1 diff -uNr linux-libc-headers-2.6.5.1.orig/include/linux/netfilter_ipv4/ip_conntrack.h linux-libc-headers-2.6.5.1/include/linux/netfilter_ipv4/ip_conntrack.h
2 --- linux-libc-headers-2.6.5.1.orig/include/linux/netfilter_ipv4/ip_conntrack.h 2004-01-18 00:04:34.000000000 +0100
3 +++ linux-libc-headers-2.6.5.1/include/linux/netfilter_ipv4/ip_conntrack.h 2004-05-22 18:13:14.935058704 +0200
6 #include <linux/netfilter_ipv4/ip_conntrack_tcp.h>
7 #include <linux/netfilter_ipv4/ip_conntrack_icmp.h>
8 +#include <linux/netfilter_ipv4/ip_conntrack_sctp.h>
10 /* per conntrack: protocol private data */
11 union ip_conntrack_proto {
12 /* insert conntrack proto private data here */
13 + struct ip_ct_sctp sctp;
15 struct ip_ct_icmp icmp;
20 /* Add protocol helper include file here */
21 +#include <linux/netfilter_ipv4/ip_conntrack_talk.h>
22 +#include <linux/netfilter_ipv4/ip_conntrack_rtsp.h>
23 +#include <linux/netfilter_ipv4/ip_conntrack_rsh.h>
24 +#include <linux/netfilter_ipv4/ip_conntrack_mms.h>
25 +#include <linux/netfilter_ipv4/ip_conntrack_h323.h>
26 #include <linux/netfilter_ipv4/ip_conntrack_amanda.h>
27 #include <linux/netfilter_ipv4/ip_conntrack_ftp.h>
28 #include <linux/netfilter_ipv4/ip_conntrack_irc.h>
30 /* per expectation: application helper private data */
31 union ip_conntrack_expect_help {
32 /* insert conntrack helper private data (expect) here */
33 + struct ip_ct_talk_expect exp_talk_info;
34 + struct ip_ct_rtsp_expect exp_rtsp_info;
35 + struct ip_ct_rsh_expect exp_rsh_info;
36 + struct ip_ct_mms_expect exp_mms_info;
37 + struct ip_ct_h225_expect exp_h225_info;
38 struct ip_ct_amanda_expect exp_amanda_info;
39 struct ip_ct_ftp_expect exp_ftp_info;
40 struct ip_ct_irc_expect exp_irc_info;
42 /* per conntrack: application helper private data */
43 union ip_conntrack_help {
44 /* insert conntrack helper private data (master) here */
45 + struct ip_ct_talk_master ct_talk_info;
46 + struct ip_ct_rtsp_master ct_rtsp_info;
47 + struct ip_ct_rsh_master ct_rsh_info;
48 + struct ip_ct_mms_master ct_mms_info;
49 + struct ip_ct_h225_master ct_h225_info;
50 struct ip_ct_ftp_master ct_ftp_info;
51 struct ip_ct_irc_master ct_irc_info;
53 diff -uNr linux-libc-headers-2.6.5.1.orig/include/linux/netfilter_ipv4/ip_conntrack_h323.h linux-libc-headers-2.6.5.1/include/linux/netfilter_ipv4/ip_conntrack_h323.h
54 --- linux-libc-headers-2.6.5.1.orig/include/linux/netfilter_ipv4/ip_conntrack_h323.h 1970-01-01 01:00:00.000000000 +0100
55 +++ linux-libc-headers-2.6.5.1/include/linux/netfilter_ipv4/ip_conntrack_h323.h 2004-05-22 18:13:14.936058552 +0200
57 +#ifndef _IP_CONNTRACK_H323_H
58 +#define _IP_CONNTRACK_H323_H
59 +/* H.323 connection tracking. */
61 +/* Default H.225 port */
62 +#define H225_PORT 1720
64 +/* This structure is per expected connection */
65 +struct ip_ct_h225_expect {
66 + u_int16_t port; /* Port of the H.225 helper/RTCP/RTP channel */
67 + enum ip_conntrack_dir dir; /* Direction of the original connection */
68 + unsigned int offset; /* offset of the address in the payload */
71 +/* This structure exists only once per master */
72 +struct ip_ct_h225_master {
73 + int is_h225; /* H.225 or H.245 connection */
74 +#ifdef CONFIG_IP_NF_NAT_NEEDED
75 + enum ip_conntrack_dir dir; /* Direction of the original connection */
76 + u_int32_t seq[IP_CT_DIR_MAX]; /* Exceptional packet mangling for signal addressess... */
77 + unsigned int offset[IP_CT_DIR_MAX]; /* ...and the offset of the addresses in the payload */
81 +#endif /* _IP_CONNTRACK_H323_H */
82 diff -uNr linux-libc-headers-2.6.5.1.orig/include/linux/netfilter_ipv4/ip_conntrack_helper.h linux-libc-headers-2.6.5.1/include/linux/netfilter_ipv4/ip_conntrack_helper.h
83 --- linux-libc-headers-2.6.5.1.orig/include/linux/netfilter_ipv4/ip_conntrack_helper.h 2003-12-15 19:46:58.000000000 +0100
84 +++ linux-libc-headers-2.6.5.1/include/linux/netfilter_ipv4/ip_conntrack_helper.h 2004-05-22 18:13:14.937058400 +0200
87 extern struct ip_conntrack_helper *ip_ct_find_helper(const struct ip_conntrack_tuple *tuple);
90 +/* Allocate space for an expectation: this is mandatory before calling
91 + ip_conntrack_expect_related. */
92 +extern struct ip_conntrack_expect *ip_conntrack_expect_alloc(void);
93 /* Add an expected connection: can have more than one per connection */
94 -extern int ip_conntrack_expect_related(struct ip_conntrack *related_to,
95 - struct ip_conntrack_expect *exp);
96 +extern int ip_conntrack_expect_related(struct ip_conntrack_expect *exp,
97 + struct ip_conntrack *related_to);
98 extern int ip_conntrack_change_expect(struct ip_conntrack_expect *expect,
99 struct ip_conntrack_tuple *newtuple);
100 extern void ip_conntrack_unexpect_related(struct ip_conntrack_expect *exp);
101 diff -uNr linux-libc-headers-2.6.5.1.orig/include/linux/netfilter_ipv4/ip_conntrack_mms.h linux-libc-headers-2.6.5.1/include/linux/netfilter_ipv4/ip_conntrack_mms.h
102 --- linux-libc-headers-2.6.5.1.orig/include/linux/netfilter_ipv4/ip_conntrack_mms.h 1970-01-01 01:00:00.000000000 +0100
103 +++ linux-libc-headers-2.6.5.1/include/linux/netfilter_ipv4/ip_conntrack_mms.h 2004-05-22 18:13:14.938058248 +0200
105 +#ifndef _IP_CONNTRACK_MMS_H
106 +#define _IP_CONNTRACK_MMS_H
109 +/* This structure is per expected connection */
110 +struct ip_ct_mms_expect {
116 +/* This structure exists only once per master */
117 +struct ip_ct_mms_master {
120 +#endif /* _IP_CONNTRACK_MMS_H */
121 diff -uNr linux-libc-headers-2.6.5.1.orig/include/linux/netfilter_ipv4/ip_conntrack_quake3.h linux-libc-headers-2.6.5.1/include/linux/netfilter_ipv4/ip_conntrack_quake3.h
122 --- linux-libc-headers-2.6.5.1.orig/include/linux/netfilter_ipv4/ip_conntrack_quake3.h 1970-01-01 01:00:00.000000000 +0100
123 +++ linux-libc-headers-2.6.5.1/include/linux/netfilter_ipv4/ip_conntrack_quake3.h 2004-05-22 18:13:14.938058248 +0200
125 +#ifndef _IP_CT_QUAKE3
126 +#define _IP_CT_QUAKE3
128 +/* Don't confuse with 27960, often used as the Server Port */
129 +#define QUAKE3_MASTER_PORT 27950
131 +struct quake3_search {
132 + const char marker[4]; /* always 0xff 0xff 0xff 0xff ? */
133 + const char *pattern;
137 +/* This structure is per expected connection */
138 +struct ip_ct_quake3_expect {
141 +/* This structure exists only once per master */
142 +struct ip_ct_quake3_master {
145 +#endif /* _IP_CT_QUAKE3 */
146 diff -uNr linux-libc-headers-2.6.5.1.orig/include/linux/netfilter_ipv4/ip_conntrack_rsh.h linux-libc-headers-2.6.5.1/include/linux/netfilter_ipv4/ip_conntrack_rsh.h
147 --- linux-libc-headers-2.6.5.1.orig/include/linux/netfilter_ipv4/ip_conntrack_rsh.h 1970-01-01 01:00:00.000000000 +0100
148 +++ linux-libc-headers-2.6.5.1/include/linux/netfilter_ipv4/ip_conntrack_rsh.h 2004-05-22 18:13:14.939058096 +0200
150 +/* RSH extension for IP connection tracking, Version 1.0
151 + * (C) 2002 by Ian (Larry) Latter <Ian.Latter@mq.edu.au>
152 + * based on HW's ip_conntrack_irc.c
154 + * ip_conntrack_rsh.c,v 1.0 2002/07/17 14:49:26
156 + * This program is free software; you can redistribute it and/or
157 + * modify it under the terms of the GNU General Public License
158 + * as published by the Free Software Foundation; either version
159 + * 2 of the License, or (at your option) any later version.
