-diff -ruN linux-2.6.19.1.orig/include/linux/netfilter/xt_CHAOS.h linux-2.6.19.1/include/linux/netfilter/xt_CHAOS.h
---- linux-2.6.19.1.orig/include/linux/netfilter/xt_CHAOS.h 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.19.1/include/linux/netfilter/xt_CHAOS.h 2007-01-11 13:28:07.656144799 +0100
+diff -Nur linux-2.6.21.1/include/linux/netfilter/oot_conntrack.h linux-2.6.21.1-owrt/include/linux/netfilter/oot_conntrack.h
+--- linux-2.6.21.1/include/linux/netfilter/oot_conntrack.h 1970-01-01 01:00:00.000000000 +0100
++++ linux-2.6.21.1-owrt/include/linux/netfilter/oot_conntrack.h 2007-05-14 14:18:54.000000000 +0200
+@@ -0,0 +1,5 @@
++#if defined(CONFIG_IP_NF_CONNTRACK) || defined(CONFIG_IP_NF_CONNTRACK_MODULE)
++# include <linux/netfilter_ipv4/ip_conntrack.h>
++#else /* linux-2.6.20+ */
++# include <net/netfilter/nf_nat_rule.h>
++#endif
+diff -Nur linux-2.6.21.1/include/linux/netfilter/oot_trans.h linux-2.6.21.1-owrt/include/linux/netfilter/oot_trans.h
+--- linux-2.6.21.1/include/linux/netfilter/oot_trans.h 1970-01-01 01:00:00.000000000 +0100
++++ linux-2.6.21.1-owrt/include/linux/netfilter/oot_trans.h 2007-05-14 14:18:54.000000000 +0200
+@@ -0,0 +1,14 @@
++/* Out of tree workarounds */
++#include <linux/version.h>
++#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 18)
++# define HAVE_MATCHINFOSIZE 1
++# define HAVE_TARGUSERINFO 1
++# define HAVE_TARGINFOSIZE 1
++#endif
++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 20)
++# define nfmark mark
++#endif
++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 21)
++# define tcp_v4_check(tcph, tcph_sz, s, d, csp) \
++ tcp_v4_check((tcph_sz), (s), (d), (csp))
++#endif
+diff -Nur linux-2.6.21.1/include/linux/netfilter/xt_CHAOS.h linux-2.6.21.1-owrt/include/linux/netfilter/xt_CHAOS.h
+--- linux-2.6.21.1/include/linux/netfilter/xt_CHAOS.h 1970-01-01 01:00:00.000000000 +0100
++++ linux-2.6.21.1-owrt/include/linux/netfilter/xt_CHAOS.h 2007-05-14 14:18:54.000000000 +0200
@@ -0,0 +1,14 @@
+#ifndef _LINUX_XT_CHAOS_H
+#define _LINUX_XT_CHAOS_H 1
+};
+
+#endif /* _LINUX_XT_CHAOS_H */
-diff -ruN linux-2.6.19.1.orig/include/linux/netfilter/xt_portscan.h linux-2.6.19.1/include/linux/netfilter/xt_portscan.h
---- linux-2.6.19.1.orig/include/linux/netfilter/xt_portscan.h 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.19.1/include/linux/netfilter/xt_portscan.h 2007-01-11 13:28:07.656144799 +0100
+diff -Nur linux-2.6.21.1/include/linux/netfilter/xt_portscan.h linux-2.6.21.1-owrt/include/linux/netfilter/xt_portscan.h
+--- linux-2.6.21.1/include/linux/netfilter/xt_portscan.h 1970-01-01 01:00:00.000000000 +0100
++++ linux-2.6.21.1-owrt/include/linux/netfilter/xt_portscan.h 2007-05-14 14:18:54.000000000 +0200
@@ -0,0 +1,8 @@
+#ifndef _LINUX_XT_PORTSCAN_H
+#define _LINUX_XT_PORTSCAN_H 1
+};
+
+#endif /* _LINUX_XT_PORTSCAN_H */
-diff -ruN linux-2.6.19.1.orig/net/netfilter/find_match.c linux-2.6.19.1/net/netfilter/find_match.c
---- linux-2.6.19.1.orig/net/netfilter/find_match.c 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.19.1/net/netfilter/find_match.c 2007-01-11 13:28:12.191994379 +0100
-@@ -0,0 +1,37 @@
+diff -Nur linux-2.6.21.1/net/netfilter/find_match.c linux-2.6.21.1-owrt/net/netfilter/find_match.c
+--- linux-2.6.21.1/net/netfilter/find_match.c 1970-01-01 01:00:00.000000000 +0100
++++ linux-2.6.21.1-owrt/net/netfilter/find_match.c 2007-05-14 14:18:54.000000000 +0200
+@@ -0,0 +1,39 @@
+/*
+ xt_request_find_match
+ by Jan Engelhardt <jengelh [at] gmx de>, 2006 - 2007
+ it under the terms of the GNU General Public License version 2 as
+ published by the Free Software Foundation.
