--- /dev/null
+--- bridge-utils-0.9.6/libbridge/Makefile.in.dist 2004-03-01 20:55:52.000000000 -0600
++++ bridge-utils-0.9.6/libbridge/Makefile.in 2004-03-01 20:56:23.000000000 -0600
+@@ -5,7 +5,7 @@
+ RANLIB=@RANLIB@
+
+ CC=@CC@
+-CFLAGS = -Wall -g $(KERNEL_HEADERS)
++CFLAGS = -Wall -g @CFLAGS@ $(KERNEL_HEADERS)
+
+ prefix=@prefix@
+ exec_prefix=@exec_prefix@
+++ /dev/null
---- bridge-utils-0.9.6/libbridge/Makefile.in.dist 2004-03-01 20:55:52.000000000 -0600
-+++ bridge-utils-0.9.6/libbridge/Makefile.in 2004-03-01 20:56:23.000000000 -0600
-@@ -5,7 +5,7 @@
- RANLIB=@RANLIB@
-
- CC=@CC@
--CFLAGS = -Wall -g $(KERNEL_HEADERS)
-+CFLAGS = -Wall -g @CFLAGS@ $(KERNEL_HEADERS)
-
- prefix=@prefix@
- exec_prefix=@exec_prefix@
--- /dev/null
+diff -ruN ipsec-tools-0.6.3-old/src/racoon/cftoken.l ipsec-tools-0.6.3-new/src/racoon/cftoken.l
+--- ipsec-tools-0.6.3-old/src/racoon/cftoken.l 2005-11-06 18:18:26.000000000 +0100
++++ ipsec-tools-0.6.3-new/src/racoon/cftoken.l 2005-12-09 01:27:27.000000000 +0100
+@@ -105,6 +105,8 @@
+ static int incstackp = 0;
+
+ static int yy_first_time = 1;
++
++int yywrap(void) { return 1; }
+ %}
+
+ /* common seciton */
+diff -ruN ipsec-tools-0.6.3-old/src/setkey/token.l ipsec-tools-0.6.3-new/src/setkey/token.l
+--- ipsec-tools-0.6.3-old/src/setkey/token.l 2005-06-29 15:01:30.000000000 +0200
++++ ipsec-tools-0.6.3-new/src/setkey/token.l 2005-12-09 01:27:31.000000000 +0100
+@@ -84,6 +84,8 @@
+ #ifndef SADB_X_EALG_AESCTR
+ #define SADB_X_EALG_AESCTR (-1)
+ #endif
++
++int yywrap(void) { return 1; }
+ %}
+
+ /* common section */
--- /dev/null
+diff -ruN ipsec-tools-0.6.3-old/configure.ac ipsec-tools-0.6.3-new/configure.ac
+--- ipsec-tools-0.6.3-old/configure.ac 2005-11-21 12:11:41.000000000 +0100
++++ ipsec-tools-0.6.3-new/configure.ac 2005-12-09 02:09:06.000000000 +0100
+@@ -180,7 +180,7 @@
+
+ if test "x$crypto_dir" != "x"; then
+ LIBS="$LIBS -L${crypto_dir}/lib"
+- CPPFLAGS="-I${crypto_dir}/include $CPPLAGS"
++ CPPFLAGS="-I${crypto_dir}/include $CPPFLAGS"
+ fi
+ AC_MSG_CHECKING(openssl version)
+
+diff -ruN ipsec-tools-0.6.3-old/configure ipsec-tools-0.6.3-new/configure
+--- ipsec-tools-0.6.3-old/configure 2005-11-21 12:15:12.000000000 +0100
++++ ipsec-tools-0.6.3-new/configure 2005-12-09 02:09:13.000000000 +0100
+@@ -23680,7 +23680,7 @@
+
+ if test "x$crypto_dir" != "x"; then
+ LIBS="$LIBS -L${crypto_dir}/lib"
+- CPPFLAGS="-I${crypto_dir}/include $CPPLAGS"
++ CPPFLAGS="-I${crypto_dir}/include $CPPFLAGS"
+ fi
+ echo "$as_me:$LINENO: checking openssl version" >&5
+ echo $ECHO_N "checking openssl version... $ECHO_C" >&6
--- /dev/null
+diff -ruN ipsec-tools-0.6.6-old/src/racoon/grabmyaddr.c ipsec-tools-0.6.6-new/src/racoon/grabmyaddr.c
+--- ipsec-tools-0.6.6-old/src/racoon/grabmyaddr.c 2005-07-16 06:41:01.000000000 +0200
++++ ipsec-tools-0.6.6-new/src/racoon/grabmyaddr.c 2006-12-15 15:50:13.000000000 +0100
+@@ -77,10 +77,17 @@
+ #ifdef __linux__
+ #include <linux/types.h>
+ #include <linux/rtnetlink.h>
++#include <linux/version.h>
++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19)
++# include <linux/if_addr.h>
++#endif
+ #ifndef HAVE_GETIFADDRS
+ #define HAVE_GETIFADDRS
+ #define NEED_LINUX_GETIFADDRS
+ #endif
++#ifndef IFA_RTA
++# define IFA_RTA(r) ((struct rtattr*)(((char*)(r)) + NLMSG_ALIGN(sizeof(struct ifaddrmsg))))
++#endif
+ #endif
+
+ #ifndef HAVE_GETIFADDRS
+++ /dev/null
-diff -ruN ipsec-tools-0.6.3-old/src/racoon/cftoken.l ipsec-tools-0.6.3-new/src/racoon/cftoken.l
---- ipsec-tools-0.6.3-old/src/racoon/cftoken.l 2005-11-06 18:18:26.000000000 +0100
-+++ ipsec-tools-0.6.3-new/src/racoon/cftoken.l 2005-12-09 01:27:27.000000000 +0100
-@@ -105,6 +105,8 @@
- static int incstackp = 0;
-
- static int yy_first_time = 1;
-+
-+int yywrap(void) { return 1; }
- %}
-
- /* common seciton */
-diff -ruN ipsec-tools-0.6.3-old/src/setkey/token.l ipsec-tools-0.6.3-new/src/setkey/token.l
---- ipsec-tools-0.6.3-old/src/setkey/token.l 2005-06-29 15:01:30.000000000 +0200
-+++ ipsec-tools-0.6.3-new/src/setkey/token.l 2005-12-09 01:27:31.000000000 +0100
-@@ -84,6 +84,8 @@
- #ifndef SADB_X_EALG_AESCTR
