_H
1508 +#define _IP6T_POLICY_H
1510 +#define POLICY_MAX_ELEM 4
1512 +enum ip6t_policy_flags
1514 + POLICY_MATCH_IN = 0x1,
1515 + POLICY_MATCH_OUT = 0x2,
1516 + POLICY_MATCH_NONE = 0x4,
1517 + POLICY_MATCH_STRICT = 0x8,
1520 +enum ip6t_policy_modes
1522 + POLICY_MODE_TRANSPORT,
1523 + POLICY_MODE_TUNNEL
1526 +struct ip6t_policy_spec
1536 +struct ip6t_policy_elem
1538 + struct in6_addr saddr;
1539 + struct in6_addr smask;
1540 + struct in6_addr daddr;
1541 + struct in6_addr dmask;
1547 + struct ip6t_policy_spec match;
1548 + struct ip6t_policy_spec invert;
1551 +struct ip6t_policy_info
1553 + struct ip6t_policy_elem pol[POLICY_MAX_ELEM];
1558 +#endif /* _IP6T_POLICY_H */
1559 diff -uNr linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv6/ip6t_random.h linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv6/ip6t_random.h
1560 --- linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv6/ip6t_random.h 1970-01-01 01:00:00.000000000 +0100
1561 +++ linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv6/ip6t_random.h 2004-06-20 12:02:52.000000000 +0200
1563 +#ifndef _IP6T_RAND_H
1564 +#define _IP6T_RAND_H
1566 +#include <linux/param.h>
1567 +#include <linux/types.h>
1569 +struct ip6t_rand_info {
1573 +#endif /*_IP6T_RAND_H*/
1574 diff -uNr linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv6/ip6t_REJECT.h linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv6/ip6t_REJECT.h
1575 --- linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv6/ip6t_REJECT.h 2004-03-05 16:36:39.000000000 +0100
1576 +++ linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv6/ip6t_REJECT.h 2004-06-20 12:02:52.000000000 +0200
1578 #define _IP6T_REJECT_H
1580 enum ip6t_reject_with {
1581 - IP6T_ICMP_NET_UNREACHABLE,
1582 - IP6T_ICMP_HOST_UNREACHABLE,
1583 - IP6T_ICMP_PROT_UNREACHABLE,
1584 - IP6T_ICMP_PORT_UNREACHABLE,
1585 - IP6T_ICMP_ECHOREPLY
1586 + IP6T_ICMP6_NO_ROUTE,
1587 + IP6T_ICMP6_ADM_PROHIBITED,
1588 + IP6T_ICMP6_NOT_NEIGHBOUR,
1589 + IP6T_ICMP6_ADDR_UNREACH,
1590 + IP6T_ICMP6_PORT_UNREACH,
1591 + IP6T_ICMP6_ECHOREPLY,
1595 struct ip6t_reject_info {
1596 enum ip6t_reject_with with; /* reject type */
1599 -#endif /*_IPT_REJECT_H*/
1600 +#endif /*_IP6T_REJECT_H*/
1601 diff -uNr linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv6/ip6t_ROUTE.h linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv6/ip6t_ROUTE.h
1602 --- linux-libc-headers-2.6.6.0.orig/include/linux/netfilter_ipv6/ip6t_ROUTE.h 1970-01-01 01:00:00.000000000 +0100
1603 +++ linux-libc-headers-2.6.6.0/include/linux/netfilter_ipv6/ip6t_ROUTE.h 2004-06-20 12:02:52.000000000 +0200
1605 +/* Header file for iptables ip6t_ROUTE target
1607 + * (C) 2003 by Cédric de Launois <delaunois@info.ucl.ac.be>
1609 + * This software is distributed under GNU GPL v2, 1991
1611 +#ifndef _IPT_ROUTE_H_target
1612 +#define _IPT_ROUTE_H_target
1614 +#define IP6T_ROUTE_IFNAMSIZ 16
1616 +struct ip6t_route_target_info {
1617 + char oif[IP6T_ROUTE_IFNAMSIZ]; /* Output Interface Name */
1618 + char iif[IP6T_ROUTE_IFNAMSIZ]; /* Input Interface Name */
1619 + u_int32_t gw[4]; /* IPv6 address of gateway */
1623 +/* Values for "flags" field */
1624 +#define IP6T_ROUTE_CONTINUE 0x01
1626 +#endif /*_IP6T_ROUTE_H_target*/