161 +#ifndef _IP_CONNTRACK_RSH_H
162 +#define _IP_CONNTRACK_RSH_H
164 +#define RSH_PORT 514
166 +/* This structure is per expected connection */
167 +struct ip_ct_rsh_expect
172 +/* This structure exists only once per master */
173 +struct ip_ct_rsh_master {
176 +#endif /* _IP_CONNTRACK_RSH_H */
178 diff -uNr linux-libc-headers-2.6.5.1.orig/include/linux/netfilter_ipv4/ip_conntrack_rtsp.h linux-libc-headers-2.6.5.1/include/linux/netfilter_ipv4/ip_conntrack_rtsp.h
179 --- linux-libc-headers-2.6.5.1.orig/include/linux/netfilter_ipv4/ip_conntrack_rtsp.h 1970-01-01 01:00:00.000000000 +0100
180 +++ linux-libc-headers-2.6.5.1/include/linux/netfilter_ipv4/ip_conntrack_rtsp.h 2004-05-22 18:13:14.940057944 +0200
183 + * RTSP extension for IP connection tracking.
184 + * (C) 2003 by Tom Marshall <tmarshall@real.com>
185 + * based on ip_conntrack_irc.h
187 + * This program is free software; you can redistribute it and/or
188 + * modify it under the terms of the GNU General Public License
189 + * as published by the Free Software Foundation; either version
190 + * 2 of the License, or (at your option) any later version.
192 +#ifndef _IP_CONNTRACK_RTSP_H
193 +#define _IP_CONNTRACK_RTSP_H
195 +/* #define IP_NF_RTSP_DEBUG */
196 +#define IP_NF_RTSP_VERSION "0.01"
198 +/* port block types */
200 + pb_single, /* client_port=x */
201 + pb_range, /* client_port=x-y */
202 + pb_discon /* client_port=x/y (rtspbis) */
205 +/* We record seq number and length of rtsp headers here, all in host order. */
208 + * This structure is per expected connection. It is a member of struct
209 + * ip_conntrack_expect. The TCP SEQ for the conntrack expect is stored
210 + * there and we are expected to only store the length of the data which
211 + * needs replaced. If a packet contains multiple RTSP messages, we create
212 + * one expected connection per message.
214 + * We use these variables to mark the entire header block. This may seem
215 + * like overkill, but the nature of RTSP requires it. A header may appear
216 + * multiple times in a message. We must treat two Transport headers the
217 + * same as one Transport header with two entries.
219 +struct ip_ct_rtsp_expect
221 + u_int32_t len; /* length of header block */
222 + portblock_t pbtype; /* Type of port block that was requested */
223 + u_int16_t loport; /* Port that was requested, low or first */
224 + u_int16_t hiport; /* Port that was requested, high or second */
226 + uint method; /* RTSP method */
227 + uint cseq; /* CSeq from request */
231 +/* This structure exists only once per master */
232 +struct ip_ct_rtsp_master
237 +#endif /* _IP_CONNTRACK_RTSP_H */
238 diff -uNr linux-libc-headers-2.6.5.1.orig/include/linux/netfilter_ipv4/ip_conntrack_sctp.h linux-libc-headers-2.6.5.1/include/linux/netfilter_ipv4/ip_conntrack_sctp.h
239 --- linux-libc-headers-2.6.5.1.orig/include/linux/netfilter_ipv4/ip_conntrack_sctp.h 1970-01-01 01:00:00.000000000 +0100
240 +++ linux-libc-headers-2.6.5.1/include/linux/netfilter_ipv4/ip_conntrack_sctp.h 2004-05-22 18:13:14.940057944 +0200
242 +#ifndef _IP_CONNTRACK_SCTP_H
243 +#define _IP_CONNTRACK_SCTP_H
244 +/* SCTP tracking. */
246 +enum sctp_conntrack {
247 + SCTP_CONNTRACK_NONE,
248 + SCTP_CONNTRACK_CLOSED,
249 + SCTP_CONNTRACK_COOKIE_WAIT,
250 + SCTP_CONNTRACK_COOKIE_ECHOED,
251 + SCTP_CONNTRACK_ESTABLISHED,
252 + SCTP_CONNTRACK_SHUTDOWN_SENT,
253 + SCTP_CONNTRACK_SHUTDOWN_RECD,
254 + SCTP_CONNTRACK_SHUTDOWN_ACK_SENT,
260 + enum sctp_conntrack state;
262 + u_int32_t vtag[IP_CT_DIR_MAX];
263 + u_int32_t ttag[IP_CT_DIR_MAX];
266 +#endif /* _IP_CONNTRACK_SCTP_H */
267 diff -uNr linux-libc-headers-2.6.5.1.orig/include/linux/netfilter_ipv4/ip_conntrack_talk.h linux-libc-headers-2.6.5.1/include/linux/netfilter_ipv4/ip_conntrack_talk.h
268 --- linux-libc-headers-2.6.5.1.orig/include/linux/netfilter_ipv4/ip_conntrack_talk.h 1970-01-01 01:00:00.000000000 +0100
269 +++ linux-libc-headers-2.6.5.1/include/linux/netfilter_ipv4/ip_conntrack_talk.h 2004-05-22 18:13:14.942057640 +0200
271 +#ifndef _IP_CONNTRACK_TALK_H
272 +#define _IP_CONNTRACK_TALK_H
273 +/* TALK tracking. */
275 +#define TALK_PORT 517
276 +#define NTALK_PORT 518
278 +/* talk structures and constants from <protocols/talkd.h> */
281 + * 4.3BSD struct sockaddr
284 + u_int16_t ta_family;
287 + u_int32_t ta_junk1;
288 + u_int32_t ta_junk2;
291 +#define TALK_OLD_NSIZE 9
292 +#define TALK_NSIZE 12
293 +#define TALK_TTY_NSIZE 16
296 + * Client->server request message formats.
299 + u_char type; /* request type, see below */
300 + char l_name[TALK_OLD_NSIZE];/* caller's name */
301 + char r_name[TALK_OLD_NSIZE];/* callee's name */
303 + u_int32_t id_num; /* message id */
304 + int32_t pid; /* caller's process id */
305 + char r_tty[TALK_TTY_NSIZE];/* callee's tty name */
306 + struct talk_addr addr; /* old (4.3) style */
307 + struct talk_addr ctl_addr; /* old (4.3) style */
311 + u_char vers; /* protocol version */
312 + u_char type; /* request type, see below */
313 + u_char answer; /* not used */
315 + u_int32_t id_num; /* message id */
316 + struct talk_addr addr; /* old (4.3) style */
317 + struct talk_addr ctl_addr; /* old (4.3) style */
318 + int32_t pid; /* caller's process id */
319 + char l_name[TALK_NSIZE];/* caller's name */
320 + char r_name[TALK_NSIZE];/* callee's name */
321 + char r_tty[TALK_TTY_NSIZE];/* callee's tty name */
325 + u_char vers; /* talk protocol version */
326 + u_char type; /* request type */
327 + u_char answer; /* */
328 + u_char extended; /* !0 if additional parts */
329 + u_int32_t id_num; /* message id number (dels) */
330 + struct talk_addr addr; /* target address */
331 + struct talk_addr ctl_addr; /* reply to address */
332 + int32_t pid; /* caller's process id */
333 + char l_name[TALK_NSIZE]; /* caller's name */
334 + char r_name[TALK_NSIZE]; /* callee's name */
335 + char r_tty[TALK_TTY_NSIZE]; /* callee's tty */
339 + * Server->client response message formats.