- #define SADB_X_EALG_AESCTR (-1)
- #endif
-+
-+int yywrap(void) { return 1; }
- %}
-
- /* common section */
+++ /dev/null
-diff -ruN ipsec-tools-0.6.3-old/configure.ac ipsec-tools-0.6.3-new/configure.ac
---- ipsec-tools-0.6.3-old/configure.ac 2005-11-21 12:11:41.000000000 +0100
-+++ ipsec-tools-0.6.3-new/configure.ac 2005-12-09 02:09:06.000000000 +0100
-@@ -180,7 +180,7 @@
-
- if test "x$crypto_dir" != "x"; then
- LIBS="$LIBS -L${crypto_dir}/lib"
-- CPPFLAGS="-I${crypto_dir}/include $CPPLAGS"
-+ CPPFLAGS="-I${crypto_dir}/include $CPPFLAGS"
- fi
- AC_MSG_CHECKING(openssl version)
-
-diff -ruN ipsec-tools-0.6.3-old/configure ipsec-tools-0.6.3-new/configure
---- ipsec-tools-0.6.3-old/configure 2005-11-21 12:15:12.000000000 +0100
-+++ ipsec-tools-0.6.3-new/configure 2005-12-09 02:09:13.000000000 +0100
-@@ -23680,7 +23680,7 @@
-
- if test "x$crypto_dir" != "x"; then
- LIBS="$LIBS -L${crypto_dir}/lib"
-- CPPFLAGS="-I${crypto_dir}/include $CPPLAGS"
-+ CPPFLAGS="-I${crypto_dir}/include $CPPFLAGS"
- fi
- echo "$as_me:$LINENO: checking openssl version" >&5
- echo $ECHO_N "checking openssl version... $ECHO_C" >&6
+++ /dev/null
-diff -ruN ipsec-tools-0.6.6-old/src/racoon/grabmyaddr.c ipsec-tools-0.6.6-new/src/racoon/grabmyaddr.c
---- ipsec-tools-0.6.6-old/src/racoon/grabmyaddr.c 2005-07-16 06:41:01.000000000 +0200
-+++ ipsec-tools-0.6.6-new/src/racoon/grabmyaddr.c 2006-12-15 15:50:13.000000000 +0100
-@@ -77,10 +77,17 @@
- #ifdef __linux__
- #include <linux/types.h>
- #include <linux/rtnetlink.h>
-+#include <linux/version.h>
-+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19)
-+# include <linux/if_addr.h>
-+#endif
- #ifndef HAVE_GETIFADDRS
- #define HAVE_GETIFADDRS
- #define NEED_LINUX_GETIFADDRS
- #endif
-+#ifndef IFA_RTA
-+# define IFA_RTA(r) ((struct rtattr*)(((char*)(r)) + NLMSG_ALIGN(sizeof(struct ifaddrmsg))))
-+#endif
- #endif
-
- #ifndef HAVE_GETIFADDRS
--- /dev/null
+diff -Nur ipset-2.2.3.orig/ipset.c ipset-2.2.3/ipset.c
+--- ipset-2.2.3.orig/ipset.c 2005-04-05 09:56:02.000000000 +0200
++++ ipset-2.2.3/ipset.c 2005-09-29 13:07:07.446923250 +0200
+@@ -21,7 +21,6 @@
+ #include <stdarg.h>
+ #include <netdb.h>
+ #include <dlfcn.h>
+-#include <asm/bitops.h>
+
+ #include "ipset.h"
+
+diff -Nur ipset-2.2.3.orig/ipset_iphash.c ipset-2.2.3/ipset_iphash.c
+--- ipset-2.2.3.orig/ipset_iphash.c 2005-01-19 14:38:57.000000000 +0100
++++ ipset-2.2.3/ipset_iphash.c 2005-09-29 13:07:26.308102000 +0200
+@@ -25,7 +25,6 @@
+ #include <sys/types.h>
+ #include <netinet/in.h>
+ #include <arpa/inet.h>
+-#include <asm/bitops.h>
+ #include <asm/types.h>
+
+ #include <linux/netfilter_ipv4/ip_set_iphash.h>
+diff -Nur ipset-2.2.3.orig/ipset_ipmap.c ipset-2.2.3/ipset_ipmap.c
+--- ipset-2.2.3.orig/ipset_ipmap.c 2005-01-19 14:38:57.000000000 +0100
++++ ipset-2.2.3/ipset_ipmap.c 2005-09-29 13:07:07.446923250 +0200
+@@ -22,7 +22,6 @@
+ #include <sys/socket.h>
+ #include <netinet/in.h>
+ #include <arpa/inet.h>
+-#include <asm/bitops.h>
+
+ #include <linux/netfilter_ipv4/ip_set_ipmap.h>
+ #include "ipset.h"
+diff -Nur ipset-2.2.3.orig/ipset_macipmap.c ipset-2.2.3/ipset_macipmap.c
+--- ipset-2.2.3.orig/ipset_macipmap.c 2005-01-19 14:38:57.000000000 +0100
++++ ipset-2.2.3/ipset_macipmap.c 2005-09-29 13:07:07.446923250 +0200
+@@ -24,7 +24,6 @@
+ #include <sys/socket.h>
+ #include <netinet/in.h>
+ #include <arpa/inet.h>
+-#include <asm/bitops.h>
+ #include <linux/if_ether.h>
+
+ #include <linux/netfilter_ipv4/ip_set_macipmap.h>
+diff -Nur ipset-2.2.3.orig/ipset_nethash.c ipset-2.2.3/ipset_nethash.c
+--- ipset-2.2.3.orig/ipset_nethash.c 2005-05-09 07:44:25.000000000 +0200
++++ ipset-2.2.3/ipset_nethash.c 2005-09-29 13:07:07.446923250 +0200
+@@ -25,7 +25,6 @@
+ #include <sys/types.h>
+ #include <netinet/in.h>
+ #include <arpa/inet.h>
+-#include <asm/bitops.h>
+ #include <asm/types.h>
+
+ #include <linux/netfilter_ipv4/ip_set_nethash.h>
+diff -Nur ipset-2.2.3.orig/ipset_portmap.c ipset-2.2.3/ipset_portmap.c
+--- ipset-2.2.3.orig/ipset_portmap.c 2005-01-19 14:38:57.000000000 +0100
++++ ipset-2.2.3/ipset_portmap.c 2005-09-29 13:07:07.446923250 +0200
