- netfilter update (taken from kernel.spec:LINUX_2_6)kernel-desktop-2_6_22_10-0_8auto/ti/kernel-desktop-2_6_22_19-2auto/ti/kernel-desktop-2_6_22_18-2auto/ti/kernel-desktop-2_6_22_18-1auto/ti/kernel-desktop-2_6_22_17-3auto/ti/kernel-desktop-2_6_22_17-1auto/ti/kernel-desktop-2_6_22_16-4auto/ti/kernel-desktop-2_6_22_16-3auto/ti/kernel-desktop-2_6_22_16-2auto/ti/kernel-desktop-2_6_22_16-1auto/ti/kernel-desktop-2_6_22_15-3auto/ti/kernel-desktop-2_6_22_13-1auto/ti/kernel-desktop-2_6_22_12-1auto/th/kernel-desktop-2_6_22_6-0_6auto/th/kernel-desktop-2_6_22_19-3auto/th/kernel-desktop-2_6_22_19-2auto/th/kernel-desktop-2_6_22_18-2auto/th/kernel-desktop-2_6_22_18-1auto/th/kernel-desktop-2_6_22_17-3auto/th/kernel-desktop-2_6_22_17-2auto/th/kernel-desktop-2_6_22_17-1auto/th/kernel-desktop-2_6_22_16-3auto/th/kernel-desktop-2_6_22_16-2auto/th/kernel-desktop-2_6_22_16-1auto/th/kernel-desktop-2_6_22_15-3auto/th/kernel-desktop-2_6_22_15-2auto/th/kernel-desktop-2_6_22_14-1auto/th/kernel-desktop-2_6_22_13-1auto/th/kernel-desktop-2_6_22_12-1auto/ac/kernel-desktop-2_6_22_19-5auto/ac/kernel-desktop-2_6_22_19-4auto/ac/kernel-desktop-2_6_22_19-3auto/ac/kernel-desktop-2_6_22_19-1auto/ac/kernel-desktop-2_6_22_18-1auto/ac/kernel-desktop-2_6_22_16-1auto/ac/kernel-desktop-2_6_22_15-1LINUX_2_6_22

Changed files:
    kernel-desktop-pom-ng-IPMARK.patch -> 1.2
    kernel-desktop-pom-ng-IPV4OPTSSTRIP.patch -> 1.2
    kernel-desktop-pom-ng-ROUTE.patch -> 1.2
    kernel-desktop-pom-ng-TARPIT.patch -> 1.2
    kernel-desktop-pom-ng-connlimit.patch -> 1.2
    kernel-desktop-pom-ng-ipp2p.patch -> 1.2
    kernel-desktop-pom-ng-ipv4options.patch -> 1.2
    kernel-desktop-pom-ng-rpc.patch -> 1.2
    kernel-desktop-pom-ng-set.patch -> 1.2
    kernel-desktop-pom-ng-time.patch -> 1.2
    kernel-desktop-pom-ng-u32.patch -> 1.2

11 files changed, 1432 insertions, 1032 deletions

diff --git a/kernel-desktop-pom-ng-IPMARK.patch b/kernel-desktop-pom-ng-IPMARK.patch
index 7efffa5..d8839ad 100644
--- a/kernel-desktop-pom-ng-IPMARK.patch
+++ b/kernel-desktop-pom-ng-IPMARK.patch
@@ -1,12 +1,6 @@
- include/linux/netfilter_ipv4/ipt_IPMARK.h |   13 ++++
- net/ipv4/netfilter/Kconfig                |   18 ++++++
- net/ipv4/netfilter/Makefile               |    1 
- net/ipv4/netfilter/ipt_IPMARK.c           |   79 ++++++++++++++++++++++++++++++
- 4 files changed, 111 insertions(+)
-
-diff -Nur --exclude '*.orig' linux.org/include/linux/netfilter_ipv4/ipt_IPMARK.h linux/include/linux/netfilter_ipv4/ipt_IPMARK.h
---- linux.org/include/linux/netfilter_ipv4/ipt_IPMARK.h	1970-01-01 01:00:00.000000000 +0100
-+++ linux/include/linux/netfilter_ipv4/ipt_IPMARK.h	2006-05-04 11:19:22.000000000 +0200
+diff -NurpP --minimal linux-2.6.21.a/include/linux/netfilter_ipv4/ipt_IPMARK.h linux-2.6.21.b/include/linux/netfilter_ipv4/ipt_IPMARK.h
+--- linux-2.6.21.a/include/linux/netfilter_ipv4/ipt_IPMARK.h	1970-01-01 01:00:00.000000000 +0100
++++ linux-2.6.21.b/include/linux/netfilter_ipv4/ipt_IPMARK.h	2007-05-30 12:01:20.000000000 +0200
 @@ -0,0 +1,13 @@
 +#ifndef _IPT_IPMARK_H_target
 +#define _IPT_IPMARK_H_target
@@ -21,12 +15,12 @@ diff -Nur --exclude '*.orig' linux.org/include/linux/netfilter_ipv4/ipt_IPMARK.h
 +#define IPT_IPMARK_DST    1
 +
 +#endif /*_IPT_IPMARK_H_target*/
-diff -Nur --exclude '*.orig' linux.org/net/ipv4/netfilter/Kconfig linux/net/ipv4/netfilter/Kconfig
---- linux.org/net/ipv4/netfilter/Kconfig	2006-05-02 23:38:44.000000000 +0200
-+++ linux/net/ipv4/netfilter/Kconfig	2006-05-04 11:19:22.000000000 +0200
-@@ -606,5 +606,23 @@
- 	  Allows altering the ARP packet payload: source and destination
- 	  hardware and network addresses.
+diff -NurpP --minimal linux-2.6.21.a/net/ipv4/netfilter/Kconfig linux-2.6.21.b/net/ipv4/netfilter/Kconfig
+--- linux-2.6.21.a/net/ipv4/netfilter/Kconfig	2007-05-30 12:01:03.000000000 +0200
++++ linux-2.6.21.b/net/ipv4/netfilter/Kconfig	2007-05-30 12:01:20.000000000 +0200
+@@ -893,5 +893,23 @@ config IP_NF_RSH
+ 	  If you want to compile it as a module, say M here and read
+ 	  <file:Documentation/modules.txt>.  If unsure, say `N'.