+*/
-+
+#include <linux/err.h>
+#include <linux/netfilter_arp.h>
+#include <linux/socket.h>
+ * Yeah this code is sub-optimal, but the function is missing in
+ * mainline so far. -jengelh
+ */
-+static struct xt_match *xt_request_find_match(int af, const char *name,
++static struct xt_match *xt_request_find_match_lo(int af, const char *name,
+ u8 revision)
+{
+ static const char *const xt_prefix[] = {
+
+ return match;
+}
-diff -ruN linux-2.6.19.1.orig/net/netfilter/Kconfig linux-2.6.19.1/net/netfilter/Kconfig
---- linux-2.6.19.1.orig/net/netfilter/Kconfig 2007-01-11 13:27:24.445577700 +0100
-+++ linux-2.6.19.1/net/netfilter/Kconfig 2007-01-11 13:28:09.092097179 +0100
-@@ -122,6 +122,14 @@
++
++/* In case it goes into mainline, let this out-of-tree package compile */
++#define xt_request_find_match xt_request_find_match_lo
+diff -Nur linux-2.6.21.1/net/netfilter/Kconfig linux-2.6.21.1-owrt/net/netfilter/Kconfig
+--- linux-2.6.21.1/net/netfilter/Kconfig 2007-04-27 23:49:26.000000000 +0200
++++ linux-2.6.21.1-owrt/net/netfilter/Kconfig 2007-05-14 14:30:47.000000000 +0200
+@@ -287,6 +287,14 @@
# alphabetically ordered list of targets
config NETFILTER_XT_TARGET_CLASSIFY
tristate '"CLASSIFY" target support'
depends on NETFILTER_XTABLES
-@@ -148,6 +156,14 @@
+@@ -315,6 +323,14 @@
<file:Documentation/modules.txt>. The module will be called
ipt_CONNMARK.o. If unsure, say `N'.
config NETFILTER_XT_TARGET_DSCP
tristate '"DSCP" target support'
depends on NETFILTER_XTABLES
-@@ -355,6 +371,14 @@
+@@ -563,6 +579,14 @@
To compile it as a module, choose M here. If unsure, say N.