+@@ -21,7 +21,6 @@
+ #include <sys/socket.h>
+ #include <netinet/in.h>
+ #include <arpa/inet.h>
+-#include <asm/bitops.h>
+
+ #include <linux/netfilter_ipv4/ip_set_portmap.h>
+ #include "ipset.h"
+++ /dev/null
-diff -Nur ipset-2.2.3.orig/ipset.c ipset-2.2.3/ipset.c
---- ipset-2.2.3.orig/ipset.c 2005-04-05 09:56:02.000000000 +0200
-+++ ipset-2.2.3/ipset.c 2005-09-29 13:07:07.446923250 +0200
-@@ -21,7 +21,6 @@
- #include <stdarg.h>
- #include <netdb.h>
- #include <dlfcn.h>
--#include <asm/bitops.h>
-
- #include "ipset.h"
-
-diff -Nur ipset-2.2.3.orig/ipset_iphash.c ipset-2.2.3/ipset_iphash.c
---- ipset-2.2.3.orig/ipset_iphash.c 2005-01-19 14:38:57.000000000 +0100
-+++ ipset-2.2.3/ipset_iphash.c 2005-09-29 13:07:26.308102000 +0200
-@@ -25,7 +25,6 @@
- #include <sys/types.h>
- #include <netinet/in.h>
- #include <arpa/inet.h>
--#include <asm/bitops.h>
- #include <asm/types.h>
-
- #include <linux/netfilter_ipv4/ip_set_iphash.h>
-diff -Nur ipset-2.2.3.orig/ipset_ipmap.c ipset-2.2.3/ipset_ipmap.c
---- ipset-2.2.3.orig/ipset_ipmap.c 2005-01-19 14:38:57.000000000 +0100
-+++ ipset-2.2.3/ipset_ipmap.c 2005-09-29 13:07:07.446923250 +0200
-@@ -22,7 +22,6 @@
- #include <sys/socket.h>
- #include <netinet/in.h>
- #include <arpa/inet.h>
--#include <asm/bitops.h>
-
- #include <linux/netfilter_ipv4/ip_set_ipmap.h>
- #include "ipset.h"
-diff -Nur ipset-2.2.3.orig/ipset_macipmap.c ipset-2.2.3/ipset_macipmap.c
---- ipset-2.2.3.orig/ipset_macipmap.c 2005-01-19 14:38:57.000000000 +0100
-+++ ipset-2.2.3/ipset_macipmap.c 2005-09-29 13:07:07.446923250 +0200
-@@ -24,7 +24,6 @@
- #include <sys/socket.h>
- #include <netinet/in.h>
- #include <arpa/inet.h>
--#include <asm/bitops.h>
- #include <linux/if_ether.h>
-
- #include <linux/netfilter_ipv4/ip_set_macipmap.h>
-diff -Nur ipset-2.2.3.orig/ipset_nethash.c ipset-2.2.3/ipset_nethash.c
---- ipset-2.2.3.orig/ipset_nethash.c 2005-05-09 07:44:25.000000000 +0200
-+++ ipset-2.2.3/ipset_nethash.c 2005-09-29 13:07:07.446923250 +0200
-@@ -25,7 +25,6 @@
- #include <sys/types.h>
- #include <netinet/in.h>
- #include <arpa/inet.h>
--#include <asm/bitops.h>
- #include <asm/types.h>
-
- #include <linux/netfilter_ipv4/ip_set_nethash.h>
-diff -Nur ipset-2.2.3.orig/ipset_portmap.c ipset-2.2.3/ipset_portmap.c
---- ipset-2.2.3.orig/ipset_portmap.c 2005-01-19 14:38:57.000000000 +0100
-+++ ipset-2.2.3/ipset_portmap.c 2005-09-29 13:07:07.446923250 +0200
-@@ -21,7 +21,6 @@
- #include <sys/socket.h>
- #include <netinet/in.h>
- #include <arpa/inet.h>
--#include <asm/bitops.h>
-
- #include <linux/netfilter_ipv4/ip_set_portmap.h>
- #include "ipset.h"
--- /dev/null
+diff -urN iptables.old/extensions/Makefile iptables.dev/extensions/Makefile
+--- iptables.old/extensions/Makefile 2005-07-20 04:22:56.000000000 +0200
++++ iptables.dev/extensions/Makefile 2006-03-23 14:42:28.000000000 +0100
+@@ -8,6 +8,10 @@
+ PF_EXT_SLIB:=ah addrtype comment connlimit connmark conntrack dscp ecn esp hashlimit helper icmp iprange length limit mac mark multiport owner physdev pkttype realm rpc sctp standard state tcp tcpmss tos ttl udp unclean CLASSIFY CONNMARK DNAT DSCP ECN LOG MARK MASQUERADE MIRROR NETMAP NFQUEUE NOTRACK REDIRECT REJECT SAME SNAT TARPIT TCPMSS TOS TRACE TTL ULOG
+ PF6_EXT_SLIB:=eui64 hl icmpv6 length limit mac mark multiport owner physdev standard tcp udp HL LOG NFQUEUE MARK TRACE
+
++
++# ipp2p
++PF_EXT_SLIB += ipp2p
++
+ # Optionals
+ PF_EXT_SLIB_OPTS:=$(foreach T,$(wildcard extensions/.*-test),$(shell KERNEL_DIR=$(KERNEL_DIR) $(T)))
+ PF6_EXT_SLIB_OPTS:=$(foreach T,$(wildcard extensions/.*-test6),$(shell KERNEL_DIR=$(KERNEL_DIR) $(T)))
+diff -urN iptables.old/extensions/libipt_ipp2p.c iptables.dev/extensions/libipt_ipp2p.c
+--- iptables.old/extensions/libipt_ipp2p.c 1970-01-01 01:00:00.000000000 +0100
++++ iptables.dev/extensions/libipt_ipp2p.c 2006-03-23 14:43:26.000000000 +0100
+@@ -0,0 +1,401 @@
++
++#include <stdio.h>
++#include <netdb.h>
++#include <string.h>
++#include <stdlib.h>
++#include <getopt.h>
++#include <ctype.h>
++
++#include <iptables.h>
++