  
 +config IP_NF_TARGET_IPMARK
 +	tristate  'IPMARK target support'
@@ -48,20 +42,27 @@ diff -Nur --exclude '*.orig' linux.org/net/ipv4/netfilter/Kconfig linux/net/ipv4
 +
  endmenu
  
-diff -Nur --exclude '*.orig' linux.org/net/ipv4/netfilter/Makefile linux/net/ipv4/netfilter/Makefile
---- linux.org/net/ipv4/netfilter/Makefile	2006-05-02 23:38:44.000000000 +0200
-+++ linux/net/ipv4/netfilter/Makefile	2006-05-04 11:19:22.000000000 +0200
-@@ -0,0 +0,1 @@
+diff -NurpP --minimal linux-2.6.21.a/net/ipv4/netfilter/Makefile linux-2.6.21.b/net/ipv4/netfilter/Makefile
+--- linux-2.6.21.a/net/ipv4/netfilter/Makefile	2007-05-30 12:01:03.000000000 +0200
++++ linux-2.6.21.b/net/ipv4/netfilter/Makefile	2007-05-30 12:01:21.000000000 +0200
+@@ -118,6 +118,7 @@ obj-$(CONFIG_IP_NF_TARGET_IPV4OPTSSTRIP)
+ obj-$(CONFIG_IP_NF_TARGET_ULOG) += ipt_ULOG.o
+ obj-$(CONFIG_IP_NF_TARGET_CLUSTERIP) += ipt_CLUSTERIP.o
+ obj-$(CONFIG_IP_NF_TARGET_TTL) += ipt_TTL.o
 +obj-$(CONFIG_IP_NF_TARGET_IPMARK) += ipt_IPMARK.o
-diff -Nur --exclude '*.orig' linux.org/net/ipv4/netfilter/ipt_IPMARK.c linux/net/ipv4/netfilter/ipt_IPMARK.c
---- linux.org/net/ipv4/netfilter/ipt_IPMARK.c	1970-01-01 01:00:00.000000000 +0100
-+++ linux/net/ipv4/netfilter/ipt_IPMARK.c	2006-05-04 11:19:22.000000000 +0200
-@@ -0,0 +1,79 @@
+ 
+ # generic ARP tables
+ obj-$(CONFIG_IP_NF_ARPTABLES) += arp_tables.o
+diff -NurpP --minimal linux-2.6.21.a/net/ipv4/netfilter/ipt_IPMARK.c linux-2.6.21.b/net/ipv4/netfilter/ipt_IPMARK.c
+--- linux-2.6.21.a/net/ipv4/netfilter/ipt_IPMARK.c	1970-01-01 01:00:00.000000000 +0100
++++ linux-2.6.21.b/net/ipv4/netfilter/ipt_IPMARK.c	2007-05-30 12:01:21.000000000 +0200
+@@ -0,0 +1,96 @@
 +#include <linux/module.h>
 +#include <linux/skbuff.h>
++#include <linux/version.h>
 +#include <linux/ip.h>
 +#include <net/checksum.h>
-+
++#include <linux/netfilter/x_tables.h>
 +#include <linux/netfilter_ipv4/ip_tables.h>
 +#include <linux/netfilter_ipv4/ipt_IPMARK.h>
 +
@@ -74,11 +75,14 @@ diff -Nur --exclude '*.orig' linux.org/net/ipv4/netfilter/ipt_IPMARK.c linux/net
 +       const struct net_device *in,
 +       const struct net_device *out,
 +       unsigned int hooknum,
-+       const void *targinfo,
-+       void *userinfo)
++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17)
++       const struct xt_target *target,
++#endif
++       const void *targinfo
++       )
 +{
 +	const struct ipt_ipmark_target_info *ipmarkinfo = targinfo;
-+	struct iphdr *iph = (*pskb)->nh.iph;
++	struct iphdr *iph = ip_hdr(*pskb);
 +	unsigned long mark;
 +
 +	if (ipmarkinfo->addr == IPT_IPMARK_SRC)
@@ -89,25 +93,35 @@ diff -Nur --exclude '*.orig' linux.org/net/ipv4/netfilter/ipt_IPMARK.c linux/net
 +	mark &= ipmarkinfo->andmask;
 +	mark |= ipmarkinfo->ormask;
 +	
-+	if ((*pskb)->nfmark != mark)
-+		(*pskb)->nfmark = mark;
++	if ((*pskb)->mark != mark)
++		(*pskb)->mark = mark;
 +
 +	return IPT_CONTINUE;
 +}
 +
 +static int
 +checkentry(const char *tablename,
++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,16)
++	   const void *e,
++#else
 +	   const struct ipt_entry *e,
++#endif
++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17)
++	   const struct xt_target *target,
++#endif
 +           void *targinfo,
-+           unsigned int targinfosize,
++           
 +           unsigned int hook_mask)
 +{
++
++#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17)
 +	if (targinfosize != IPT_ALIGN(sizeof(struct ipt_ipmark_target_info))) {
 +		printk(KERN_WARNING "IPMARK: targinfosize %u != %Zu\n",
 +		       targinfosize,
 +		       IPT_ALIGN(sizeof(struct ipt_ipmark_target_info)));
 +		return 0;
 +	}
++#endif
 +
 +	if (strcmp(tablename, "mangle") != 0) {
 +		printk(KERN_WARNING "IPMARK: can only be called from \"mangle\" table, not \"%s\"\n", tablename);