config NETFILTER_XT_MATCH_MULTIPORT
tristate "Multiple port match support"
depends on NETFILTER_XTABLES
-diff -ruN linux-2.6.19.1.orig/net/netfilter/Makefile linux-2.6.19.1/net/netfilter/Makefile
---- linux-2.6.19.1.orig/net/netfilter/Makefile 2007-01-11 13:27:24.445577700 +0100
-+++ linux-2.6.19.1/net/netfilter/Makefile 2007-01-11 13:28:07.656144799 +0100
-@@ -23,8 +23,10 @@
+diff -Nur linux-2.6.21.1/net/netfilter/Makefile linux-2.6.21.1-owrt/net/netfilter/Makefile
+--- linux-2.6.21.1/net/netfilter/Makefile 2007-04-27 23:49:26.000000000 +0200
++++ linux-2.6.21.1-owrt/net/netfilter/Makefile 2007-05-14 14:30:47.000000000 +0200
+@@ -37,8 +37,10 @@
obj-$(CONFIG_NETFILTER_XTABLES) += x_tables.o xt_tcpudp.o
# targets
obj-$(CONFIG_NETFILTER_XT_TARGET_DSCP) += xt_DSCP.o
obj-$(CONFIG_NETFILTER_XT_TARGET_MARK) += xt_MARK.o
obj-$(CONFIG_NETFILTER_XT_TARGET_NFQUEUE) += xt_NFQUEUE.o
-@@ -47,6 +49,7 @@
+@@ -63,6 +65,7 @@
obj-$(CONFIG_NETFILTER_XT_MATCH_MARK) += xt_mark.o
obj-$(CONFIG_NETFILTER_XT_MATCH_MULTIPORT) += xt_multiport.o
obj-$(CONFIG_NETFILTER_XT_MATCH_POLICY) += xt_policy.o
obj-$(CONFIG_NETFILTER_XT_MATCH_PKTTYPE) += xt_pkttype.o
obj-$(CONFIG_NETFILTER_XT_MATCH_QUOTA) += xt_quota.o
obj-$(CONFIG_NETFILTER_XT_MATCH_REALM) += xt_realm.o
-diff -ruN linux-2.6.19.1.orig/net/netfilter/xt_CHAOS.c linux-2.6.19.1/net/netfilter/xt_CHAOS.c
---- linux-2.6.19.1.orig/net/netfilter/xt_CHAOS.c 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.19.1/net/netfilter/xt_CHAOS.c 2007-01-11 13:28:14.407920893 +0100
-@@ -0,0 +1,180 @@
+diff -Nur linux-2.6.21.1/net/netfilter/xt_CHAOS.c linux-2.6.21.1-owrt/net/netfilter/xt_CHAOS.c
+--- linux-2.6.21.1/net/netfilter/xt_CHAOS.c 1970-01-01 01:00:00.000000000 +0100
++++ linux-2.6.21.1-owrt/net/netfilter/xt_CHAOS.c 2007-05-14 14:36:58.000000000 +0200
+@@ -0,0 +1,204 @@
+/*
-+ CHAOS target for netfilter
++ CHAOS target for netfilter
+
-+ Copyright © Jan Engelhardt <jengelh [at] gmx de>, 2006 - 2007
-+ released under the terms of the GNU General Public
-+ License version 2.x and only versions 2.x.
++ Copyright © Jan Engelhardt <jengelh [at] gmx de>, 2006 - 2007
++ This program is free software; you can redistribute it and/or modify
++ it under the terms of the GNU General Public License version 2 as
++ published by the Free Software Foundation.
+*/
+#include <linux/icmp.h>
+#include <linux/in.h>
+#include <net/ip.h>
+#include <linux/netfilter/xt_CHAOS.h>
+#include "find_match.c"
++#include <linux/netfilter/oot_trans.h>
+#define PFX KBUILD_MODNAME ": "
+
-+/* Out of tree workarounds */
-+#include <linux/version.h>
-+#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 18)
-+# define HAVE_TARGUSERINFO 1
-+#endif
-+
+/* Module parameters */
+static unsigned int reject_percentage = ~0U * .01;
+static unsigned int delude_percentage = ~0U * .0101;
+static struct xt_match *xm_tcp;
+static struct xt_target *xt_delude, *xt_reject, *xt_tarpit;