++#include <linux/netfilter_ipv4/ipt_ipp2p.h>
++
++static void
++help(void)
++{
++ printf(
++ "IPP2P v%s options:\n"
++ " --ipp2p Grab all known p2p packets\n"
++ " --edk [TCP&UDP] All known eDonkey/eMule/Overnet packets\n"
++ " --dc [TCP] All known Direct Connect packets\n"
++ " --kazaa [TCP&UDP] All known KaZaA packets\n"
++ " --gnu [TCP&UDP] All known Gnutella packets\n"
++ " --bit [TCP&UDP] All known BitTorrent packets\n"
++ " --apple [TCP] All known AppleJuice packets\n"
++ " --winmx [TCP] All known WinMX\n"
++ " --soul [TCP] All known SoulSeek\n"
++ " --ares [TCP] All known Ares\n\n"
++ " EXPERIMENTAL protocols (please send feedback to: ipp2p@ipp2p.org) :\n"
++ " --mute [TCP] All known Mute packets\n"
++ " --waste [TCP] All known Waste packets\n"
++ " --xdcc [TCP] All known XDCC packets (only xdcc login)\n\n"
++ " DEBUG SUPPPORT, use only if you know why\n"
++ " --debug Generate kernel debug output, THIS WILL SLOW DOWN THE FILTER\n"
++ "\nNote that the follwing options will have the same meaning:\n"
++ " '--ipp2p' is equal to '--edk --dc --kazaa --gnu --bit --apple --winmx --soul --ares'\n"
++ "\nIPP2P was intended for TCP only. Due to increasing usage of UDP we needed to change this.\n"
++ "You can now use -p udp to search UDP packets only or without -p switch to search UDP and TCP packets.\n"
++ "\nSee README included with this package for more details or visit http://www.ipp2p.org\n"
++ "\nExamples:\n"
++ " iptables -A FORWARD -m ipp2p --ipp2p -j MARK --set-mark 0x01\n"
++ " iptables -A FORWARD -p udp -m ipp2p --kazaa --bit -j DROP\n"
++ " iptables -A FORWARD -p tcp -m ipp2p --edk --soul -j DROP\n\n"
++ , IPP2P_VERSION);
++}
++
++static struct option opts[] = {
++ { "ipp2p", 0, 0, '1' },
++ { "edk", 0, 0, '2' },
++ { "dc", 0, 0, '7' },
++ { "gnu", 0, 0, '9' },
++ { "kazaa", 0, 0, 'a' },
++ { "bit", 0, 0, 'b' },
++ { "apple", 0, 0, 'c' },
++ { "soul", 0, 0, 'd' },
++ { "winmx", 0, 0, 'e' },
++ { "ares", 0, 0, 'f' },
++ { "mute", 0, 0, 'g' },
++ { "waste", 0, 0, 'h' },
++ { "xdcc", 0, 0, 'i' },
++ { "debug", 0, 0, 'j' },
++ {0}
++};
++
++
++
++static void
++init(struct ipt_entry_match *m, unsigned int *nfcache)
++{
++ struct ipt_p2p_info *info = (struct ipt_p2p_info *)m->data;
++
++ *nfcache |= NFC_UNKNOWN;
++
++ /*init the module with default values*/
++ info->cmd = 0;
++ info->debug = 0;
++
++}
++
++
++static int
++parse(int c, char **argv, int invert, unsigned int *flags,
++ const struct ipt_entry *entry,
++ unsigned int *nfcache,
++ struct ipt_entry_match **match)
++{
++ struct ipt_p2p_info *info = (struct ipt_p2p_info *)(*match)->data;
++
++ switch (c) {
++ case '1': /*cmd: ipp2p*/
++ if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P)
++ exit_error(PARAMETER_PROBLEM,
++ "ipp2p: `--ipp2p' may only be "
++ "specified once!");
++/* if ((*flags & SHORT_HAND_DATA) == SHORT_HAND_DATA)
++ exit_error(PARAMETER_PROBLEM,
++ "ipp2p: `--ipp2p-data' may only be "
++ "specified alone!");*/
++ if ((*flags) != 0)
++ exit_error(PARAMETER_PROBLEM,
++ "ipp2p: `--ipp2p' may only be "
++ "specified alone!");
++ if (invert) exit_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!");
++ *flags += SHORT_HAND_IPP2P;
++ info->cmd = *flags;
++ break;
++
++ case '2': /*cmd: edk*/
++ if ((*flags & IPP2P_EDK) == IPP2P_EDK)
++ exit_error(PARAMETER_PROBLEM,
++ "ipp2p: `--edk' may only be "
++ "specified once");
++ if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P)
++ exit_error(PARAMETER_PROBLEM,
++ "ipp2p: `--ipp2p' may only be "
++ "specified alone!");
++/* if ((*flags & SHORT_HAND_DATA) == SHORT_HAND_DATA)
++ exit_error(PARAMETER_PROBLEM,
++ "ipp2p: `--ipp2p-data' may only be "
++ "specified alone!");*/
++ if ((*flags & IPP2P_DATA_EDK) == IPP2P_DATA_EDK)
++ exit_error(PARAMETER_PROBLEM,
++ "ipp2p: use `--edk' OR `--edk-data' but not both of them!");
++ if (invert) exit_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!");
++ *flags += IPP2P_EDK;
++ info->cmd = *flags;
++ break;
++
++
++ case '7': /*cmd: dc*/
++ if ((*flags & IPP2P_DC) == IPP2P_DC)
++ exit_error(PARAMETER_PROBLEM,
++ "ipp2p: `--dc' may only be "