@@ -118,20 +132,23 @@ diff -Nur --exclude '*.orig' linux.org/net/ipv4/netfilter/ipt_IPMARK.c linux/net
 +}
 +
 +static struct ipt_target ipt_ipmark_reg = { 
-+	.name = "IPMARK",
-+	.target = target,
-+	.checkentry = checkentry,
-+	.me = THIS_MODULE
++	.name		= "IPMARK",
++	.target		= target,
++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17)
++	.targetsize	= sizeof(struct ipt_ipmark_target_info),
++#endif
++	.checkentry	= checkentry,
++	.me		= THIS_MODULE
 +};
 +
 +static int __init init(void)
 +{
-+	return ipt_register_target(&ipt_ipmark_reg);
++	return xt_register_target(&ipt_ipmark_reg);
 +}
 +
 +static void __exit fini(void)
 +{
-+	ipt_unregister_target(&ipt_ipmark_reg);
++	xt_unregister_target(&ipt_ipmark_reg);
 +}
 +
 +module_init(init);
diff --git a/kernel-desktop-pom-ng-IPV4OPTSSTRIP.patch b/kernel-desktop-pom-ng-IPV4OPTSSTRIP.patch
index 03052b6..92895ac 100644
--- a/kernel-desktop-pom-ng-IPV4OPTSSTRIP.patch
+++ b/kernel-desktop-pom-ng-IPV4OPTSSTRIP.patch
@@ -1,12 +1,7 @@
- Kconfig             |   10 +++++
- Makefile            |    1 
- ipt_IPV4OPTSSTRIP.c |   87 ++++++++++++++++++++++++++++++++++++++++++++++++++++
- 3 files changed, 98 insertions(+)
-
-diff -Nur --exclude '*.orig' linux.org/net/ipv4/netfilter/Kconfig linux/net/ipv4/netfilter/Kconfig
---- linux.org/net/ipv4/netfilter/Kconfig	2006-05-02 23:38:44.000000000 +0200
-+++ linux/net/ipv4/netfilter/Kconfig	2006-05-04 09:57:42.000000000 +0200
-@@ -606,5 +606,15 @@
+diff -NurpP --minimal linux-2.6.21.b/net/ipv4/netfilter/Kconfig linux-2.6.21.a/net/ipv4/netfilter/Kconfig
+--- linux-2.6.21.b/net/ipv4/netfilter/Kconfig	2007-05-30 11:11:52.000000000 +0200
++++ linux-2.6.21.a/net/ipv4/netfilter/Kconfig	2007-05-30 11:18:08.000000000 +0200
+@@ -668,5 +668,15 @@ config IP_NF_ARP_MANGLE
  	  Allows altering the ARP packet payload: source and destination
  	  hardware and network addresses.
  
@@ -22,14 +17,20 @@ diff -Nur --exclude '*.orig' linux.org/net/ipv4/netfilter/Kconfig linux/net/ipv4
 +
  endmenu
  
-diff -Nur --exclude '*.orig' linux.org/net/ipv4/netfilter/Makefile linux/net/ipv4/netfilter/Makefile
---- linux.org/net/ipv4/netfilter/Makefile	2006-05-02 23:38:44.000000000 +0200
-+++ linux/net/ipv4/netfilter/Makefile	2006-05-04 09:57:42.000000000 +0200
-@@ -0,0 +0,1 @@
+diff -NurpP --minimal linux-2.6.21.b/net/ipv4/netfilter/Makefile linux-2.6.21.a/net/ipv4/netfilter/Makefile
+--- linux-2.6.21.b/net/ipv4/netfilter/Makefile	2007-05-30 11:11:52.000000000 +0200
++++ linux-2.6.21.a/net/ipv4/netfilter/Makefile	2007-05-30 11:18:08.000000000 +0200
+@@ -103,6 +103,7 @@ obj-$(CONFIG_IP_NF_TARGET_NETMAP) += ipt
+ obj-$(CONFIG_IP_NF_TARGET_SAME) += ipt_SAME.o
+ obj-$(CONFIG_IP_NF_NAT_SNMP_BASIC) += ip_nat_snmp_basic.o
+ obj-$(CONFIG_IP_NF_TARGET_LOG) += ipt_LOG.o
 +obj-$(CONFIG_IP_NF_TARGET_IPV4OPTSSTRIP) += ipt_IPV4OPTSSTRIP.o
-diff -Nur --exclude '*.orig' linux.org/net/ipv4/netfilter/ipt_IPV4OPTSSTRIP.c linux/net/ipv4/netfilter/ipt_IPV4OPTSSTRIP.c
---- linux.org/net/ipv4/netfilter/ipt_IPV4OPTSSTRIP.c	1970-01-01 01:00:00.000000000 +0100
-+++ linux/net/ipv4/netfilter/ipt_IPV4OPTSSTRIP.c	2006-05-04 09:57:42.000000000 +0200
+ obj-$(CONFIG_IP_NF_TARGET_ULOG) += ipt_ULOG.o
+ obj-$(CONFIG_IP_NF_TARGET_CLUSTERIP) += ipt_CLUSTERIP.o
+ obj-$(CONFIG_IP_NF_TARGET_TTL) += ipt_TTL.o
+diff -NurpP --minimal linux-2.6.21.b/net/ipv4/netfilter/ipt_IPV4OPTSSTRIP.c linux-2.6.21.a/net/ipv4/netfilter/ipt_IPV4OPTSSTRIP.c
+--- linux-2.6.21.b/net/ipv4/netfilter/ipt_IPV4OPTSSTRIP.c	1970-01-01 01:00:00.000000000 +0100
++++ linux-2.6.21.a/net/ipv4/netfilter/ipt_IPV4OPTSSTRIP.c	2007-05-30 11:18:08.000000000 +0200
 @@ -0,0 +1,87 @@
 +/**
 + * Strip all IP options in the IP packet header.