341 +struct talk_response {
342 + u_char type; /* type of request message, see below */
343 + u_char answer; /* response to request message, see below */
345 + u_int32_t id_num; /* message id */
346 + struct talk_addr addr; /* address for establishing conversation */
349 +struct ntalk_response {
350 + u_char vers; /* protocol version */
351 + u_char type; /* type of request message, see below */
352 + u_char answer; /* response to request message, see below */
354 + u_int32_t id_num; /* message id */
355 + struct talk_addr addr; /* address for establishing conversation */
358 +struct ntalk2_response {
359 + u_char vers; /* protocol version */
360 + u_char type; /* type of request message */
361 + u_char answer; /* response to request */
362 + u_char rvers; /* Version of answering vers*/
363 + u_int32_t id_num; /* message id number */
364 + struct talk_addr addr; /* address for connection */
365 + /* This is at the end to compatiblize this with NTALK version. */
366 + char r_name[TALK_NSIZE]; /* callee's name */
369 +#define TALK_STR(data, talk_str, member) ((struct talk_str *)data)->member)
370 +#define TALK_RESP(data, ver, member) (ver ? ((struct ntalk_response *)data)->member : ((struct talk_response *)data)->member)
371 +#define TALK_MSG(data, ver, member) (ver ? ((struct ntalk_msg *)data)->member : ((struct talk_msg *)data)->member)
373 +#define TALK_VERSION 0 /* protocol versions */
374 +#define NTALK_VERSION 1
375 +#define NTALK2_VERSION 2
377 +/* message type values */
378 +#define LEAVE_INVITE 0 /* leave invitation with server */
379 +#define LOOK_UP 1 /* check for invitation by callee */
380 +#define DELETE 2 /* delete invitation by caller */
381 +#define ANNOUNCE 3 /* announce invitation by caller */
383 +#define REPLY_QUERY 4 /* request reply data from local daemon */
386 +#define SUCCESS 0 /* operation completed properly */
387 +#define NOT_HERE 1 /* callee not logged in */
388 +#define FAILED 2 /* operation failed for unexplained reason */
389 +#define MACHINE_UNKNOWN 3 /* caller's machine name unknown */
390 +#define PERMISSION_DENIED 4 /* callee's tty doesn't permit announce */
391 +#define UNKNOWN_REQUEST 5 /* request has invalid type value */
392 +#define BADVERSION 6 /* request has invalid protocol version */
393 +#define BADADDR 7 /* request has invalid addr value */
394 +#define BADCTLADDR 8 /* request has invalid ctl_addr value */
396 +#define NO_CALLER 9 /* no-one calling answer from REPLY */
397 +#define TRY_HERE 10 /* Not on this machine, try this */
398 +#define SELECTIVE_REFUSAL 11 /* User Filter refusal. */
399 +#define MAX_RESPONSE_TYPE 11 /* Make sure this is updated */
401 +/* We don't really need much for talk */
402 +struct ip_ct_talk_expect
404 + /* Port that was to be used */
408 +/* This structure exists only once per master */
409 +struct ip_ct_talk_master
413 +#endif /* _IP_CONNTRACK_TALK_H */
414 diff -uNr linux-libc-headers-2.6.5.1.orig/include/linux/netfilter_ipv4/ip_conntrack_tftp.h linux-libc-headers-2.6.5.1/include/linux/netfilter_ipv4/ip_conntrack_tftp.h
415 --- linux-libc-headers-2.6.5.1.orig/include/linux/netfilter_ipv4/ip_conntrack_tftp.h 2003-12-15 19:46:58.000000000 +0100
416 +++ linux-libc-headers-2.6.5.1/include/linux/netfilter_ipv4/ip_conntrack_tftp.h 2004-05-22 18:13:14.943057488 +0200
419 #define TFTP_OPCODE_READ 1
420 #define TFTP_OPCODE_WRITE 2
421 +#define TFTP_OPCODE_DATA 3
422 +#define TFTP_OPCODE_ACK 4
423 +#define TFTP_OPCODE_ERROR 5
425 #endif /* _IP_CT_TFTP */
426 diff -uNr linux-libc-headers-2.6.5.1.orig/include/linux/netfilter_ipv4/ip_conntrack_tuple.h linux-libc-headers-2.6.5.1/include/linux/netfilter_ipv4/ip_conntrack_tuple.h
427 --- linux-libc-headers-2.6.5.1.orig/include/linux/netfilter_ipv4/ip_conntrack_tuple.h 2004-01-05 19:42:34.000000000 +0100
428 +++ linux-libc-headers-2.6.5.1/include/linux/netfilter_ipv4/ip_conntrack_tuple.h 2004-05-22 18:13:14.944057336 +0200
438 /* The manipulable part of the tuple. */
449 diff -uNr linux-libc-headers-2.6.5.1.orig/include/linux/netfilter_ipv4/ip_logging.h linux-libc-headers-2.6.5.1/include/linux/netfilter_ipv4/ip_logging.h
450 --- linux-libc-headers-2.6.5.1.orig/include/linux/netfilter_ipv4/ip_logging.h 1970-01-01 01:00:00.000000000 +0100
451 +++ linux-libc-headers-2.6.5.1/include/linux/netfilter_ipv4/ip_logging.h 2004-05-22 18:13:14.945057184 +0200
453 +/* IPv4 macros for the internal logging interface. */
454 +#ifndef __IP_LOGGING_H
455 +#define __IP_LOGGING_H
457 +#endif /*__IP_LOGGING_H*/
458 diff -uNr linux-libc-headers-2.6.5.1.orig/include/linux/netfilter_ipv4/ip_pool.h linux-libc-headers-2.6.5.1/include/linux/netfilter_ipv4/ip_pool.h
459 --- linux-libc-headers-2.6.5.1.orig/include/linux/netfilter_ipv4/ip_pool.h 1970-01-01 01:00:00.000000000 +0100
460 +++ linux-libc-headers-2.6.5.1/include/linux/netfilter_ipv4/ip_pool.h 2004-05-22 18:13:14.945057184 +0200
465 +/***************************************************************************/
466 +/* This program is free software; you can redistribute it and/or modify */
467 +/* it under the terms of the GNU General Public License as published by */
468 +/* the Free Software Foundation; either version 2 of the License, or */
469 +/* (at your option) any later version. */
471 +/* This program is distributed in the hope that it will be useful, */
472 +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */
473 +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */
474 +/* GNU General Public License for more details. */
476 +/* You should have received a copy of the GNU General Public License */
477 +/* along with this program; if not, write to the Free Software */
478 +/* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA*/
479 +/***************************************************************************/
481 +/* A sockopt of such quality has hardly ever been seen before on the open
482 + * market! This little beauty, hardly ever used: above 64, so it's
483 + * traditionally used for firewalling, not touched (even once!) by the
484 + * 2.0, 2.2 and 2.4 kernels!
486 + * Comes with its own certificate of authenticity, valid anywhere in the
491 +#define SO_IP_POOL 81
493 +typedef int ip_pool_t; /* pool index */
494 +#define IP_POOL_NONE ((ip_pool_t)-1)
496 +struct ip_pool_request {
503 +/* NOTE: I deliberately break the first cut ippool utility. Nobody uses it. */
505 +#define IP_POOL_BAD001 0x00000010
507 +#define IP_POOL_FLUSH 0x00000011 /* req.index, no arguments */
508 +#define IP_POOL_INIT 0x00000012 /* from addr to addr2 incl. */
509 +#define IP_POOL_DESTROY 0x00000013 /* req.index, no arguments */
510 +#define IP_POOL_ADD_ADDR 0x00000014 /* add addr to pool */
511 +#define IP_POOL_DEL_ADDR 0x00000015 /* del addr from pool */
512 +#define IP_POOL_HIGH_NR 0x00000016 /* result in req.index */
513 +#define IP_POOL_LOOKUP 0x00000017 /* result in addr and addr2 */
514 +#define IP_POOL_USAGE 0x00000018 /* result in addr */
515 +#define IP_POOL_TEST_ADDR 0x00000019 /* result (0/1) returned */
517 +#endif /*_IP_POOL_H*/
518 diff -uNr linux-libc-headers-2.6.5.1.orig/include/linux/netfilter_ipv4/ip_tables.h linux-libc-headers-2.6.5.1/include/linux/netfilter_ipv4/ip_tables.h
519 --- linux-libc-headers-2.6.5.1.orig/include/linux/netfilter_ipv4/ip_tables.h 2004-01-05 19:42:34.000000000 +0100
520 +++ linux-libc-headers-2.6.5.1/include/linux/netfilter_ipv4/ip_tables.h 2004-05-22 18:13:14.947056880 +0200
523 /* Values for "flag" field in struct ipt_ip (general ip structure). */
524 #define IPT_F_FRAG 0x01 /* Set if rule is a fragment rule */
525 -#define IPT_F_MASK 0x01 /* All possible flag bits mask. */
526 +#define IPT_F_GOTO 0x02 /* Set if jump is a goto */
527 +#define IPT_F_MASK 0x03 /* All possible flag bits mask. */
529 /* Values for "inv" field in struct ipt_ip. */
530 #define IPT_INV_VIA_IN 0x01 /* Invert the sense of IN IFACE. */
533 unsigned int comefrom;
535 + /* Name of the chain */
538 + /* Rule number in the chain. */
541 /* Packet and byte counters. */
542 struct ipt_counters counters;
544 diff -uNr linux-libc-headers-2.6.5.1.orig/include/linux/netfilter_ipv4/ipt_account.h linux-libc-headers-2.6.5.1/include/linux/netfilter_ipv4/ipt_account.h
545 --- linux-libc-headers-2.6.5.1.orig/include/linux/netfilter_ipv4/ipt_account.h 1970-01-01 01:00:00.000000000 +0100
546 +++ linux-libc-headers-2.6.5.1/include/linux/netfilter_ipv4/ipt_account.h 2004-05-22 18:15:44.272355984 +0200
549 + * accounting match (ipt_account.c)
550 + * (C) 2003,2004 by Piotr Gasid³o (quaker@barbara.eu.org)
554 + * This software is distributed under the terms of GNU GPL
557 +#ifndef _IPT_ACCOUNT_H_
558 +#define _IPT_ACCOUNT_H_
560 +#define IPT_ACCOUNT_NAME_LEN 64
562 +struct t_ipt_account_info {
563 + char name[IPT_ACCOUNT_NAME_LEN];
569 diff -uNr linux-libc-headers-2.6.5.1.orig/include/linux/netfilter_ipv4/ipt_addrtype.h linux-libc-headers-2.6.5.1/include/linux/netfilter_ipv4/ipt_addrtype.h
570 --- linux-libc-headers-2.6.5.1.orig/include/linux/netfilter_ipv4/ipt_addrtype.h 1970-01-01 01:00:00.000000000 +0100
571 +++ linux-libc-headers-2.6.5.1/include/linux/netfilter_ipv4/ipt_addrtype.h 2004-05-22 18:13:14.947056880 +0200
573 +#ifndef _IPT_ADDRTYPE_H
574 +#define _IPT_ADDRTYPE_H
576 +struct ipt_addrtype_info {
577 + u_int16_t source; /* source-type mask */
578 + u_int16_t dest; /* dest-type mask */
584 diff -uNr linux-libc-headers-2.6.5.1.orig/include/linux/netfilter_ipv4/ipt_connlimit.h linux-libc-headers-2.6.5.1/include/linux/netfilter_ipv4/ipt_connlimit.h
585 --- linux-libc-headers-2.6.5.1.orig/include/linux/netfilter_ipv4/ipt_connlimit.h 1970-01-01 01:00:00.000000000 +0100
586 +++ linux-libc-headers-2.6.5.1/include/linux/netfilter_ipv4/ipt_connlimit.h 2004-05-22 18:13:14.948056728 +0200
588 +#ifndef _IPT_CONNLIMIT_H
589 +#define _IPT_CONNLIMIT_H
591 +struct ipt_connlimit_data;
593 +struct ipt_connlimit_info {
597 + struct ipt_connlimit_data *data;
599 +#endif /* _IPT_CONNLIMIT_H */
600 diff -uNr linux-libc-headers-2.6.5.1.orig/include/linux/netfilter_ipv4/ipt_connmark.h linux-libc-headers-2.6.5.1/include/linux/netfilter_ipv4/ipt_connmark.h
601 --- linux-libc-headers-2.6.5.1.orig/include/linux/netfilter_ipv4/ipt_connmark.h 1970-01-01 01:00:00.000000000 +0100
602 +++ linux-libc-headers-2.6.5.1/include/linux/netfilter_ipv4/ipt_connmark.h 2004-05-22 18:13:14.949056576 +0200
604 +#ifndef _IPT_CONNMARK_H
605 +#define _IPT_CONNMARK_H
607 +/* Copyright (C) 2002,2004 MARA Systems AB <http://www.marasystems.com>
608 + * by Henrik Nordstrom <hno@marasystems.com>
610 + * This program is free software; you can redistribute it and/or modify
611 + * it under the terms of the GNU General Public License as published by
612 + * the Free Software Foundation; either version 2 of the License, or
613 + * (at your option) any later version.