++ "specified once!");
++ if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P)
++ exit_error(PARAMETER_PROBLEM,
++ "ipp2p: `--ipp2p' may only be "
++ "specified alone!");
++/* if ((*flags & SHORT_HAND_DATA) == SHORT_HAND_DATA)
++ exit_error(PARAMETER_PROBLEM,
++ "ipp2p: `--ipp2p-data' may only be "
++ "specified alone!");*/
++ if ((*flags & IPP2P_DATA_DC) == IPP2P_DATA_DC)
++ exit_error(PARAMETER_PROBLEM,
++ "ipp2p: use `--dc' OR `--dc-data' but not both of them!");
++ if (invert) exit_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!");
++ *flags += IPP2P_DC;
++ info->cmd = *flags;
++ break;
++
++
++ case '9': /*cmd: gnu*/
++ if ((*flags & IPP2P_GNU) == IPP2P_GNU)
++ exit_error(PARAMETER_PROBLEM,
++ "ipp2p: `--gnu' may only be "
++ "specified once!");
++/* if ((*flags & SHORT_HAND_DATA) == SHORT_HAND_DATA)
++ exit_error(PARAMETER_PROBLEM,
++ "ipp2p: `--ipp2p-data' may only be "
++ "specified alone!");*/
++ if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P)
++ exit_error(PARAMETER_PROBLEM,
++ "ipp2p: `--ipp2p' may only be "
++ "specified alone!");
++ if ((*flags & IPP2P_DATA_GNU) == IPP2P_DATA_GNU)
++ exit_error(PARAMETER_PROBLEM,
++ "ipp2p: use `--gnu' OR `--gnu-data' but not both of them!");
++ if (invert) exit_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!");
++ *flags += IPP2P_GNU;
++ info->cmd = *flags;
++ break;
++
++ case 'a': /*cmd: kazaa*/
++ if ((*flags & IPP2P_KAZAA) == IPP2P_KAZAA)
++ exit_error(PARAMETER_PROBLEM,
++ "ipp2p: `--kazaa' may only be "
++ "specified once!");
++/* if ((*flags & SHORT_HAND_DATA) == SHORT_HAND_DATA)
++ exit_error(PARAMETER_PROBLEM,
++ "ipp2p: `--ipp2p-data' may only be "
++ "specified alone!");*/
++ if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P)
++ exit_error(PARAMETER_PROBLEM,
++ "ipp2p: `--ipp2p' may only be "
++ "specified alone!");
++ if ((*flags & IPP2P_DATA_KAZAA) == IPP2P_DATA_KAZAA)
++ exit_error(PARAMETER_PROBLEM,
++ "ipp2p: use `--kazaa' OR `--kazaa-data' but not both of them!");
++ if (invert) exit_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!");
++ *flags += IPP2P_KAZAA;
++ info->cmd = *flags;
++ break;
++
++ case 'b': /*cmd: bit*/
++ if ((*flags & IPP2P_BIT) == IPP2P_BIT)
++ exit_error(PARAMETER_PROBLEM,
++ "ipp2p: `--bit' may only be "
++ "specified once!");
++ if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P)
++ exit_error(PARAMETER_PROBLEM,
++ "ipp2p: `--ipp2p' may only be "
++ "specified alone!");
++ if (invert) exit_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!");
++ *flags += IPP2P_BIT;
++ info->cmd = *flags;
++ break;
++
++ case 'c': /*cmd: apple*/
++ if ((*flags & IPP2P_APPLE) == IPP2P_APPLE)
++ exit_error(PARAMETER_PROBLEM,
++ "ipp2p: `--apple' may only be "
++ "specified once!");
++ if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P)
++ exit_error(PARAMETER_PROBLEM,
++ "ipp2p: `--ipp2p' may only be "
++ "specified alone!");
++ if (invert) exit_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!");
++ *flags += IPP2P_APPLE;
++ info->cmd = *flags;
++ break;
++
++
++ case 'd': /*cmd: soul*/
++ if ((*flags & IPP2P_SOUL) == IPP2P_SOUL)
++ exit_error(PARAMETER_PROBLEM,
++ "ipp2p: `--soul' may only be "
++ "specified once!");
++ if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P)
++ exit_error(PARAMETER_PROBLEM,
++ "ipp2p: `--ipp2p' may only be "
++ "specified alone!");
++ if (invert) exit_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!");
++ *flags += IPP2P_SOUL;
++ info->cmd = *flags;
++ break;
++
++
++ case 'e': /*cmd: winmx*/
++ if ((*flags & IPP2P_WINMX) == IPP2P_WINMX)
++ exit_error(PARAMETER_PROBLEM,
++ "ipp2p: `--winmx' may only be "
++ "specified once!");
++ if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P)
++ exit_error(PARAMETER_PROBLEM,
++ "ipp2p: `--ipp2p' may only be "
++ "specified alone!");
++ if (invert) exit_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!");
++ *flags += IPP2P_WINMX;
++ info->cmd = *flags;
++ break;
++
++ case 'f': /*cmd: ares*/
++ if ((*flags & IPP2P_ARES) == IPP2P_ARES)
++ exit_error(PARAMETER_PROBLEM,