@@ -42,7 +43,7 @@ diff -Nur --exclude '*.orig' linux.org/net/ipv4/netfilter/ipt_IPV4OPTSSTRIP.c li
 +#include <linux/skbuff.h>
 +#include <net/ip.h>
 +#include <net/checksum.h>
-+
++#include <linux/netfilter/x_tables.h>
 +#include <linux/netfilter_ipv4/ip_tables.h>
 +
 +MODULE_AUTHOR("Fabrice MARIE <fabrice@netfilter.org>");
@@ -54,8 +55,8 @@ diff -Nur --exclude '*.orig' linux.org/net/ipv4/netfilter/ipt_IPV4OPTSSTRIP.c li
 +       const struct net_device *in,
 +       const struct net_device *out,
 +       unsigned int hooknum,
-+       const void *targinfo,
-+       void *userinfo)
++       const struct xt_target *target,
++       const void *targinfo)
 +{
 +	struct iphdr *iph;
 +	struct sk_buff *skb;
@@ -67,8 +68,8 @@ diff -Nur --exclude '*.orig' linux.org/net/ipv4/netfilter/ipt_IPV4OPTSSTRIP.c li
 +		return NF_DROP;
 + 
 +	skb = (*pskb);
-+	iph = (*pskb)->nh.iph;
-+	optiph = skb->nh.raw;
++	iph = ip_hdr(*pskb);
++	optiph = skb->network_header;
 +	l = ((struct ip_options *)(&(IPCB(skb)->opt)))->optlen;
 +
 +	/* if no options in packet then nothing to clear. */
@@ -87,9 +88,9 @@ diff -Nur --exclude '*.orig' linux.org/net/ipv4/netfilter/ipt_IPV4OPTSSTRIP.c li
 +
 +static int
 +checkentry(const char *tablename,
-+	   const struct ipt_entry *e,
++	    const void *e,
++           const struct xt_target *target,
 +           void *targinfo,
-+           unsigned int targinfosize,
 +           unsigned int hook_mask)
 +{
 +	if (strcmp(tablename, "mangle")) {
@@ -108,12 +109,12 @@ diff -Nur --exclude '*.orig' linux.org/net/ipv4/netfilter/ipt_IPV4OPTSSTRIP.c li
 +
 +static int __init init(void)
 +{
-+	return ipt_register_target(&ipt_ipv4optsstrip_reg);
++	return xt_register_target(&ipt_ipv4optsstrip_reg);
 +}
 +
 +static void __exit fini(void)
 +{
-+	ipt_unregister_target(&ipt_ipv4optsstrip_reg);
++	xt_unregister_target(&ipt_ipv4optsstrip_reg);
 +}
 +
 +module_init(init);
diff --git a/kernel-desktop-pom-ng-ROUTE.patch b/kernel-desktop-pom-ng-ROUTE.patch
index ebe390f..f008f42 100644
--- a/kernel-desktop-pom-ng-ROUTE.patch
+++ b/kernel-desktop-pom-ng-ROUTE.patch
@@ -1,17 +1,6 @@
- include/linux/netfilter_ipv4/ipt_ROUTE.h  |   23 +
- include/linux/netfilter_ipv6/ip6t_ROUTE.h |   23 +
- net/ipv4/netfilter/Kconfig                |   17 +
- net/ipv4/netfilter/Makefile               |    1 
- net/ipv4/netfilter/ipt_ROUTE.c            |  464 ++++++++++++++++++++++++++++++
- net/ipv6/ipv6_syms.c                      |    1 
- net/ipv6/netfilter/Kconfig                |   13 
- net/ipv6/netfilter/Makefile               |    1 
- net/ipv6/netfilter/ip6t_ROUTE.c           |  308 +++++++++++++++++++
- 9 files changed, 851 insertions(+)
-
-diff -Nur --exclude '*.orig' linux.org/include/linux/netfilter_ipv4/ipt_ROUTE.h linux/include/linux/netfilter_ipv4/ipt_ROUTE.h
---- linux.org/include/linux/netfilter_ipv4/ipt_ROUTE.h	1970-01-01 01:00:00.000000000 +0100
-+++ linux/include/linux/netfilter_ipv4/ipt_ROUTE.h	2006-05-04 11:20:35.000000000 +0200
+diff -NurpP --minimal linux-2.6.21.a/include/linux/netfilter_ipv4/ipt_ROUTE.h linux-2.6.21.b/include/linux/netfilter_ipv4/ipt_ROUTE.h
+--- linux-2.6.21.a/include/linux/netfilter_ipv4/ipt_ROUTE.h	1970-01-01 01:00:00.000000000 +0100
++++ linux-2.6.21.b/include/linux/netfilter_ipv4/ipt_ROUTE.h	2007-05-30 11:40:37.000000000 +0200
 @@ -0,0 +1,23 @@
 +/* Header file for iptables ipt_ROUTE target
 + *
@@ -36,9 +25,9 @@ diff -Nur --exclude '*.orig' linux.org/include/linux/netfilter_ipv4/ipt_ROUTE.h
 +#define IPT_ROUTE_TEE             0x02
 +
 +#endif /*_IPT_ROUTE_H_target*/
-diff -Nur --exclude '*.orig' linux.org/include/linux/netfilter_ipv6/ip6t_ROUTE.h linux/include/linux/netfilter_ipv6/ip6t_ROUTE.h
---- linux.org/include/linux/netfilter_ipv6/ip6t_ROUTE.h	1970-01-01 01:00:00.000000000 +0100
-+++ linux/include/linux/netfilter_ipv6/ip6t_ROUTE.h	2006-05-04 11:20:35.000000000 +0200
+diff -NurpP --minimal linux-2.6.21.a/include/linux/netfilter_ipv6/ip6t_ROUTE.h linux-2.6.21.b/include/linux/netfilter_ipv6/ip6t_ROUTE.h
+--- linux-2.6.21.a/include/linux/netfilter_ipv6/ip6t_ROUTE.h	1970-01-01 01:00:00.000000000 +0100
++++ linux-2.6.21.b/include/linux/netfilter_ipv6/ip6t_ROUTE.h	2007-05-30 11:40:37.000000000 +0200
 @@ -0,0 +1,23 @@
 +/* Header file for iptables ip6t_ROUTE target
 + *
@@ -63,12 +52,12 @@ diff -Nur --exclude '*.orig' linux.org/include/linux/netfilter_ipv6/ip6t_ROUTE.h
 +#define IP6T_ROUTE_TEE             0x02
 +
 +#endif /*_IP6T_ROUTE_H_target*/
-diff -Nur --exclude '*.orig' linux.org/net/ipv4/netfilter/Kconfig linux/net/ipv4/netfilter/Kconfig
---- linux.org/net/ipv4/netfilter/Kconfig	2006-05-02 23:38:44.000000000 +0200
-+++ linux/net/ipv4/netfilter/Kconfig	2006-05-04 11:20:35.000000000 +0200
-@@ -606,5 +606,22 @@
- 	  Allows altering the ARP packet payload: source and destination
- 	  hardware and network addresses.