616 +struct ipt_connmark_info {
617 + unsigned long mark, mask;
621 +#endif /*_IPT_CONNMARK_H*/
622 diff -uNr linux-libc-headers-2.6.5.1.orig/include/linux/netfilter_ipv4/ipt_CONNMARK.h linux-libc-headers-2.6.5.1/include/linux/netfilter_ipv4/ipt_CONNMARK.h
623 --- linux-libc-headers-2.6.5.1.orig/include/linux/netfilter_ipv4/ipt_CONNMARK.h 1970-01-01 01:00:00.000000000 +0100
624 +++ linux-libc-headers-2.6.5.1/include/linux/netfilter_ipv4/ipt_CONNMARK.h 2004-05-22 18:13:14.949056576 +0200
626 +#ifndef _IPT_CONNMARK_H_target
627 +#define _IPT_CONNMARK_H_target
629 +/* Copyright (C) 2002,2004 MARA Systems AB <http://www.marasystems.com>
630 + * by Henrik Nordstrom <hno@marasystems.com>
632 + * This program is free software; you can redistribute it and/or modify
633 + * it under the terms of the GNU General Public License as published by
634 + * the Free Software Foundation; either version 2 of the License, or
635 + * (at your option) any later version.
639 + IPT_CONNMARK_SET = 0,
641 + IPT_CONNMARK_RESTORE
644 +struct ipt_connmark_target_info {
645 + unsigned long mark;
646 + unsigned long mask;
650 +#endif /*_IPT_CONNMARK_H_target*/
651 diff -uNr linux-libc-headers-2.6.5.1.orig/include/linux/netfilter_ipv4/ipt_conntrack.h linux-libc-headers-2.6.5.1/include/linux/netfilter_ipv4/ipt_conntrack.h
652 --- linux-libc-headers-2.6.5.1.orig/include/linux/netfilter_ipv4/ipt_conntrack.h 2004-03-05 16:36:39.000000000 +0100
653 +++ linux-libc-headers-2.6.5.1/include/linux/netfilter_ipv4/ipt_conntrack.h 2004-05-22 18:13:14.950056424 +0200
656 #define IPT_CONNTRACK_STATE_SNAT (1 << (IP_CT_NUMBER + 1))
657 #define IPT_CONNTRACK_STATE_DNAT (1 << (IP_CT_NUMBER + 2))
658 +#define IPT_CONNTRACK_STATE_UNTRACKED (1 << (IP_CT_NUMBER + 3))
660 /* flags, invflags: */
661 #define IPT_CONNTRACK_STATE 0x01
662 diff -uNr linux-libc-headers-2.6.5.1.orig/include/linux/netfilter_ipv4/ipt_dstlimit.h linux-libc-headers-2.6.5.1/include/linux/netfilter_ipv4/ipt_dstlimit.h
663 --- linux-libc-headers-2.6.5.1.orig/include/linux/netfilter_ipv4/ipt_dstlimit.h 1970-01-01 01:00:00.000000000 +0100
664 +++ linux-libc-headers-2.6.5.1/include/linux/netfilter_ipv4/ipt_dstlimit.h 2004-05-22 18:13:14.951056272 +0200
666 +#ifndef _IPT_DSTLIMIT_H
667 +#define _IPT_DSTLIMIT_H
669 +/* timings are in milliseconds. */
670 +#define IPT_DSTLIMIT_SCALE 10000
671 +/* 1/10,000 sec period => max of 10,000/sec. Min rate is then 429490
672 + seconds, or one every 59 hours. */
674 +/* details of this structure hidden by the implementation */
675 +struct ipt_dstlimit_htable;
677 +#define IPT_DSTLIMIT_HASH_DIP 0x0001
678 +#define IPT_DSTLIMIT_HASH_DPT 0x0002
679 +#define IPT_DSTLIMIT_HASH_SIP 0x0004
681 +struct dstlimit_cfg {
682 + u_int32_t mode; /* bitmask of IPT_DSTLIMIT_HASH_* */
683 + u_int32_t avg; /* Average secs between packets * scale */
684 + u_int32_t burst; /* Period multiplier for upper limit. */
686 + /* user specified */
687 + u_int32_t size; /* how many buckets */
688 + u_int32_t max; /* max number of entries */
689 + u_int32_t gc_interval; /* gc interval */
690 + u_int32_t expire; /* when do entries expire? */
693 +struct ipt_dstlimit_info {
694 + char name [IFNAMSIZ]; /* name */
695 + struct dstlimit_cfg cfg;
696 + struct ipt_dstlimit_htable *hinfo;
698 + /* Used internally by the kernel */
701 + struct ipt_dstlimit_info *master;
704 +#endif /*_IPT_DSTLIMIT_H*/
705 diff -uNr linux-libc-headers-2.6.5.1.orig/include/linux/netfilter_ipv4/ipt_fuzzy.h linux-libc-headers-2.6.5.1/include/linux/netfilter_ipv4/ipt_fuzzy.h
706 --- linux-libc-headers-2.6.5.1.orig/include/linux/netfilter_ipv4/ipt_fuzzy.h 1970-01-01 01:00:00.000000000 +0100
707 +++ linux-libc-headers-2.6.5.1/include/linux/netfilter_ipv4/ipt_fuzzy.h 2004-05-22 18:13:14.951056272 +0200
709 +#ifndef _IPT_FUZZY_H
710 +#define _IPT_FUZZY_H
712 +#include <linux/param.h>
713 +#include <linux/types.h>
715 +#define MAXFUZZYRATE 10000000
716 +#define MINFUZZYRATE 3
718 +struct ipt_fuzzy_info {
719 + u_int32_t minimum_rate;
720 + u_int32_t maximum_rate;
721 + u_int32_t packets_total;
722 + u_int32_t bytes_total;
723 + u_int32_t previous_time;
724 + u_int32_t present_time;
725 + u_int32_t mean_rate;
726 + u_int8_t acceptance_rate;
729 +#endif /*_IPT_FUZZY_H*/
730 diff -uNr linux-libc-headers-2.6.5.1.orig/include/linux/netfilter_ipv4/ipt_IMQ.h linux-libc-headers-2.6.5.1/include/linux/netfilter_ipv4/ipt_IMQ.h
731 --- linux-libc-headers-2.6.5.1.orig/include/linux/netfilter_ipv4/ipt_IMQ.h 1970-01-01 01:00:00.000000000 +0100
732 +++ linux-libc-headers-2.6.5.1/include/linux/netfilter_ipv4/ipt_IMQ.h 2004-05-22 18:13:14.952056120 +0200
737 +struct ipt_imq_info {
738 + unsigned int todev; /* target imq device */
741 +#endif /* _IPT_IMQ_H */
742 diff -uNr linux-libc-headers-2.6.5.1.orig/include/linux/netfilter_ipv4/ipt_IPMARK.h linux-libc-headers-2.6.5.1/include/linux/netfilter_ipv4/ipt_IPMARK.h
743 --- linux-libc-headers-2.6.5.1.orig/include/linux/netfilter_ipv4/ipt_IPMARK.h 1970-01-01 01:00:00.000000000 +0100
744 +++ linux-libc-headers-2.6.5.1/include/linux/netfilter_ipv4/ipt_IPMARK.h 2004-05-22 18:13:14.953055968 +0200
746 +#ifndef _IPT_IPMARK_H_target
747 +#define _IPT_IPMARK_H_target
749 +struct ipt_ipmark_target_info {
750 + unsigned long andmask;
751 + unsigned long ormask;
755 +#define IPT_IPMARK_SRC 0
756 +#define IPT_IPMARK_DST 1
758 +#endif /*_IPT_IPMARK_H_target*/
759 diff -uNr linux-libc-headers-2.6.5.1.orig/include/linux/netfilter_ipv4/ipt_ipv4options.h linux-libc-headers-2.6.5.1/include/linux/netfilter_ipv4/ipt_ipv4options.h
760 --- linux-libc-headers-2.6.5.1.orig/include/linux/netfilter_ipv4/ipt_ipv4options.h 1970-01-01 01:00:00.000000000 +0100
761 +++ linux-libc-headers-2.6.5.1/include/linux/netfilter_ipv4/ipt_ipv4options.h 2004-05-22 18:13:14.954055816 +0200
763 +#ifndef __ipt_ipv4options_h_included__
764 +#define __ipt_ipv4options_h_included__
766 +#define IPT_IPV4OPTION_MATCH_SSRR 0x01 /* For strict source routing */
767 +#define IPT_IPV4OPTION_MATCH_LSRR 0x02 /* For loose source routing */
768 +#define IPT_IPV4OPTION_DONT_MATCH_SRR 0x04 /* any source routing */
769 +#define IPT_IPV4OPTION_MATCH_RR 0x08 /* For Record route */
770 +#define IPT_IPV4OPTION_DONT_MATCH_RR 0x10
771 +#define IPT_IPV4OPTION_MATCH_TIMESTAMP 0x20 /* For timestamp request */
772 +#define IPT_IPV4OPTION_DONT_MATCH_TIMESTAMP 0x40
773 +#define IPT_IPV4OPTION_MATCH_ROUTER_ALERT 0x80 /* For router-alert */
774 +#define IPT_IPV4OPTION_DONT_MATCH_ROUTER_ALERT 0x100
775 +#define IPT_IPV4OPTION_MATCH_ANY_OPT 0x200 /* match packet with any option */
776 +#define IPT_IPV4OPTION_DONT_MATCH_ANY_OPT 0x400 /* match packet with no option */
778 +struct ipt_ipv4options_info {
783 +#endif /* __ipt_ipv4options_h_included__ */
784 diff -uNr linux-libc-headers-2.6.5.1.orig/include/linux/netfilter_ipv4/ipt_MARK.h linux-libc-headers-2.6.5.1/include/linux/netfilter_ipv4/ipt_MARK.h
785 --- linux-libc-headers-2.6.5.1.orig/include/linux/netfilter_ipv4/ipt_MARK.h 2003-12-15 19:46:58.000000000 +0100
786 +++ linux-libc-headers-2.6.5.1/include/linux/netfilter_ipv4/ipt_MARK.h 2004-05-22 18:13:14.954055816 +0200
788 #ifndef _IPT_MARK_H_target
789 #define _IPT_MARK_H_target
797 struct ipt_mark_target_info {
802 #endif /*_IPT_MARK_H_target*/
803 diff -uNr linux-libc-headers-2.6.5.1.orig/include/linux/netfilter_ipv4/ipt_mport.h linux-libc-headers-2.6.5.1/include/linux/netfilter_ipv4/ipt_mport.h
804 --- linux-libc-headers-2.6.5.1.orig/include/linux/netfilter_ipv4/ipt_mport.h 1970-01-01 01:00:00.000000000 +0100
805 +++ linux-libc-headers-2.6.5.1/include/linux/netfilter_ipv4/ipt_mport.h 2004-05-22 18:13:14.955055664 +0200
807 +#ifndef _IPT_MPORT_H
808 +#define _IPT_MPORT_H
809 +#include <linux/netfilter_ipv4/ip_tables.h>
811 +#define IPT_MPORT_SOURCE (1<<0)
812 +#define IPT_MPORT_DESTINATION (1<<1)
813 +#define IPT_MPORT_EITHER (IPT_MPORT_SOURCE|IPT_MPORT_DESTINATION)
815 +#define IPT_MULTI_PORTS 15
817 +/* Must fit inside union ipt_matchinfo: 32 bytes */
818 +/* every entry in ports[] except for the last one has one bit in pflags
819 + * associated with it. If this bit is set, the port is the first port of
820 + * a portrange, with the next entry being the last.