++ "ipp2p: `--ares' may only be "
++ "specified once!");
++ if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P)
++ exit_error(PARAMETER_PROBLEM,
++ "ipp2p: `--ipp2p' may only be "
++ "specified alone!");
++ if (invert) exit_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!");
++ *flags += IPP2P_ARES;
++ info->cmd = *flags;
++ break;
++
++ case 'g': /*cmd: mute*/
++ if ((*flags & IPP2P_MUTE) == IPP2P_MUTE)
++ exit_error(PARAMETER_PROBLEM,
++ "ipp2p: `--mute' may only be "
++ "specified once!");
++ if (invert) exit_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!");
++ *flags += IPP2P_MUTE;
++ info->cmd = *flags;
++ break;
++ case 'h': /*cmd: waste*/
++ if ((*flags & IPP2P_WASTE) == IPP2P_WASTE)
++ exit_error(PARAMETER_PROBLEM,
++ "ipp2p: `--waste' may only be "
++ "specified once!");
++ if (invert) exit_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!");
++ *flags += IPP2P_WASTE;
++ info->cmd = *flags;
++ break;
++ case 'i': /*cmd: xdcc*/
++ if ((*flags & IPP2P_XDCC) == IPP2P_XDCC)
++ exit_error(PARAMETER_PROBLEM,
++ "ipp2p: `--ares' may only be "
++ "specified once!");
++ if (invert) exit_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!");
++ *flags += IPP2P_XDCC;
++ info->cmd = *flags;
++ break;
++
++ case 'j': /*cmd: debug*/
++ if (invert) exit_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!");
++ info->debug = 1;
++ break;
++
++ default:
++// exit_error(PARAMETER_PROBLEM,
++// "\nipp2p-parameter problem: for ipp2p usage type: iptables -m ipp2p --help\n");
++ return 0;
++ }
++ return 1;
++}
++
++
++static void
++final_check(unsigned int flags)
++{
++ if (!flags)
++ exit_error(PARAMETER_PROBLEM,
++ "\nipp2p-parameter problem: for ipp2p usage type: iptables -m ipp2p --help\n");
++}
++
++
++
++static void
++print(const struct ipt_ip *ip,
++ const struct ipt_entry_match *match,
++ int numeric)
++{
++ struct ipt_p2p_info *info = (struct ipt_p2p_info *)match->data;
++
++ printf("ipp2p v%s", IPP2P_VERSION);
++ if ((info->cmd & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P) printf(" --ipp2p");
++// if ((info->cmd & SHORT_HAND_DATA) == SHORT_HAND_DATA) printf(" --ipp2p-data");
++ if ((info->cmd & IPP2P_KAZAA) == IPP2P_KAZAA) printf(" --kazaa");
++// if ((info->cmd & IPP2P_DATA_KAZAA) == IPP2P_DATA_KAZAA) printf(" --kazaa-data");
++// if ((info->cmd & IPP2P_DATA_GNU) == IPP2P_DATA_GNU) printf(" --gnu-data");
++ if ((info->cmd & IPP2P_GNU) == IPP2P_GNU) printf(" --gnu");
++ if ((info->cmd & IPP2P_EDK) == IPP2P_EDK) printf(" --edk");
++// if ((info->cmd & IPP2P_DATA_EDK) == IPP2P_DATA_EDK) printf(" --edk-data");
++// if ((info->cmd & IPP2P_DATA_DC) == IPP2P_DATA_DC) printf(" --dc-data");
++ if ((info->cmd & IPP2P_DC) == IPP2P_DC) printf(" --dc");
++ if ((info->cmd & IPP2P_BIT) == IPP2P_BIT) printf(" --bit");
++ if ((info->cmd & IPP2P_APPLE) == IPP2P_APPLE) printf(" --apple");
++ if ((info->cmd & IPP2P_SOUL) == IPP2P_SOUL) printf(" --soul");
++ if ((info->cmd & IPP2P_WINMX) == IPP2P_WINMX) printf(" --winmx");
++ if ((info->cmd & IPP2P_ARES) == IPP2P_ARES) printf(" --ares");
++ if ((info->cmd & IPP2P_MUTE) == IPP2P_MUTE) printf(" --mute");
++ if ((info->cmd & IPP2P_WASTE) == IPP2P_WASTE) printf(" --waste");
++ if ((info->cmd & IPP2P_XDCC) == IPP2P_XDCC) printf(" --xdcc");
++ if (info->debug != 0) printf(" --debug");
++ printf(" ");
++}
++
++
++
++static void
++save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
++{
++ struct ipt_p2p_info *info = (struct ipt_p2p_info *)match->data;
++
++ if ((info->cmd & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P) printf("--ipp2p ");
++// if ((info->cmd & SHORT_HAND_DATA) == SHORT_HAND_DATA) printf("--ipp2p-data ");
++ if ((info->cmd & IPP2P_KAZAA) == IPP2P_KAZAA) printf("--kazaa ");
++// if ((info->cmd & IPP2P_DATA_KAZAA) == IPP2P_DATA_KAZAA) printf("--kazaa-data ");
++// if ((info->cmd & IPP2P_DATA_GNU) == IPP2P_DATA_GNU) printf("--gnu-data ");
++ if ((info->cmd & IPP2P_GNU) == IPP2P_GNU) printf("--gnu ");
++ if ((info->cmd & IPP2P_EDK) == IPP2P_EDK) printf("--edk ");
++// if ((info->cmd & IPP2P_DATA_EDK) == IPP2P_DATA_EDK) printf("--edk-data ");