+diff -NurpP --minimal linux-2.6.21.a/net/ipv4/netfilter/Kconfig linux-2.6.21.b/net/ipv4/netfilter/Kconfig
+--- linux-2.6.21.a/net/ipv4/netfilter/Kconfig	2007-05-30 11:39:28.000000000 +0200
++++ linux-2.6.21.b/net/ipv4/netfilter/Kconfig	2007-05-30 11:40:37.000000000 +0200
+@@ -813,5 +813,22 @@ config IP_NF_MATCH_U32
+ 	
+ 	  Details and examples are in the kernel module source.
  
 +config IP_NF_TARGET_ROUTE
 +	tristate  'ROUTE target support'
@@ -89,15 +78,21 @@ diff -Nur --exclude '*.orig' linux.org/net/ipv4/netfilter/Kconfig linux/net/ipv4
 +
  endmenu
  
-diff -Nur --exclude '*.orig' linux.org/net/ipv4/netfilter/Makefile linux/net/ipv4/netfilter/Makefile
---- linux.org/net/ipv4/netfilter/Makefile	2006-05-02 23:38:44.000000000 +0200
-+++ linux/net/ipv4/netfilter/Makefile	2006-05-04 11:20:35.000000000 +0200
-@@ -0,0 +0,1 @@
+diff -NurpP --minimal linux-2.6.21.a/net/ipv4/netfilter/Makefile linux-2.6.21.b/net/ipv4/netfilter/Makefile
+--- linux-2.6.21.a/net/ipv4/netfilter/Makefile	2007-05-30 11:39:28.000000000 +0200
++++ linux-2.6.21.b/net/ipv4/netfilter/Makefile	2007-05-30 11:40:37.000000000 +0200
+@@ -104,6 +104,7 @@ obj-$(CONFIG_IP_NF_TARGET_ECN) += ipt_EC
+ obj-$(CONFIG_IP_NF_TARGET_IMQ) += ipt_IMQ.o
+ obj-$(CONFIG_IP_NF_TARGET_MASQUERADE) += ipt_MASQUERADE.o
+ obj-$(CONFIG_IP_NF_TARGET_REDIRECT) += ipt_REDIRECT.o
 +obj-$(CONFIG_IP_NF_TARGET_ROUTE) += ipt_ROUTE.o
-diff -Nur --exclude '*.orig' linux.org/net/ipv4/netfilter/ipt_ROUTE.c linux/net/ipv4/netfilter/ipt_ROUTE.c
---- linux.org/net/ipv4/netfilter/ipt_ROUTE.c	1970-01-01 01:00:00.000000000 +0100
-+++ linux/net/ipv4/netfilter/ipt_ROUTE.c	2006-05-04 11:20:35.000000000 +0200
-@@ -0,0 +1,464 @@
+ obj-$(CONFIG_IP_NF_TARGET_NETMAP) += ipt_NETMAP.o
+ obj-$(CONFIG_IP_NF_TARGET_SAME) += ipt_SAME.o
+ obj-$(CONFIG_IP_NF_NAT_SNMP_BASIC) += ip_nat_snmp_basic.o
+diff -NurpP --minimal linux-2.6.21.a/net/ipv4/netfilter/ipt_ROUTE.c linux-2.6.21.b/net/ipv4/netfilter/ipt_ROUTE.c
+--- linux-2.6.21.a/net/ipv4/netfilter/ipt_ROUTE.c	1970-01-01 01:00:00.000000000 +0100
++++ linux-2.6.21.b/net/ipv4/netfilter/ipt_ROUTE.c	2007-05-30 11:40:37.000000000 +0200
+@@ -0,0 +1,458 @@
 +/*
 + * This implements the ROUTE target, which enables you to setup unusual
 + * routes not supported by the standard kernel routing table.
@@ -112,8 +107,9 @@ diff -Nur --exclude '*.orig' linux.org/net/ipv4/netfilter/ipt_ROUTE.c linux/net/
 +#include <linux/module.h>
 +#include <linux/skbuff.h>
 +#include <linux/ip.h>
++#include <linux/netfilter/x_tables.h>
 +#include <linux/netfilter_ipv4/ip_tables.h>
-+#include <linux/netfilter_ipv4/ip_conntrack.h>
++#include <net/netfilter/nf_conntrack.h>
 +#include <linux/netfilter_ipv4/ipt_ROUTE.h>
 +#include <linux/netdevice.h>
 +#include <linux/route.h>
@@ -156,7 +152,7 @@ diff -Nur --exclude '*.orig' linux.org/net/ipv4/netfilter/ipt_ROUTE.c linux/net/
 +{
 +	int err;
 +	struct rtable *rt;
-+	struct iphdr *iph = skb->nh.iph;
++	struct iphdr *iph = ip_hdr(skb);
 +	struct flowi fl = {
 +		.oif = ifindex,
 +		.nl_u = {
@@ -234,14 +230,7 @@ diff -Nur --exclude '*.orig' linux.org/net/ipv4/netfilter/ipt_ROUTE.c linux/net/
 +	}
 +
 +	if (hh) {
-+		int hh_alen;
-+
-+		read_lock_bh(&hh->hh_lock);
-+		hh_alen = HH_DATA_ALIGN(hh->hh_len);
-+  		memcpy(skb->data - hh_alen, hh->hh_data, hh_alen);
-+		read_unlock_bh(&hh->hh_lock);
-+		skb_push(skb, hh->hh_len);
-+		hh->hh_output(skb);
++		neigh_hh_output(dst->hh, skb);
 +	} else if (dst->neighbour)
 +		dst->neighbour->output(skb);
 +	else {
@@ -374,14 +363,15 @@ diff -Nur --exclude '*.orig' linux.org/net/ipv4/netfilter/ipt_ROUTE.c linux/net/
 + * routing packets when we see they already have that ->nfct.