+
++static int have_delude, have_tarpit;
++
+/* Static data for other matches/targets */
+static const struct ipt_reject_info reject_params = {
+ .with = ICMP_HOST_UNREACH,
+ /* Equivalent to:
+ * -A chaos -m statistic --mode random --probability \
+ * $reject_percentage -j REJECT --reject-with host-unreach;
-+ * -A chaos -m statistic --mode random --probability \
++ * -A chaos -p tcp -m statistic --mode random --probability \
+ * $delude_percentage -j DELUDE;
+ * -A chaos -j DROP;
+ */
+ return NF_DROP;
+}
+
++static int xt_chaos_checkentry(const char *tablename, const void *entry,
++ const struct xt_target *target, void *targinfo,
++#ifdef HAVE_TARGINFOSIZE
++ unsigned int targinfosize,
++#endif
++ unsigned int hook_mask)
++{
++ const struct xt_chaos_info *info = targinfo;
++ if(info->variant == XTCHAOS_DELUDE && !have_delude) {
++ printk(KERN_WARNING PFX "Error: Cannot use --delude when "
++ "DELUDE module not available\n");
++ return 0;
++ }
++ if(info->variant == XTCHAOS_TARPIT && !have_tarpit) {
++ printk(KERN_WARNING PFX "Error: Cannot use --tarpit when "
++ "TARPIT module not available\n");
++ return 0;
++ }
++ return 1;
++}
++
+static struct xt_target xt_chaos_info = {
+ .name = "CHAOS",
+ .target = xt_chaos_target,
++ .checkentry = xt_chaos_checkentry,
+ .table = "filter",
+ .targetsize = sizeof(struct xt_chaos_info),
+ .hooks = (1 << NF_IP_LOCAL_IN) | (1 << NF_IP_FORWARD) |
+
+ xm_tcp = xt_request_find_match(AF_INET, "tcp", 0);
+ if(xm_tcp == NULL) {
-+ printk(KERN_WARNING PFX "Could not find \"tcp\" match\n");
++ printk(KERN_WARNING PFX "Error: Could not find or load "
++ "\"tcp\" match\n");
+ return -EINVAL;
+ }
+
+ xt_reject = xt_request_find_target(AF_INET, "REJECT", 0);
+ if(xt_reject == NULL) {
-+ printk(KERN_WARNING PFX "Could not find \"REJECT\" target\n");
++ printk(KERN_WARNING PFX "Error: Could not find or load "
++ "\"REJECT\" target\n");
+ goto out2;
+ }
+
-+ xt_tarpit = xt_request_find_target(AF_INET, "TARPIT", 0);
-+ if(xt_tarpit == NULL) {
-+ printk(KERN_WARNING PFX "Could not find \"TARPIT\" target\n");
-+ goto out3;
-+ }
++ xt_tarpit = xt_request_find_target(AF_INET, "TARPIT", 0);
++ have_tarpit = xt_tarpit != NULL;
++ if(!have_tarpit)
++ printk(KERN_WARNING PFX "Warning: Could not find or load "
++ "\"TARPIT\" target\n");
+
-+ xt_delude = xt_request_find_target(AF_INET, "DELUDE", 0);
-+ if(xt_delude == NULL) {
-+ printk(KERN_WARNING PFX "Could not find \"DELUDE\" target\n");
-+ goto out4;
-+ }
++ xt_delude = xt_request_find_target(AF_INET, "DELUDE", 0);
++ have_delude = xt_delude != NULL;
++ if(!have_delude)
++ printk(KERN_WARNING PFX "Warning: Could not find or load "
++ "\"DELUDE\" target\n");
+
+ if((ret = xt_register_target(&xt_chaos_info)) != 0) {
+ printk(KERN_WARNING PFX "xt_register_target returned "
+ "error %d\n", ret);
-+ goto out5;
++ goto out3;
+ }
+
+ return 0;
+
-+ out5:
-+ module_put(xt_delude->me);
-+ out4:
-+ module_put(xt_tarpit->me);
+ out3:
++ if(have_delude)
++ module_put(xt_delude->me);
++ if(have_tarpit)
++ module_put(xt_tarpit->me);
+ module_put(xt_reject->me);
+ out2:
+ module_put(xm_tcp->me);
+ xt_unregister_target(&xt_chaos_info);
+ module_put(xm_tcp->me);
+ module_put(xt_reject->me);
-+ module_put(xt_delude->me);
-+ module_put(xt_tarpit->me);
++ if(have_delude)
++ module_put(xt_delude->me);
++ if(have_tarpit)
++ module_put(xt_tarpit->me);
+ return;
+}
+
+MODULE_DESCRIPTION("netfilter CHAOS target");
+MODULE_LICENSE("GPL");
+MODULE_ALIAS("ipt_CHAOS");
-diff -ruN linux-2.6.19.1.orig/net/netfilter/xt_DELUDE.c linux-2.6.19.1/net/netfilter/xt_DELUDE.c
---- linux-2.6.19.1.orig/net/netfilter/xt_DELUDE.c 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.19.1/net/netfilter/xt_DELUDE.c 2007-01-11 13:28:07.656144799 +0100
-@@ -0,0 +1,265 @@
+diff -Nur linux-2.6.21.1/net/netfilter/xt_DELUDE.c linux-2.6.21.1-owrt/net/netfilter/xt_DELUDE.c
+--- linux-2.6.21.1/net/netfilter/xt_DELUDE.c 1970-01-01 01:00:00.000000000 +0100
++++ linux-2.6.21.1-owrt/net/netfilter/xt_DELUDE.c 2007-05-14 14:53:12.000000000 +0200
+@@ -0,0 +1,288 @@
+/*
-+ DELUDE target
-+ Copyright © Jan Engelhardt <jengelh [at] gmx de>, 2007
++ DELUDE target
++ Copyright © Jan Engelhardt <jengelh [at] gmx de>, 2007
+
-+ Based upon linux-2.6.18.5/net/ipv4/netfilter/ipt_REJECT.c:
-+ (C) 1999-2001 Paul `Rusty' Russell
-+ (C) 2002-2004 Netfilter Core Team <coreteam@netfilter.org>
++ Based upon linux-2.6.18.5/net/ipv4/netfilter/ipt_REJECT.c:
++ (C) 1999-2001 Paul `Rusty' Russell
++ (C) 2002-2004 Netfilter Core Team <coreteam@netfilter.org>
+
-+ This program is free software; you can redistribute it and/or modify
-+ it under the terms of the GNU General Public License version 2 as
-+ published by the Free Software Foundation.
-+*/
++ xt_DELUDE acts like REJECT, but does reply with SYN-ACK on SYN.
+
++ This program is free software; you can redistribute it and/or modify
++ it under the terms of the GNU General Public License version 2 as
++ published by the Free Software Foundation.
++*/
+#include <linux/module.h>
+#include <linux/skbuff.h>
+#include <linux/ip.h>
++#include <linux/random.h>
+#include <linux/tcp.h>
+#include <linux/udp.h>
+#include <linux/icmp.h>
+#include <net/dst.h>
+#include <linux/netfilter_ipv4/ip_tables.h>
+#ifdef CONFIG_BRIDGE_NETFILTER
-+#include <linux/netfilter_bridge.h>
++# include <linux/netfilter_bridge.h>
+#endif
++#include <linux/netfilter/oot_trans.h>
+#define PFX KBUILD_MODNAME ": "
+
-+/* Out of tree workarounds */
-+#include <linux/version.h>
-+#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 18)
-+# define HAVE_TARGINFOSIZE 1
-+# define HAVE_TARGUSERINFO 1
-+#endif
-+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 20)
-+# define nfmark mark
-+#endif
-+
+static inline struct rtable *route_reverse(struct sk_buff *skb,