++// if ((info->cmd & IPP2P_DATA_DC) == IPP2P_DATA_DC) printf("--dc-data ");
++ if ((info->cmd & IPP2P_DC) == IPP2P_DC) printf("--dc ");
++ if ((info->cmd & IPP2P_BIT) == IPP2P_BIT) printf("--bit ");
++ if ((info->cmd & IPP2P_APPLE) == IPP2P_APPLE) printf("--apple ");
++ if ((info->cmd & IPP2P_SOUL) == IPP2P_SOUL) printf("--soul ");
++ if ((info->cmd & IPP2P_WINMX) == IPP2P_WINMX) printf("--winmx ");
++ if ((info->cmd & IPP2P_ARES) == IPP2P_ARES) printf("--ares ");
++ if ((info->cmd & IPP2P_MUTE) == IPP2P_MUTE) printf(" --mute");
++ if ((info->cmd & IPP2P_WASTE) == IPP2P_WASTE) printf(" --waste");
++ if ((info->cmd & IPP2P_XDCC) == IPP2P_XDCC) printf(" --xdcc");
++ if (info->debug != 0) printf("--debug ");
++}
++
++
++
++
++static
++struct iptables_match ipp2p=
++{
++ .next = NULL,
++ .name = "ipp2p",
++ .version = IPTABLES_VERSION,
++ .size = IPT_ALIGN(sizeof(struct ipt_p2p_info)),
++ .userspacesize = IPT_ALIGN(sizeof(struct ipt_p2p_info)),
++ .help = &help,
++ .init = &init,
++ .parse = &parse,
++ .final_check = &final_check,
++ .print = &print,
++ .save = &save,
++ .extra_opts = opts
++};
++
++
++
++void _init(void)
++{
++ register_match(&ipp2p);
++}
++
+diff -urN iptables.old/include/linux/netfilter_ipv4/ipt_ipp2p.h iptables.dev/include/linux/netfilter_ipv4/ipt_ipp2p.h
+--- iptables.old/include/linux/netfilter_ipv4/ipt_ipp2p.h 1970-01-01 01:00:00.000000000 +0100
++++ iptables.dev/include/linux/netfilter_ipv4/ipt_ipp2p.h 2006-03-23 14:44:26.000000000 +0100
+@@ -0,0 +1,31 @@
++#ifndef __IPT_IPP2P_H
++#define __IPT_IPP2P_H
++#define IPP2P_VERSION "0.8.1_rc1"
++
++struct ipt_p2p_info {
++ int cmd;
++ int debug;
++};
++
++#endif //__IPT_IPP2P_H
++
++#define SHORT_HAND_IPP2P 1 /* --ipp2p switch*/
++//#define SHORT_HAND_DATA 4 /* --ipp2p-data switch*/
++#define SHORT_HAND_NONE 5 /* no short hand*/
++
++#define IPP2P_EDK (1 << 1)
++#define IPP2P_DATA_KAZAA (1 << 2)
++#define IPP2P_DATA_EDK (1 << 3)
++#define IPP2P_DATA_DC (1 << 4)
++#define IPP2P_DC (1 << 5)
++#define IPP2P_DATA_GNU (1 << 6)
++#define IPP2P_GNU (1 << 7)
++#define IPP2P_KAZAA (1 << 8)
++#define IPP2P_BIT (1 << 9)
++#define IPP2P_APPLE (1 << 10)
++#define IPP2P_SOUL (1 << 11)
++#define IPP2P_WINMX (1 << 12)
++#define IPP2P_ARES (1 << 13)
++#define IPP2P_MUTE (1 << 14)
++#define IPP2P_WASTE (1 << 15)
++#define IPP2P_XDCC (1 << 16)
--- /dev/null
+diff -urN iptables.old/extensions/.layer7-test iptables.dev/extensions/.layer7-test
+--- iptables.old/extensions/.layer7-test 1970-01-01 01:00:00.000000000 +0100
++++ iptables.dev/extensions/.layer7-test 2005-11-10 16:57:51.819381000 +0100
+@@ -0,0 +1,2 @@
++#! /bin/sh
++[ -f $KERNEL_DIR/include/linux/netfilter_ipv4/ipt_layer7.h ] && echo layer7
+diff -urN iptables.old/extensions/ipt_layer7.h iptables.dev/extensions/ipt_layer7.h
+--- iptables.old/extensions/ipt_layer7.h 1970-01-01 01:00:00.000000000 +0100
++++ iptables.dev/extensions/ipt_layer7.h 2005-11-10 17:46:32.933599750 +0100
+@@ -0,0 +1,27 @@
++/*
++ By Matthew Strait <quadong@users.sf.net>, Dec 2003.
++ http://l7-filter.sf.net
++
++ This program is free software; you can redistribute it and/or
++ modify it under the terms of the GNU General Public License
++ as published by the Free Software Foundation; either version
++ 2 of the License, or (at your option) any later version.
++ http://www.gnu.org/licenses/gpl.txt
++*/
++
++#ifndef _IPT_LAYER7_H
++#define _IPT_LAYER7_H
++
++#define MAX_PATTERN_LEN 8192
++#define MAX_PROTOCOL_LEN 256
++
++typedef char *(*proc_ipt_search) (char *, char, char *);
++
++struct ipt_layer7_info {
++ char protocol[MAX_PROTOCOL_LEN];
++ char invert:1;
++ char pattern[MAX_PATTERN_LEN];
++ char pkt;
++};
++
++#endif /* _IPT_LAYER7_H */
+diff -urN iptables.old/extensions/libipt_layer7.c iptables.dev/extensions/libipt_layer7.c
+--- iptables.old/extensions/libipt_layer7.c 1970-01-01 01:00:00.000000000 +0100
++++ iptables.dev/extensions/libipt_layer7.c 2005-11-10 17:47:01.399378750 +0100
+@@ -0,0 +1,358 @@
++/*
++ Shared library add-on to iptables to add layer 7 matching support.