 + */
 +
-+static struct ip_conntrack route_tee_track;
++static struct nf_conn route_tee_track;
 +
 +static unsigned int ipt_route_target(struct sk_buff **pskb,
 +				     const struct net_device *in,
 +				     const struct net_device *out,
 +				     unsigned int hooknum,
-+				     const void *targinfo,
-+				     void *userinfo)
++				     const struct xt_target *target,
++				     const void *targinfo
++				     )
 +{
 +	const struct ipt_route_target_info *route_info = targinfo;
 +	struct sk_buff *skb = *pskb;
@@ -402,7 +392,7 @@ diff -Nur --exclude '*.orig' linux.org/net/ipv4/netfilter/ipt_ROUTE.c linux/net/
 +	if (hooknum == NF_IP_PRE_ROUTING ||
 +	    hooknum == NF_IP_LOCAL_IN) {
 +
-+		struct iphdr *iph = skb->nh.iph;
++		struct iphdr *iph = ip_hdr(skb);
 +
 +		if (iph->ttl <= 1) {
 +			struct rtable *rt;
@@ -478,9 +468,6 @@ diff -Nur --exclude '*.orig' linux.org/net/ipv4/netfilter/ipt_ROUTE.c linux/net/
 +		skb->nfct = &route_tee_track.ct_general;
 +		skb->nfctinfo = IP_CT_NEW;
 +		nf_conntrack_get(skb->nfct);
-+#ifdef CONFIG_NETFILTER_DEBUG
-+		skb->nf_debug = 0;
-+#endif
 +	}
 +
 +	if (route_info->oif[0] != '\0') {
@@ -504,8 +491,9 @@ diff -Nur --exclude '*.orig' linux.org/net/ipv4/netfilter/ipt_ROUTE.c linux/net/
 +
 +static int ipt_route_checkentry(const char *tablename,
 +				const void *e,
++				const struct xt_target *target,
 +				void *targinfo,
-+				unsigned int targinfosize,
++				
 +				unsigned int hook_mask)
 +{
 +	if (strcmp(tablename, "mangle") != 0) {
@@ -523,12 +511,12 @@ diff -Nur --exclude '*.orig' linux.org/net/ipv4/netfilter/ipt_ROUTE.c linux/net/
 +		return 0;
 +	}
 +
-+	if (targinfosize != IPT_ALIGN(sizeof(struct ipt_route_target_info))) {
-+		printk(KERN_WARNING "ipt_ROUTE: targinfosize %u != %Zu\n",
-+		       targinfosize,
-+		       IPT_ALIGN(sizeof(struct ipt_route_target_info)));
-+		return 0;
-+	}
++	
++
++
++
++	
++	
 +
 +	return 1;
 +}
@@ -537,6 +525,7 @@ diff -Nur --exclude '*.orig' linux.org/net/ipv4/netfilter/ipt_ROUTE.c linux/net/
 +static struct ipt_target ipt_route_reg = { 
 +	.name = "ROUTE",
 +	.target = ipt_route_target,
++	.targetsize = sizeof(struct ipt_route_target_info),
 +	.checkentry = ipt_route_checkentry,
 +	.me = THIS_MODULE,
 +};
@@ -551,37 +540,26 @@ diff -Nur --exclude '*.orig' linux.org/net/ipv4/netfilter/ipt_ROUTE.c linux/net/
 +	/* Initialize fake conntrack so that NAT will skip it */
 +	route_tee_track.status |= IPS_NAT_DONE_MASK;
 +
-+	return ipt_register_target(&ipt_route_reg);
++	return xt_register_target(&ipt_route_reg);
 +}
 +
 +
 +static void __exit fini(void)
 +{
-+	ipt_unregister_target(&ipt_route_reg);
++	xt_unregister_target(&ipt_route_reg);
 +}
 +
 +module_init(init);
 +module_exit(fini);
-diff -Nur --exclude '*.orig' linux.org/net/ipv6/ipv6_syms.c linux/net/ipv6/ipv6_syms.c
---- linux.org/net/ipv6/ipv6_syms.c	2006-05-02 23:38:44.000000000 +0200
-+++ linux/net/ipv6/ipv6_syms.c	2006-05-04 11:20:35.000000000 +0200
-@@ -12,6 +12,7 @@
- EXPORT_SYMBOL(icmpv6_statistics);
- EXPORT_SYMBOL(icmpv6_err_convert);
- EXPORT_SYMBOL(ndisc_mc_map);
-+EXPORT_SYMBOL(nd_tbl);
- EXPORT_SYMBOL(register_inet6addr_notifier);
- EXPORT_SYMBOL(unregister_inet6addr_notifier);
- EXPORT_SYMBOL(ip6_route_output);
-diff -Nur --exclude '*.orig' linux.org/net/ipv6/netfilter/Kconfig linux/net/ipv6/netfilter/Kconfig
---- linux.org/net/ipv6/netfilter/Kconfig	2006-05-02 23:38:44.000000000 +0200
-+++ linux/net/ipv6/netfilter/Kconfig	2006-05-04 11:20:35.000000000 +0200
-@@ -210,5 +210,18 @@
+diff -NurpP --minimal linux-2.6.21.a/net/ipv6/netfilter/Kconfig linux-2.6.21.b/net/ipv6/netfilter/Kconfig
+--- linux-2.6.21.a/net/ipv6/netfilter/Kconfig	2007-05-30 11:13:04.000000000 +0200
++++ linux-2.6.21.b/net/ipv6/netfilter/Kconfig	2007-05-30 11:40:37.000000000 +0200
+@@ -209,5 +209,18 @@ config IP6_NF_RAW
  	  If you want to compile it as a module, say M here and read
  	  <file:Documentation/modules.txt>.  If unsure, say `N'.