821 + * End of list is marked with pflags bit set and port=65535.
822 + * If 14 ports are used (last one does not have a pflag), the last port
823 + * is repeated to fill the last entry in ports[] */
826 + u_int8_t flags:2; /* Type of comparison */
827 + u_int16_t pflags:14; /* Port flags */
828 + u_int16_t ports[IPT_MULTI_PORTS]; /* Ports */
830 +#endif /*_IPT_MPORT_H*/
831 diff -uNr linux-libc-headers-2.6.5.1.orig/include/linux/netfilter_ipv4/ipt_NETLINK.h linux-libc-headers-2.6.5.1/include/linux/netfilter_ipv4/ipt_NETLINK.h
832 --- linux-libc-headers-2.6.5.1.orig/include/linux/netfilter_ipv4/ipt_NETLINK.h 1970-01-01 01:00:00.000000000 +0100
833 +++ linux-libc-headers-2.6.5.1/include/linux/netfilter_ipv4/ipt_NETLINK.h 2004-05-22 18:13:14.957055360 +0200
835 +#ifndef _IPT_FWMON_H
836 +#define _IPT_FWMON_H
838 +/* Bitmask macros */
839 +#define MASK(x,y) (x & y)
840 +#define MASK_SET(x,y) x |= y
841 +#define MASK_UNSET(x,y) x &= ~y
843 +#define USE_MARK 0x00000001
844 +#define USE_DROP 0x00000002
845 +#define USE_SIZE 0x00000004
849 + unsigned int flags;
858 + char iface[IFNAMSIZ];
861 +#endif /*_IPT_FWMON_H*/
862 diff -uNr linux-libc-headers-2.6.5.1.orig/include/linux/netfilter_ipv4/ipt_nth.h linux-libc-headers-2.6.5.1/include/linux/netfilter_ipv4/ipt_nth.h
863 --- linux-libc-headers-2.6.5.1.orig/include/linux/netfilter_ipv4/ipt_nth.h 1970-01-01 01:00:00.000000000 +0100
864 +++ linux-libc-headers-2.6.5.1/include/linux/netfilter_ipv4/ipt_nth.h 2004-05-22 18:13:14.957055360 +0200
869 +#include <linux/param.h>
870 +#include <linux/types.h>
872 +#ifndef IPT_NTH_NUM_COUNTERS
873 +#define IPT_NTH_NUM_COUNTERS 16
876 +struct ipt_nth_info {
884 +#endif /*_IPT_NTH_H*/
885 diff -uNr linux-libc-headers-2.6.5.1.orig/include/linux/netfilter_ipv4/ipt_osf.h linux-libc-headers-2.6.5.1/include/linux/netfilter_ipv4/ipt_osf.h
886 --- linux-libc-headers-2.6.5.1.orig/include/linux/netfilter_ipv4/ipt_osf.h 1970-01-01 01:00:00.000000000 +0100
887 +++ linux-libc-headers-2.6.5.1/include/linux/netfilter_ipv4/ipt_osf.h 2004-05-22 18:13:14.958055208 +0200
892 + * Copyright (c) 2003 Evgeniy Polyakov <johnpol@2ka.mipt.ru>
895 + * This program is free software; you can redistribute it and/or modify
896 + * it under the terms of the GNU General Public License as published by
897 + * the Free Software Foundation; either version 2 of the License, or
898 + * (at your option) any later version.
900 + * This program is distributed in the hope that it will be useful,
901 + * but WITHOUT ANY WARRANTY; without even the implied warranty of
902 + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
903 + * GNU General Public License for more details.
905 + * You should have received a copy of the GNU General Public License
906 + * along with this program; if not, write to the Free Software
907 + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
913 +#define MAXGENRELEN 32
914 +#define MAXDETLEN 64
916 +#define IPT_OSF_GENRE 1
917 +#define IPT_OSF_SMART 2
918 +#define IPT_OSF_LOG 4
919 +#define IPT_OSF_NETLINK 8
921 +#define IPT_OSF_LOGLEVEL_ALL 0
922 +#define IPT_OSF_LOGLEVEL_FIRST 1
924 +#include <netinet/ip.h>
925 +#include <netinet/tcp.h>
929 + struct list_head *prev, *next;
934 + char genre[MAXGENRELEN];
936 + unsigned long flags;
938 + int invert; /* UNSUPPORTED */
947 +/* This struct represents IANA options
948 + * http://www.iana.org/assignments/tcp-parameters
952 + unsigned char kind;
953 + unsigned char length;
959 + struct list_head flist;
964 + unsigned char genre[MAXGENRELEN];
965 + unsigned char version[MAXGENRELEN], subtype[MAXGENRELEN];
967 + /* Not needed, but for consistency with original table from Michal Zalewski */
968 + unsigned char details[MAXDETLEN];
971 + struct osf_opt opt[MAX_IPOPTLEN]; /* In case it is all NOP or EOL */
975 +struct ipt_osf_nlmsg
977 + struct osf_finger f;
982 +#endif /* _IPT_OSF_H */
983 diff -uNr linux-libc-headers-2.6.5.1.orig/include/linux/netfilter_ipv4/ipt_policy.h linux-libc-headers-2.6.5.1/include/linux/netfilter_ipv4/ipt_policy.h
984 --- linux-libc-headers-2.6.5.1.orig/include/linux/netfilter_ipv4/ipt_policy.h 1970-01-01 01:00:00.000000000 +0100
985 +++ linux-libc-headers-2.6.5.1/include/linux/netfilter_ipv4/ipt_policy.h 2004-05-22 18:13:14.959055056 +0200
987 +#ifndef _IPT_POLICY_H
988 +#define _IPT_POLICY_H
990 +#define POLICY_MAX_ELEM 4
992 +enum ipt_policy_flags
994 + POLICY_MATCH_IN = 0x1,
995 + POLICY_MATCH_OUT = 0x2,
996 + POLICY_MATCH_NONE = 0x4,
997 + POLICY_MATCH_STRICT = 0x8,
1000 +enum ipt_policy_modes
1002 + POLICY_MODE_TRANSPORT,
1003 + POLICY_MODE_TUNNEL
1006 +struct ipt_policy_spec
1016 +struct ipt_policy_elem
1027 + struct ipt_policy_spec match;
1028 + struct ipt_policy_spec invert;
1031 +struct ipt_policy_info
1033 + struct ipt_policy_elem pol[POLICY_MAX_ELEM];
1038 +#endif /* _IPT_POLICY_H */
1039 diff -uNr linux-libc-headers-2.6.5.1.orig/include/linux/netfilter_ipv4/ipt_pool.h linux-libc-headers-2.6.5.1/include/linux/netfilter_ipv4/ipt_pool.h
1040 --- linux-libc-headers-2.6.5.1.orig/include/linux/netfilter_ipv4/ipt_pool.h 1970-01-01 01:00:00.000000000 +0100
1041 +++ linux-libc-headers-2.6.5.1/include/linux/netfilter_ipv4/ipt_pool.h 2004-05-22 18:13:14.960054904 +0200
1043 +#ifndef _IPT_POOL_H
1044 +#define _IPT_POOL_H
1046 +#include <linux/netfilter_ipv4/ip_pool.h>
1048 +#define IPT_POOL_INV_SRC 0x00000001
1049 +#define IPT_POOL_INV_DST 0x00000002
1050 +#define IPT_POOL_DEL_SRC 0x00000004
1051 +#define IPT_POOL_DEL_DST 0x00000008
1052 +#define IPT_POOL_INV_MOD_SRC 0x00000010
1053 +#define IPT_POOL_INV_MOD_DST 0x00000020
1054 +#define IPT_POOL_MOD_SRC_ACCEPT 0x00000040
1055 +#define IPT_POOL_MOD_DST_ACCEPT 0x00000080
1056 +#define IPT_POOL_MOD_SRC_DROP 0x00000100
1057 +#define IPT_POOL_MOD_DST_DROP 0x00000200
1060 +struct ipt_pool_info
1067 +#endif /*_IPT_POOL_H*/
1068 diff -uNr linux-libc-headers-2.6.5.1.orig/include/linux/netfilter_ipv4/ipt_psd.h linux-libc-headers-2.6.5.1/include/linux/netfilter_ipv4/ipt_psd.h
1069 --- linux-libc-headers-2.6.5.1.orig/include/linux/netfilter_ipv4/ipt_psd.h 1970-01-01 01:00:00.000000000 +0100
1070 +++ linux-libc-headers-2.6.5.1/include/linux/netfilter_ipv4/ipt_psd.h 2004-05-22 18:13:14.961054752 +0200
1075 +#include <linux/param.h>
1076 +#include <linux/types.h>
1079 + * High port numbers have a lower weight to reduce the frequency of false
1080 + * positives, such as from passive mode FTP transfers.