+ struct tcphdr *tcph, int hook)
+{
+ struct sk_buff *nskb;
+ struct iphdr *iph = oldskb->nh.iph;
+ struct tcphdr _otcph, *oth, *tcph;
-+ struct rtable *rt;
-+ u_int16_t tmp_port;
-+ u_int32_t tmp_addr;
-+ int hh_len;
++ __be16 tmp_port;
++ __be32 tmp_addr;
++ int needs_ack;
++ unsigned int addr_type;
+
+ /* IP header checks: fragment. */
+ if (oldskb->nh.iph->frag_off & htons(IP_OFFSET))
+ oth = skb_header_pointer(oldskb, oldskb->nh.iph->ihl * 4,
+ sizeof(_otcph), &_otcph);
+ if (oth == NULL)
-+ return;
++ return;
+
-+ /* DELUDE only answers SYN. */
-+ if(!oth->syn || oth->ack || oth->fin || oth->rst)
++ /* No RST for RST. */
++ if (oth->rst)
+ return;
+
+ /* Check checksum */
+ if (nf_ip_checksum(oldskb, hook, iph->ihl * 4, IPPROTO_TCP))
+ return;
+
-+ if ((rt = route_reverse(oldskb, oth, hook)) == NULL)
-+ return;
-+
-+ hh_len = LL_RESERVED_SPACE(rt->u.dst.dev);
-+
+ /* We need a linear, writeable skb. We also need to expand
+ headroom in case hh_len of incoming interface < hh_len of
+ outgoing interface */
-+ nskb = skb_copy_expand(oldskb, hh_len, skb_tailroom(oldskb),
++ nskb = skb_copy_expand(oldskb, LL_MAX_HEADER, skb_tailroom(oldskb),
+ GFP_ATOMIC);
-+ if (!nskb) {
-+ dst_release(&rt->u.dst);
++ if (!nskb)
+ return;
-+ }
-+
-+ dst_release(nskb->dst);
-+ nskb->dst = &rt->u.dst;
+
+ /* This packet will not be the same as the other: clear nf fields */
+ nf_reset(nskb);
+ nskb->nfmark = 0;
+ skb_init_secmark(nskb);
+
++ skb_shinfo(nskb)->gso_size = 0;
++ skb_shinfo(nskb)->gso_segs = 0;
++ skb_shinfo(nskb)->gso_type = 0;
++
+ tcph = (struct tcphdr *)((u_int32_t*)nskb->nh.iph + nskb->nh.iph->ihl);
+
+ /* Swap source and dest */
+ skb_trim(nskb, nskb->nh.iph->ihl*4 + sizeof(struct tcphdr));
+ nskb->nh.iph->tot_len = htons(nskb->len);
+
-+ tcph->seq = oth->ack_seq;
-+ tcph->ack_seq = 0;
++ if(oth->syn && !oth->ack && !oth->rst && !oth->fin) {
++ /* DELUDE essential part */
++ tcph->ack_seq = htonl(ntohl(oth->seq) + oth->syn + oth->fin +
++ oldskb->len - oldskb->nh.iph->ihl * 4 -
++ (oth->doff << 2));
++ tcph->seq = htonl(secure_tcp_sequence_number(
++ nskb->nh.iph->saddr, nskb->nh.iph->daddr,
++ tcph->source, tcph->dest));
++ tcph->ack = 1;
++ } else {
++ if(!tcph->ack) {
++ needs_ack = 1;
++ tcph->ack_seq = htonl(ntohl(oth->seq) + oth->syn + oth->fin
++ + oldskb->len - oldskb->nh.iph->ihl*4
++ - (oth->doff<<2));
++ tcph->seq = 0;
++ } else {
++ needs_ack = 0;
++ tcph->seq = oth->ack_seq;
++ tcph->ack_seq = 0;
++ }
++
++ /* Reset flags */
++ ((u_int8_t *)tcph)[13] = 0;
++ tcph->rst = 1;
++ tcph->ack = needs_ack;
++ }
+
-+ /* Reset flags */
-+ ((u_int8_t *)tcph)[13] = 0;
-+ tcph->syn = tcph->ack = 1;
+
+ tcph->window = 0;
+ tcph->urg_ptr = 0;
+ csum_partial((char *)tcph,
+ sizeof(struct tcphdr), 0));
+
-+ /* Adjust IP TTL, DF */
-+ nskb->nh.iph->ttl = dst_metric(nskb->dst, RTAX_HOPLIMIT);
+ /* Set DF, id = 0 */