  
 +config IP6_NF_TARGET_ROUTE
-+	tristate '    ROUTE target support'
++	tristate 'ROUTE target support'
 +	depends on IP6_NF_MANGLE
 +	help
 +	  This option adds a `ROUTE' target, which enables you to setup unusual
@@ -595,14 +573,20 @@ diff -Nur --exclude '*.orig' linux.org/net/ipv6/netfilter/Kconfig linux/net/ipv6
 +
  endmenu
  
-diff -Nur --exclude '*.orig' linux.org/net/ipv6/netfilter/Makefile linux/net/ipv6/netfilter/Makefile
---- linux.org/net/ipv6/netfilter/Makefile	2006-05-02 23:38:44.000000000 +0200
-+++ linux/net/ipv6/netfilter/Makefile	2006-05-04 11:20:35.000000000 +0200
-@@ -0,0 +0,1 @@
+diff -NurpP --minimal linux-2.6.21.a/net/ipv6/netfilter/Makefile linux-2.6.21.b/net/ipv6/netfilter/Makefile
+--- linux-2.6.21.a/net/ipv6/netfilter/Makefile	2007-05-30 11:13:04.000000000 +0200
++++ linux-2.6.21.b/net/ipv6/netfilter/Makefile	2007-05-30 11:40:37.000000000 +0200
+@@ -21,6 +21,7 @@ obj-$(CONFIG_IP6_NF_RAW) += ip6table_raw
+ obj-$(CONFIG_IP6_NF_MATCH_HL) += ip6t_hl.o
+ obj-$(CONFIG_IP6_NF_TARGET_REJECT) += ip6t_REJECT.o
+ obj-$(CONFIG_IP6_NF_MATCH_MH) += ip6t_mh.o
 +obj-$(CONFIG_IP6_NF_TARGET_ROUTE) += ip6t_ROUTE.o
-diff -Nur --exclude '*.orig' linux.org/net/ipv6/netfilter/ip6t_ROUTE.c linux/net/ipv6/netfilter/ip6t_ROUTE.c
---- linux.org/net/ipv6/netfilter/ip6t_ROUTE.c	1970-01-01 01:00:00.000000000 +0100
-+++ linux/net/ipv6/netfilter/ip6t_ROUTE.c	2006-05-04 11:20:35.000000000 +0200
+ 
+ # objects for l3 independent conntrack
+ nf_conntrack_ipv6-objs  :=  nf_conntrack_l3proto_ipv6.o nf_conntrack_proto_icmpv6.o nf_conntrack_reasm.o
+diff -NurpP --minimal linux-2.6.21.a/net/ipv6/netfilter/ip6t_ROUTE.c linux-2.6.21.b/net/ipv6/netfilter/ip6t_ROUTE.c
+--- linux-2.6.21.a/net/ipv6/netfilter/ip6t_ROUTE.c	1970-01-01 01:00:00.000000000 +0100
++++ linux-2.6.21.b/net/ipv6/netfilter/ip6t_ROUTE.c	2007-05-30 11:40:37.000000000 +0200
 @@ -0,0 +1,308 @@
 +/*
 + * This implements the ROUTE v6 target, which enables you to setup unusual
@@ -618,6 +602,7 @@ diff -Nur --exclude '*.orig' linux.org/net/ipv6/netfilter/ip6t_ROUTE.c linux/net
 +#include <linux/module.h>
 +#include <linux/skbuff.h>
 +#include <linux/ipv6.h>
++#include <linux/netfilter/x_tables.h>
 +#include <linux/netfilter_ipv6/ip6_tables.h>
 +#include <linux/netfilter_ipv6/ip6t_ROUTE.h>
 +#include <linux/netdevice.h>
@@ -664,7 +649,7 @@ diff -Nur --exclude '*.orig' linux.org/net/ipv6/netfilter/ip6t_ROUTE.c linux/net
 +       const struct ip6t_route_target_info *route_info)
 +{
 +	struct rt6_info *rt = NULL;
-+	struct ipv6hdr *ipv6h = skb->nh.ipv6h;
++	struct ipv6hdr *ipv6h = ipv6_hdr(skb);
 +	struct in6_addr *gw = (struct in6_addr*)&route_info->gw;
 +
 +	DEBUGP("ip6t_ROUTE: called with: ");
@@ -727,11 +712,7 @@ diff -Nur --exclude '*.orig' linux.org/net/ipv6/netfilter/ip6t_ROUTE.c linux/net
 +	struct hh_cache *hh = dst->hh;
 +
 +	if (hh) {
-+		read_lock_bh(&hh->hh_lock);
-+		memcpy(skb->data - 16, hh->hh_data, 16);
-+		read_unlock_bh(&hh->hh_lock);
-+		skb_push(skb, hh->hh_len);
-+		hh->hh_output(skb);
++		neigh_hh_output(dst->hh, skb);
 +	} else if (dst->neighbour)
 +		dst->neighbour->output(skb);
 +	else {
@@ -798,8 +779,9 @@ diff -Nur --exclude '*.orig' linux.org/net/ipv6/netfilter/ip6t_ROUTE.c linux/net
 +		  const struct net_device *in,
 +		  const struct net_device *out,
 +		  unsigned int hooknum,
-+		  const void *targinfo,
-+		  void *userinfo)
++		  const struct xt_target *target,
++		  const void *targinfo
++		  )
 +{
 +	const struct ip6t_route_target_info *route_info = targinfo;
 +	struct sk_buff *skb = *pskb;
@@ -815,7 +797,7 @@ diff -Nur --exclude '*.orig' linux.org/net/ipv6/netfilter/ip6t_ROUTE.c linux/net
 +	if (hooknum == NF_IP6_PRE_ROUTING ||
 +	    hooknum == NF_IP6_LOCAL_IN) {
 +
-+		struct ipv6hdr *ipv6h = skb->nh.ipv6h;
++		struct ipv6hdr *ipv6h = ipv6_hdr(skb);
 +
 +		if (ipv6h->hop_limit <= 1) {
 +			/* Force OUTPUT device used as source address */
@@ -865,9 +847,10 @@ diff -Nur --exclude '*.orig' linux.org/net/ipv6/netfilter/ip6t_ROUTE.c linux/net
 +
 +static int 
 +ip6t_route_checkentry(const char *tablename,
-+		      const struct ip6t_entry *e,
++		      const void *entry,
++		      const struct xt_target *target,
 +		      void *targinfo,
-+		      unsigned int targinfosize,
++		      
 +		      unsigned int hook_mask)
 +{
 +	if (strcmp(tablename, "mangle") != 0) {
@@ -875,12 +858,12 @@ diff -Nur --exclude '*.orig' linux.org/net/ipv6/netfilter/ip6t_ROUTE.c linux/net
 +		return 0;
 +	}
 +