1082 +#define PORT_WEIGHT_PRIV 3
1083 +#define PORT_WEIGHT_HIGH 1
1086 + * Port scan detection thresholds: at least COUNT ports need to be scanned
1087 + * from the same source, with no longer than DELAY ticks between ports.
1089 +#define SCAN_MIN_COUNT 7
1090 +#define SCAN_MAX_COUNT (SCAN_MIN_COUNT * PORT_WEIGHT_PRIV)
1091 +#define SCAN_WEIGHT_THRESHOLD SCAN_MAX_COUNT
1092 +#define SCAN_DELAY_THRESHOLD (300) /* old usage of HZ here was erroneously and broke under uml */
1095 + * Keep track of up to LIST_SIZE source addresses, using a hash table of
1096 + * HASH_SIZE entries for faster lookups, but limiting hash collisions to
1097 + * HASH_MAX source addresses per the same hash value.
1099 +#define LIST_SIZE 0x100
1101 +#define HASH_SIZE (1 << HASH_LOG)
1102 +#define HASH_MAX 0x10
1104 +struct ipt_psd_info {
1105 + unsigned int weight_threshold;
1106 + unsigned int delay_threshold;
1107 + unsigned short lo_ports_weight;
1108 + unsigned short hi_ports_weight;
1111 +#endif /*_IPT_PSD_H*/
1112 diff -uNr linux-libc-headers-2.6.5.1.orig/include/linux/netfilter_ipv4/ipt_quota.h linux-libc-headers-2.6.5.1/include/linux/netfilter_ipv4/ipt_quota.h
1113 --- linux-libc-headers-2.6.5.1.orig/include/linux/netfilter_ipv4/ipt_quota.h 1970-01-01 01:00:00.000000000 +0100
1114 +++ linux-libc-headers-2.6.5.1/include/linux/netfilter_ipv4/ipt_quota.h 2004-05-22 18:13:14.961054752 +0200
1116 +#ifndef _IPT_QUOTA_H
1117 +#define _IPT_QUOTA_H
1119 +/* print debug info in both kernel/netfilter module & iptable library */
1120 +//#define DEBUG_IPT_QUOTA
1122 +struct ipt_quota_info {
1126 +#endif /*_IPT_QUOTA_H*/
1127 diff -uNr linux-libc-headers-2.6.5.1.orig/include/linux/netfilter_ipv4/ipt_random.h linux-libc-headers-2.6.5.1/include/linux/netfilter_ipv4/ipt_random.h
1128 --- linux-libc-headers-2.6.5.1.orig/include/linux/netfilter_ipv4/ipt_random.h 1970-01-01 01:00:00.000000000 +0100
1129 +++ linux-libc-headers-2.6.5.1/include/linux/netfilter_ipv4/ipt_random.h 2004-05-22 18:13:14.962054600 +0200
1131 +#ifndef _IPT_RAND_H
1132 +#define _IPT_RAND_H
1134 +#include <linux/param.h>
1135 +#include <linux/types.h>
1137 +struct ipt_rand_info {
1141 +#endif /*_IPT_RAND_H*/
1142 diff -uNr linux-libc-headers-2.6.5.1.orig/include/linux/netfilter_ipv4/ipt_realm.h linux-libc-headers-2.6.5.1/include/linux/netfilter_ipv4/ipt_realm.h
1143 --- linux-libc-headers-2.6.5.1.orig/include/linux/netfilter_ipv4/ipt_realm.h 1970-01-01 01:00:00.000000000 +0100
1144 +++ linux-libc-headers-2.6.5.1/include/linux/netfilter_ipv4/ipt_realm.h 2004-05-22 18:13:14.963054448 +0200
1146 +#ifndef _IPT_REALM_H
1147 +#define _IPT_REALM_H
1149 +struct ipt_realm_info {
1154 +#endif /*_IPT_REALM_H*/
1155 diff -uNr linux-libc-headers-2.6.5.1.orig/include/linux/netfilter_ipv4/ipt_ROUTE.h linux-libc-headers-2.6.5.1/include/linux/netfilter_ipv4/ipt_ROUTE.h
1156 --- linux-libc-headers-2.6.5.1.orig/include/linux/netfilter_ipv4/ipt_ROUTE.h 1970-01-01 01:00:00.000000000 +0100
1157 +++ linux-libc-headers-2.6.5.1/include/linux/netfilter_ipv4/ipt_ROUTE.h 2004-05-22 18:13:14.964054296 +0200
1159 +/* Header file for iptables ipt_ROUTE target
1161 + * (C) 2002 by Cédric de Launois <delaunois@info.ucl.ac.be>
1163 + * This software is distributed under GNU GPL v2, 1991
1165 +#ifndef _IPT_ROUTE_H_target
1166 +#define _IPT_ROUTE_H_target
1168 +#define IPT_ROUTE_IFNAMSIZ 16
1170 +struct ipt_route_target_info {
1171 + char oif[IPT_ROUTE_IFNAMSIZ]; /* Output Interface Name */
1172 + char iif[IPT_ROUTE_IFNAMSIZ]; /* Input Interface Name */
1173 + u_int32_t gw; /* IP address of gateway */
1177 +/* Values for "flags" field */
1178 +#define IPT_ROUTE_CONTINUE 0x01
1180 +#endif /*_IPT_ROUTE_H_target*/
1181 diff -uNr linux-libc-headers-2.6.5.1.orig/include/linux/netfilter_ipv4/ipt_sctp.h linux-libc-headers-2.6.5.1/include/linux/netfilter_ipv4/ipt_sctp.h
1182 --- linux-libc-headers-2.6.5.1.orig/include/linux/netfilter_ipv4/ipt_sctp.h 1970-01-01 01:00:00.000000000 +0100
1183 +++ linux-libc-headers-2.6.5.1/include/linux/netfilter_ipv4/ipt_sctp.h 2004-05-22 18:13:14.965054144 +0200
1185 +#ifndef _IPT_SCTP_H_
1186 +#define _IPT_SCTP_H_
1188 +#define IPT_SCTP_SRC_PORTS 0x01
1189 +#define IPT_SCTP_DEST_PORTS 0x02
1190 +#define IPT_SCTP_CHUNK_TYPES 0x04
1192 +#define IPT_SCTP_VALID_FLAGS 0x07
1194 +#define ELEMCOUNT(x) (sizeof(x)/sizeof(x[0]))
1197 +struct ipt_sctp_flag_info {
1198 + u_int8_t chunktype;
1200 + u_int8_t flag_mask;
1203 +#define IPT_NUM_SCTP_FLAGS 4
1205 +struct ipt_sctp_info {
1206 + u_int16_t dpts[2]; /* Min, Max */
1207 + u_int16_t spts[2]; /* Min, Max */
1209 + u_int32_t chunkmap[256 / sizeof (u_int32_t)]; /* Bit mask of chunks to be matched according to RFC 2960 */
1211 +#define SCTP_CHUNK_MATCH_ANY 0x01 /* Match if any of the chunk types are present */
1212 +#define SCTP_CHUNK_MATCH_ALL 0x02 /* Match if all of the chunk types are present */
1213 +#define SCTP_CHUNK_MATCH_ONLY 0x04 /* Match if these are the only chunk types present */
1215 + u_int32_t chunk_match_type;
1216 + struct ipt_sctp_flag_info flag_info[IPT_NUM_SCTP_FLAGS];
1220 + u_int32_t invflags;
1223 +#define bytes(type) (sizeof(type) * 8)
1225 +#define SCTP_CHUNKMAP_SET(chunkmap, type) \
1227 + chunkmap[type / bytes(u_int32_t)] |= \
1228 + 1 << (type % bytes(u_int32_t)); \
1231 +#define SCTP_CHUNKMAP_CLEAR(chunkmap, type) \
1233 + chunkmap[type / bytes(u_int32_t)] &= \
1234 + ~(1 << (type % bytes(u_int32_t))); \
1237 +#define SCTP_CHUNKMAP_IS_SET(chunkmap, type) \
1239 + (chunkmap[type / bytes (u_int32_t)] & \
1240 + (1 << (type % bytes (u_int32_t)))) ? 1: 0; \
1243 +#define SCTP_CHUNKMAP_RESET(chunkmap) \
1246 + for (i = 0; i < ELEMCOUNT(chunkmap); i++) \
1247 + chunkmap[i] = 0; \
1250 +#define SCTP_CHUNKMAP_SET_ALL(chunkmap) \
1253 + for (i = 0; i < ELEMCOUNT(chunkmap); i++) \
1254 + chunkmap[i] = ~0; \
1257 +#define SCTP_CHUNKMAP_COPY(destmap, srcmap) \
1260 + for (i = 0; i < ELEMCOUNT(chunkmap); i++) \
1261 + destmap[i] = srcmap[i]; \
1264 +#define SCTP_CHUNKMAP_IS_CLEAR(chunkmap) \
1268 + for (i = 0; i < ELEMCOUNT(chunkmap); i++) { \
1269 + if (chunkmap[i]) { \
1277 +#define SCTP_CHUNKMAP_IS_ALL_SET(chunkmap) \
1281 + for (i = 0; i < ELEMCOUNT(chunkmap); i++) { \
1282 + if (chunkmap[i] != ~0) { \
1290 +#endif /* _IPT_SCTP_H_ */
1292 diff -uNr linux-libc-headers-2.6.5.1.orig/include/linux/netfilter_ipv4/ipt_state.h linux-libc-headers-2.6.5.1/include/linux/netfilter_ipv4/ipt_state.h