+ nskb->nh.iph->frag_off = htons(IP_DF);
+ nskb->nh.iph->id = 0;
+
++ addr_type = RTN_UNSPEC;
++ if (hook != NF_IP_FORWARD
++#ifdef CONFIG_BRIDGE_NETFILTER
++ || (nskb->nf_bridge && nskb->nf_bridge->mask & BRNF_BRIDGED)
++#endif
++ )
++ addr_type = RTN_LOCAL;
++
++ if (ip_route_me_harder(&nskb, addr_type))
++ goto free_nskb;
++
++ nskb->ip_summed = CHECKSUM_NONE;
++
++ /* Adjust IP TTL */
++ nskb->nh.iph->ttl = dst_metric(nskb->dst, RTAX_HOPLIMIT);
++
+ /* Adjust IP checksum */
+ nskb->nh.iph->check = 0;
+ nskb->nh.iph->check = ip_fast_csum((unsigned char *)nskb->nh.iph,
+
+ free_nskb:
+ kfree_skb(nskb);
-+ return;
+}
+
+static unsigned int xt_delude_target(struct sk_buff **pskb,
+
+module_init(xt_delude_init);
+module_exit(xt_delude_exit);
-+MODULE_LICENSE("GPL");
+MODULE_AUTHOR("Jan Engelhardt <jengelh@gmx.de>");
+MODULE_DESCRIPTION("netfilter DELUDE target");
-diff -ruN linux-2.6.19.1.orig/net/netfilter/xt_portscan.c linux-2.6.19.1/net/netfilter/xt_portscan.c
---- linux-2.6.19.1.orig/net/netfilter/xt_portscan.c 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.19.1/net/netfilter/xt_portscan.c 2007-01-11 13:28:14.407920893 +0100
-@@ -0,0 +1,282 @@
++MODULE_LICENSE("GPL");
++MODULE_ALIAS("ipt_DELUDE");
+diff -Nur linux-2.6.21.1/net/netfilter/xt_portscan.c linux-2.6.21.1-owrt/net/netfilter/xt_portscan.c
+--- linux-2.6.21.1/net/netfilter/xt_portscan.c 1970-01-01 01:00:00.000000000 +0100
++++ linux-2.6.21.1-owrt/net/netfilter/xt_portscan.c 2007-05-14 14:37:35.000000000 +0200
+@@ -0,0 +1,272 @@
+/*
-+ portscan match for netfilter
++ portscan match for netfilter
+
-+ Written by Jan Engelhardt, 2006 - 2007
-+ released under the terms of the GNU General Public
-+ License version 2.x and only versions 2.x.
++ Written by Jan Engelhardt, 2006 - 2007
++ This program is free software; you can redistribute it and/or modify
++ it under the terms of the GNU General Public License version 2 as
++ published by the Free Software Foundation.
+*/
+#include <linux/in.h>
+#include <linux/ip.h>
+#include <linux/version.h>
+#include <linux/netfilter/x_tables.h>
+#include <linux/netfilter/xt_tcpudp.h>
-+#if defined(CONFIG_IP_NF_CONNTRACK) || defined(CONFIG_IP_NF_CONNTRACK_MODULE)
-+# include <linux/netfilter_ipv4/ip_conntrack.h>
-+#else /* linux-2.6.20+ */
-+# include <net/netfilter/nf_nat_rule.h>
-+#endif
++#include <linux/netfilter/oot_conntrack.h>
+#include <linux/netfilter/xt_portscan.h>
++#include <linux/netfilter/oot_trans.h>
+#define PFX KBUILD_MODNAME ": "
+
-+/* Out of tree workarounds */
-+#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 18)
-+# define HAVE_MATCHINFOSIZE 1
-+#endif
-+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 20)
-+# define nfmark mark
-+#endif
-+
+enum {
+ TCP_FLAGS_ALL3 = TCP_FLAG_FIN | TCP_FLAG_RST | TCP_FLAG_SYN,
+ TCP_FLAGS_ALL4 = TCP_FLAGS_ALL3 | TCP_FLAG_ACK,
projects / openwrt / openwrt.git / blobdiff