-+	if (targinfosize != IP6T_ALIGN(sizeof(struct ip6t_route_target_info))) {
++	/* if (targinfosize != IP6T_ALIGN(sizeof(struct ip6t_route_target_info))) {
 +		printk(KERN_WARNING "ip6t_ROUTE: targinfosize %u != %Zu\n",
 +		       targinfosize,
 +		       IP6T_ALIGN(sizeof(struct ip6t_route_target_info)));
 +		return 0;
-+	}
++	} */
 +
 +	return 1;
 +}
@@ -889,6 +872,7 @@ diff -Nur --exclude '*.orig' linux.org/net/ipv6/netfilter/ip6t_ROUTE.c linux/net
 +static struct ip6t_target ip6t_route_reg = {
 +	.name       = "ROUTE",
 +	.target     = ip6t_route_target,
++	.targetsize = sizeof(struct ip6t_route_target_info),
 +	.checkentry = ip6t_route_checkentry,
 +	.me         = THIS_MODULE
 +};
@@ -897,7 +881,7 @@ diff -Nur --exclude '*.orig' linux.org/net/ipv6/netfilter/ip6t_ROUTE.c linux/net
 +static int __init init(void)
 +{
 +	printk(KERN_DEBUG "registering ipv6 ROUTE target\n");
-+	if (ip6t_register_target(&ip6t_route_reg))
++	if (xt_register_target(&ip6t_route_reg))
 +		return -EINVAL;
 +
 +	return 0;
@@ -906,9 +890,20 @@ diff -Nur --exclude '*.orig' linux.org/net/ipv6/netfilter/ip6t_ROUTE.c linux/net
 +
 +static void __exit fini(void)
 +{
-+	ip6t_unregister_target(&ip6t_route_reg);
++	xt_unregister_target(&ip6t_route_reg);
 +}
 +
 +module_init(init);
 +module_exit(fini);
 +MODULE_LICENSE("GPL");
+--- a/net/ipv6/ndisc.c	2007-07-09 01:32:17.000000000 +0200
++++ b/net/ipv6/ndisc.c	2007-08-02 13:23:26.000000000 +0200
+@@ -154,6 +154,8 @@ struct neigh_table nd_tbl = {
+ 	.gc_thresh3 =	1024,
+ };
+ 
++EXPORT_SYMBOL(nd_tbl);
++
+ /* ND options */
+ struct ndisc_options {
+ 	struct nd_opt_hdr *nd_opt_array[__ND_OPT_ARRAY_MAX];
diff --git a/kernel-desktop-pom-ng-TARPIT.patch b/kernel-desktop-pom-ng-TARPIT.patch
index 174fd35..5438476 100644
--- a/kernel-desktop-pom-ng-TARPIT.patch
+++ b/kernel-desktop-pom-ng-TARPIT.patch
@@ -1,43 +1,7 @@
- Kconfig      |   17 +++
- Makefile     |    1 
- ipt_TARPIT.c |  296 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
- 3 files changed, 314 insertions(+)
-
-diff -Nur --exclude '*.orig' linux.org/net/ipv4/netfilter/Kconfig linux/net/ipv4/netfilter/Kconfig
---- linux.org/net/ipv4/netfilter/Kconfig	2006-05-02 23:38:44.000000000 +0200
-+++ linux/net/ipv4/netfilter/Kconfig	2006-05-04 11:21:59.000000000 +0200
-@@ -606,5 +606,22 @@
- 	  Allows altering the ARP packet payload: source and destination
- 	  hardware and network addresses.
- 
-+config IP_NF_TARGET_TARPIT
-+	tristate 'TARPIT target support'
-+	depends on IP_NF_FILTER
-+	help
-+	  Adds a TARPIT target to iptables, which captures and holds
-+	  incoming TCP connections using no local per-connection resources.
-+	  Connections are accepted, but immediately switched to the persist
-+	  state (0 byte window), in which the remote side stops sending data
-+	  and asks to continue every 60-240 seconds.  Attempts to close the
-+	  connection are ignored, forcing the remote side to time out the
-+	  connection in 12-24 minutes.
-+	
-+	  This offers similar functionality to LaBrea
-+	  <http://www.hackbusters.net/LaBrea/> but doesn't require dedicated
-+	  hardware or IPs.  Any TCP port that you would normally DROP or REJECT
-+	  can instead become a tarpit.
-+
- endmenu
- 
-diff -Nur --exclude '*.orig' linux.org/net/ipv4/netfilter/Makefile linux/net/ipv4/netfilter/Makefile
---- linux.org/net/ipv4/netfilter/Makefile	2006-05-02 23:38:44.000000000 +0200
-+++ linux/net/ipv4/netfilter/Makefile	2006-05-04 11:21:59.000000000 +0200
-@@ -0,0 +0,1 @@
-+obj-$(CONFIG_IP_NF_TARGET_TARPIT) += ipt_TARPIT.o
-diff -Nur --exclude '*.orig' linux.org/net/ipv4/netfilter/ipt_TARPIT.c linux/net/ipv4/netfilter/ipt_TARPIT.c
---- linux.org/net/ipv4/netfilter/ipt_TARPIT.c	1970-01-01 01:00:00.000000000 +0100
-+++ linux/net/ipv4/netfilter/ipt_TARPIT.c	2006-05-04 11:21:59.000000000 +0200
-@@ -0,0 +1,296 @@
+diff -Nru linux-2.6.22/net/ipv4/netfilter/ipt_TARPIT.c linux-2.6.22-pom2patch/net/ipv4/netfilter/ipt_TARPIT.c
+--- linux-2.6.22/net/ipv4/netfilter/ipt_TARPIT.c	1970-01-01 01:00:00.000000000 +0100
++++ linux-2.6.22-pom2patch/net/ipv4/netfilter/ipt_TARPIT.c	2007-08-07 18:38:14.000000000 +0200
+@@ -0,0 +1,291 @@
 +/*
 + * Kernel module to capture and hold incoming TCP connections using
 + * no local per-connection resources.
@@ -75,7 +39,6 @@ diff -Nur --exclude '*.orig' linux.org/net/ipv4/netfilter/ipt_TARPIT.c linux/net
 + * - Reply to TCP !SYN,!RST,!FIN with ACK, window 0 bytes, rate-limited
 + */
 +
-+#include <linux/confi