1293 --- linux-libc-headers-2.6.5.1.orig/include/linux/netfilter_ipv4/ipt_state.h 2004-03-05 16:36:39.000000000 +0100
1294 +++ linux-libc-headers-2.6.5.1/include/linux/netfilter_ipv4/ipt_state.h 2004-05-22 18:13:14.965054144 +0200
1296 #define IPT_STATE_BIT(ctinfo) (1 << ((ctinfo)%IP_CT_IS_REPLY+1))
1297 #define IPT_STATE_INVALID (1 << 0)
1299 +#define IPT_STATE_UNTRACKED (1 << (IP_CT_NUMBER + 1))
1301 struct ipt_state_info
1303 unsigned int statemask;
1304 diff -uNr linux-libc-headers-2.6.5.1.orig/include/linux/netfilter_ipv4/ipt_string.h linux-libc-headers-2.6.5.1/include/linux/netfilter_ipv4/ipt_string.h
1305 --- linux-libc-headers-2.6.5.1.orig/include/linux/netfilter_ipv4/ipt_string.h 1970-01-01 01:00:00.000000000 +0100
1306 +++ linux-libc-headers-2.6.5.1/include/linux/netfilter_ipv4/ipt_string.h 2004-05-22 18:13:14.966053992 +0200
1308 +#ifndef _IPT_STRING_H
1309 +#define _IPT_STRING_H
1311 +/* *** PERFORMANCE TWEAK ***
1312 + * Packet size and search string threshold,
1313 + * above which sublinear searches is used. */
1314 +#define IPT_STRING_HAYSTACK_THRESH 100
1315 +#define IPT_STRING_NEEDLE_THRESH 20
1317 +#define BM_MAX_NLEN 256
1318 +#define BM_MAX_HLEN 1024
1320 +typedef char *(*proc_ipt_search) (char *, char *, int, int);
1322 +struct ipt_string_info {
1323 + char string[BM_MAX_NLEN];
1328 +#endif /* _IPT_STRING_H */
1329 diff -uNr linux-libc-headers-2.6.5.1.orig/include/linux/netfilter_ipv4/ipt_TCPLAG.h linux-libc-headers-2.6.5.1/include/linux/netfilter_ipv4/ipt_TCPLAG.h
1330 --- linux-libc-headers-2.6.5.1.orig/include/linux/netfilter_ipv4/ipt_TCPLAG.h 1970-01-01 01:00:00.000000000 +0100
1331 +++ linux-libc-headers-2.6.5.1/include/linux/netfilter_ipv4/ipt_TCPLAG.h 2004-05-22 18:13:14.967053840 +0200
1333 +#ifndef _IPT_TCPLAG_H
1334 +#define _IPT_TCPLAG_H
1338 + unsigned char level;
1339 + unsigned char prefix[ 15 ];
1343 diff -uNr linux-libc-headers-2.6.5.1.orig/include/linux/netfilter_ipv4/ipt_time.h linux-libc-headers-2.6.5.1/include/linux/netfilter_ipv4/ipt_time.h
1344 --- linux-libc-headers-2.6.5.1.orig/include/linux/netfilter_ipv4/ipt_time.h 1970-01-01 01:00:00.000000000 +0100
1345 +++ linux-libc-headers-2.6.5.1/include/linux/netfilter_ipv4/ipt_time.h 2004-05-22 18:13:14.968053688 +0200
1347 +#ifndef __ipt_time_h_included__
1348 +#define __ipt_time_h_included__
1351 +struct ipt_time_info {
1352 + u_int8_t days_match; /* 1 bit per day. -SMTWTFS */
1353 + u_int16_t time_start; /* 0 < time_start < 23*60+59 = 1439 */
1354 + u_int16_t time_stop; /* 0:0 < time_stat < 23:59 */
1355 + u_int8_t kerneltime; /* ignore skb time (and use kerneltime) or not. */
1356 + time_t date_start;
1361 +#endif /* __ipt_time_h_included__ */
1362 diff -uNr linux-libc-headers-2.6.5.1.orig/include/linux/netfilter_ipv4/ipt_TTL.h linux-libc-headers-2.6.5.1/include/linux/netfilter_ipv4/ipt_TTL.h
1363 --- linux-libc-headers-2.6.5.1.orig/include/linux/netfilter_ipv4/ipt_TTL.h 1970-01-01 01:00:00.000000000 +0100
1364 +++ linux-libc-headers-2.6.5.1/include/linux/netfilter_ipv4/ipt_TTL.h 2004-05-22 18:13:14.968053688 +0200
1366 +/* TTL modification module for IP tables
1367 + * (C) 2000 by Harald Welte <laforge@gnumonks.org> */
1378 +#define IPT_TTL_MAXMODE IPT_TTL_DEC
1380 +struct ipt_TTL_info {
1387 diff -uNr linux-libc-headers-2.6.5.1.orig/include/linux/netfilter_ipv4/ipt_u32.h linux-libc-headers-2.6.5.1/include/linux/netfilter_ipv4/ipt_u32.h
1388 --- linux-libc-headers-2.6.5.1.orig/include/linux/netfilter_ipv4/ipt_u32.h 1970-01-01 01:00:00.000000000 +0100
1389 +++ linux-libc-headers-2.6.5.1/include/linux/netfilter_ipv4/ipt_u32.h 2004-05-22 18:13:14.969053536 +0200
1393 +#include <linux/netfilter_ipv4/ip_tables.h>
1403 +struct ipt_u32_location_element
1408 +struct ipt_u32_value_element
1413 +/* *** any way to allow for an arbitrary number of elements?
1414 + for now I settle for a limit of 10 of each */
1415 +#define U32MAXSIZE 10
1416 +struct ipt_u32_test
1419 + struct ipt_u32_location_element location[U32MAXSIZE+1];
1421 + struct ipt_u32_value_element value[U32MAXSIZE+1];
1427 + struct ipt_u32_test tests[U32MAXSIZE+1];
1430 +#endif /*_IPT_U32_H*/
1431 diff -uNr linux-libc-headers-2.6.5.1.orig/include/linux/netfilter_ipv4/ipt_ULOG.h linux-libc-headers-2.6.5.1/include/linux/netfilter_ipv4/ipt_ULOG.h
1432 --- linux-libc-headers-2.6.5.1.orig/include/linux/netfilter_ipv4/ipt_ULOG.h 2004-03-05 16:36:39.000000000 +0100
1433 +++ linux-libc-headers-2.6.5.1/include/linux/netfilter_ipv4/ipt_ULOG.h 2004-05-22 18:13:14.970053384 +0200
1435 #define NETLINK_NFLOG 5
1438 +#define ULOG_DEFAULT_NLGROUP 1
1439 +#define ULOG_DEFAULT_QTHRESHOLD 1
1441 #define ULOG_MAC_LEN 80
1442 #define ULOG_PREFIX_LEN 32
1444 diff -uNr linux-libc-headers-2.6.5.1.orig/include/linux/netfilter_ipv4/ipt_XOR.h linux-libc-headers-2.6.5.1/include/linux/netfilter_ipv4/ipt_XOR.h
1445 --- linux-libc-headers-2.6.5.1.orig/include/linux/netfilter_ipv4/ipt_XOR.h 1970-01-01 01:00:00.000000000 +0100
1446 +++ linux-libc-headers-2.6.5.1/include/linux/netfilter_ipv4/ipt_XOR.h 2004-05-22 18:13:14.970053384 +0200
1451 +struct ipt_XOR_info {
1453 + u_int8_t block_size;
1456 +#endif /* _IPT_XOR_H */
1457 diff -uNr linux-libc-headers-2.6.5.1.orig/include/linux/netfilter_ipv6/ip6_logging.h linux-libc-headers-2.6.5.1/include/linux/netfilter_ipv6/ip6_logging.h
1458 --- linux-libc-headers-2.6.5.1.orig/include/linux/netfilter_ipv6/ip6_logging.h 1970-01-01 01:00:00.000000000 +0100
1459 +++ linux-libc-headers-2.6.5.1/include/linux/netfilter_ipv6/ip6_logging.h 2004-05-22 18:13:14.971053232 +0200
1461 +/* IPv6 macros for the nternal logging interface. */
1462 +#ifndef __IP6_LOGGING_H
1463 +#define __IP6_LOGGING_H
1466 +#endif /*__IP6_LOGGING_H*/
1467 diff -uNr linux-libc-headers-2.6.5.1.orig/include/linux/netfilter_ipv6/ip6_tables.h linux-libc-headers-2.6.5.1/include/linux/netfilter_ipv6/ip6_tables.h
1468 --- linux-libc-headers-2.6.5.1.orig/include/linux/netfilter_ipv6/ip6_tables.h 2004-01-05 19:42:34.000000000 +0100
1469 +++ linux-libc-headers-2.6.5.1/include/linux/netfilter_ipv6/ip6_tables.h 2004-05-22 18:13:14.972053080 +0200
1470 @@ -133,6 +133,12 @@
1472 unsigned int comefrom;
1474 + /* Name of the chain */
1477 + /* Rule number in the chain. */
1478 + u_int32_t rulenum;
1480 /* Packet and byte counters. */
1481 struct ip6t_counters counters;
1483 diff -uNr linux-libc-headers-2.6.5.1.orig/include/linux/netfilter_ipv6/ip6t_fuzzy.h linux-libc-headers-2.6.5.1/include/linux/netfilter_ipv6/ip6t_fuzzy.h
1484 --- linux-libc-headers-2.6.5.1.orig/include/linux/netfilter_ipv6/ip6t_fuzzy.h 1970-01-01 01:00:00.000000000 +0100
1485 +++ linux-libc-headers-2.6.5.1/include/linux/netfilter_ipv6/ip6t_fuzzy.h 2004-05-22 18:13:14.973052928 +0200
1487 +#ifndef _IP6T_FUZZY_H
1488 +#define _IP6T_FUZZY_H
1490 +#include <linux/param.h>
1491 +#include <linux/types.h>
1493 +#define MAXFUZZYRATE 10000000
1494 +#define MINFUZZYRATE 3
1496 +struct ip6t_fuzzy_info {
1497 + u_int32_t minimum_rate;
1498 + u_int32_t maximum_rate;
1499 + u_int32_t packets_total;
1500 + u_int32_t bytes_total;
1501 + u_int32_t previous_time;
1502 + u_int32_t present_time;
1503 + u_int32_t mean_rate;
1504 + u_int8_t acceptance_rate;
1507 +#endif /*_IP6T_FUZZY_H*/
1508 diff -uNr linux-libc-headers-2.6.5.1.orig/include/linux/netfilter_ipv6/ip6t_HL.h linux-libc-headers-2.6.5.1/include/linux/netfilter_ipv6/ip6t_HL.h
1509 --- linux-libc-headers-2.6.5.1.orig/include/linux/netfilter_ipv6/ip6t_HL.h 1970-01-01 01:00:00.000000000 +0100
1510 +++ linux-libc-headers-2.6.5.1/include/linux/netfilter_ipv6/ip6t_HL.h 2004-05-22 18:13:14.998049128 +0200
1512 +/* Hop Limit modification module for ip6tables
1513 + * Maciej Soltysiak <solt@dns.toxicfilms.tv>
1514 + * Based on HW's TTL module */
1525 +#define IP6T_HL_MAXMODE IP6T_HL_DEC
1527 +struct ip6t_HL_info {
1529 + u_int8_t hop_limit;
1534 diff -uNr linux-libc-headers-2.6.5.1.orig/include/linux/netfilter_ipv6/ip6t_nth.h linux-libc-headers-2.6.5.1/include/linux/netfilter_ipv6/ip6t_nth.h
1535 --- linux-libc-headers-2.6.5.1.orig/include/linux/netfilter_ipv6/ip6t_nth.h 1970-01-01 01:00:00.000000000 +0100
1536 +++ linux-libc-headers-2.6.5.1/include/linux/netfilter_ipv6/ip6t_nth.h 2004-05-22 18:13:14.998049128 +0200
1538 +#ifndef _IP6T_NTH_H
1539 +#define _IP6T_NTH_H
1541 +#include <linux/param.h>
1542 +#include <linux/types.h>
1544 +#ifndef IP6T_NTH_NUM_COUNTERS
1545 +#define IP6T_NTH_NUM_COUNTERS 16
1548 +struct ip6t_nth_info {
1556 +#endif /*_IP6T_NTH_H*/
1557 diff -uNr linux-libc-headers-2.6.5.1.orig/include/linux/netfilter_ipv6/ip6t_owner.h linux-libc-headers-2.6.5.1/include/linux/netfilter_ipv6/ip6t_owner.h
1558 --- linux-libc-headers-2.6.5.1.orig/include/linux/netfilter_ipv6/ip6t_owner.h 2003-12-15 19:46:58.000000000 +0100
1559 +++ linux-libc-headers-2.6.5.1/include/linux/netfilter_ipv6/ip6t_owner.h 2004-05-22 18:13:14.999048976 +0200
1561 #define IP6T_OWNER_GID 0x02
1562 #define IP6T_OWNER_PID 0x04
1563 #define IP6T_OWNER_SID 0x08
1564 +#define IP6T_OWNER_COMM 0x10
1566 struct ip6t_owner_info {
1572 u_int8_t match, invert; /* flags */
1575 diff -uNr linux-libc-headers-2.6.5.1.orig/include/linux/netfilter_ipv6/ip6t_policy.h linux-libc-headers-2.6.5.1/include/linux/netfilter_ipv6/ip6t_policy.h
1576 --- linux-libc-headers-2.6.5.1.orig/include/linux/netfilter_ipv6/ip6t_policy.h 1970-01-01 01:00:00.000000000 +0100
1577 +++ linux-libc-headers-2.6.5.1/include/linux/netfilter_ipv6/ip6t_policy.h 2004-05-22 18:13:15.000048824 +0200
1579 +#ifndef _IP6T_POLICY_H
1580 +#define _IP6T_POLICY_H
1582 +#define POLICY_MAX_ELEM 4
1584 +enum ip6t_policy_flags
1586 + POLICY_MATCH_IN = 0x1,
1587 + POLICY_MATCH_OUT = 0x2,
1588 + POLICY_MATCH_NONE = 0x4,
1589 + POLICY_MATCH_STRICT = 0x8,
1592 +enum ip6t_policy_modes
1594 + POLICY_MODE_TRANSPORT,
1595 + POLICY_MODE_TUNNEL
1598 +struct ip6t_policy_spec
1608 +struct ip6t_policy_elem
1610 + struct in6_addr saddr;
1611 + struct in6_addr smask;
1612 + struct in6_addr daddr;
1613 + struct in6_addr dmask;
1619 + struct ip6t_policy_spec match;
1620 + struct ip6t_policy_spec invert;
1623 +struct ip6t_policy_info
1625 + struct ip6t_policy_elem pol[POLICY_MAX_ELEM];
1630 +#endif /* _IP6T_POLICY_H */
1631 diff -uNr linux-libc-headers-2.6.5.1.orig/include/linux/netfilter_ipv6/ip6t_random.h linux-libc-headers-2.6.5.1/include/linux/netfilter_ipv6/ip6t_random.h
1632 --- linux-libc-headers-2.6.5.1.orig/include/linux/netfilter_ipv6/ip6t_random.h 1970-01-01 01:00:00.000000000 +0100
1633 +++ linux-libc-headers-2.6.5.1/include/linux/netfilter_ipv6/ip6t_random.h 2004-05-22 18:13:15.001048672 +0200
1635 +#ifndef _IP6T_RAND_H
1636 +#define _IP6T_RAND_H
1638 +#include <linux/param.h>
1639 +#include <linux/types.h>
1641 +struct ip6t_rand_info {
1645 +#endif /*_IP6T_RAND_H*/
1646 diff -uNr linux-libc-headers-2.6.5.1.orig/include/linux/netfilter_ipv6/ip6t_REJECT.h linux-libc-headers-2.6.5.1/include/linux/netfilter_ipv6/ip6t_REJECT.h
1647 --- linux-libc-headers-2.6.5.1.orig/include/linux/netfilter_ipv6/ip6t_REJECT.h 2004-03-05 16:36:39.000000000 +0100
1648 +++ linux-libc-headers-2.6.5.1/include/linux/netfilter_ipv6/ip6t_REJECT.h 2004-05-22 18:13:15.001048672 +0200
1650 #define _IP6T_REJECT_H
1652 enum ip6t_reject_with {
1653 - IP6T_ICMP_NET_UNREACHABLE,
1654 - IP6T_ICMP_HOST_UNREACHABLE,
1655 - IP6T_ICMP_PROT_UNREACHABLE,
1656 - IP6T_ICMP_PORT_UNREACHABLE,
1657 - IP6T_ICMP_ECHOREPLY
1658 + IP6T_ICMP6_NO_ROUTE,
1659 + IP6T_ICMP6_ADM_PROHIBITED,
1660 + IP6T_ICMP6_NOT_NEIGHBOUR,
1661 + IP6T_ICMP6_ADDR_UNREACH,
1662 + IP6T_ICMP6_PORT_UNREACH,
1663 + IP6T_ICMP6_ECHOREPLY,
1667 struct ip6t_reject_info {
1668 enum ip6t_reject_with with; /* reject type */
1671 -#endif /*_IPT_REJECT_H*/
1672 +#endif /*_IP6T_REJECT_H*/
1673 diff -uNr linux-libc-headers-2.6.5.1.orig/include/linux/netfilter_ipv6/ip6t_ROUTE.h linux-libc-headers-2.6.5.1/include/linux/netfilter_ipv6/ip6t_ROUTE.h
1674 --- linux-libc-headers-2.6.5.1.orig/include/linux/netfilter_ipv6/ip6t_ROUTE.h 1970-01-01 01:00:00.000000000 +0100
1675 +++ linux-libc-headers-2.6.5.1/include/linux/netfilter_ipv6/ip6t_ROUTE.h 2004-05-22 18:13:15.002048520 +0200
1677 +/* Header file for iptables ip6t_ROUTE target
1679 + * (C) 2003 by Cédric de Launois <delaunois@info.ucl.ac.be>
1681 + * This software is distributed under GNU GPL v2, 1991
1683 +#ifndef _IPT_ROUTE_H_target
1684 +#define _IPT_ROUTE_H_target
1686 +#define IP6T_ROUTE_IFNAMSIZ 16
1688 +struct ip6t_route_target_info {
1689 + char oif[IP6T_ROUTE_IFNAMSIZ]; /* Output Interface Name */
1690 + char iif[IP6T_ROUTE_IFNAMSIZ]; /* Input Interface Name */
1691 + u_int32_t gw[4]; /* IPv6 address of gateway */
1695 +/* Values for "flags" field */
1696 +#define IP6T_ROUTE_CONTINUE 0x01
1698 +#endif /*_IP6T_ROUTE_H_target*/