++
++ By Matthew Strait <quadong@users.sf.net>, Oct 2003.
++
++ http://l7-filter.sf.net
++
++ This program is free software; you can redistribute it and/or
++ modify it under the terms of the GNU General Public License
++ as published by the Free Software Foundation; either version
++ 2 of the License, or (at your option) any later version.
++ http://www.gnu.org/licenses/gpl.txt
++
++ Based on libipt_string.c (C) 2000 Emmanuel Roger <winfield@freegates.be>
++*/
++
++#define _GNU_SOURCE
++#include <stdio.h>
++#include <netdb.h>
++#include <string.h>
++#include <stdlib.h>
++#include <getopt.h>
++#include <ctype.h>
++#include <dirent.h>
++
++#include <iptables.h>
++#include "ipt_layer7.h"
++
++#define MAX_FN_LEN 256
++
++static char l7dir[MAX_FN_LEN] = "\0";
++
++/* Function which prints out usage message. */
++static void help(void)
++{
++ printf(
++ "LAYER7 match v%s options:\n"
++ "--l7dir <directory> : Look for patterns here instead of /etc/l7-protocols/\n"
++ " (--l7dir must be specified before --l7proto if used!)\n"
++ "--l7proto [!] <name> : Match the protocol defined in /etc/l7-protocols/name.pat\n"
++ "--l7pkt : Skip connection tracking and match individual packets\n",
++ IPTABLES_VERSION);
++ fputc('\n', stdout);
++}
++
++static struct option opts[] = {
++ { .name = "l7proto", .has_arg = 1, .flag = 0, .val = '1' },
++ { .name = "l7dir", .has_arg = 1, .flag = 0, .val = '2' },
++ { .name = "l7pkt", .has_arg = 0, .flag = 0, .val = '3' },
++ { .name = 0 }
++};
++
++/* reads filename, puts protocol info into layer7_protocol_info, number of protocols to numprotos */
++int parse_protocol_file(char * filename, const unsigned char * protoname, struct ipt_layer7_info *info)
++{
++ FILE * f;
++ char * line = NULL;
++ size_t len = 0;
++
++ enum { protocol, pattern, done } datatype = protocol;
++
++ f = fopen(filename, "r");
++
++ if(!f)
++ return 0;
++
++ while(getline(&line, &len, f) != -1)
++ {
++ if(strlen(line) < 2 || line[0] == '#')
++ continue;
++
++ /* strip the pesky newline... */
++ if(line[strlen(line) - 1] == '\n')
++ line[strlen(line) - 1] = '\0';
++
++ if(datatype == protocol)
++ {
++ if(strcmp(line, protoname))
++ exit_error(OTHER_PROBLEM,
++ "Protocol name (%s) doesn't match file name (%s). Bailing out\n",
++ protoname, filename);
++
++ if(strlen(line) >= MAX_PROTOCOL_LEN)
++ exit_error(PARAMETER_PROBLEM,
++ "Protocol name in %s too long!", filename);
++ strncpy(info->protocol, line, MAX_PROTOCOL_LEN);
++
++ datatype = pattern;
++ }
++ else if(datatype == pattern)
++ {
++ if(strlen(line) >= MAX_PATTERN_LEN)
++ exit_error(PARAMETER_PROBLEM, "Pattern in %s too long!", filename);
++ strncpy(info->pattern, line, MAX_PATTERN_LEN);
++
++ datatype = done;
++ break;
++ }
++ else
++ exit_error(OTHER_PROBLEM, "Internal error");
++ }
++
++ if(datatype != done)
++ exit_error(OTHER_PROBLEM, "Failed to get all needed data from %s", filename);
++
++ if(line) free(line);
++ fclose(f);
++
++ return 1;
++
++/*
++ fprintf(stderr, "protocol: %s\npattern: %s\n\n",
++ info->protocol,
++ info->pattern);
++*/
++}
++
++static int hex2dec(char c)
++{
++ switch (c)
++ {
++ case '0' ... '9':
++ return c - '0';
++ case 'a' ... 'f':
++ return c - 'a' + 10;
++ case 'A' ... 'F':
++ return c - 'A' + 10;
++ default:
++ exit_error(OTHER_PROBLEM, "hex2dec: bad value!\n");
++ return 0;
++ }
++}
++
++/* takes a string with \xHH escapes and returns one with the characters
++they stand for */
++static char * pre_process(char * s)
++{
++ char * result = malloc(strlen(s) + 1);
++ int sindex = 0, rindex = 0;
++ while( sindex < strlen(s) )
++ {
++ if( sindex + 3 < strlen(s) &&
++ s[sindex] == '\\' && s[sindex+1] == 'x' &&
++ isxdigit(s[sindex + 2]) && isxdigit(s[sindex + 3]) )
++ {
++ /* carefully remember to call tolower here... */
++ result[rindex] = tolower( hex2dec(s[sindex + 2])*16 +
++ hex2dec(s[sindex + 3] ) );
++ sindex += 3; /* 4 total */
++ }
++ else
++ result[rindex] = tolower(s[sindex]);
++
++ sindex++;
++ rindex++;
++ }
++ result[rindex] = '\0';
++
++ return result;
++}
++
++#define MAX_SUBDIRS 128
++char ** readl7dir(char * dirname)
++{
++ DIR * scratchdir;
++ struct dirent ** namelist;
++ char ** subdirs = malloc(MAX_SUBDIRS * sizeof(char *));
++
++ int n, d = 1;
++ subdirs[0] = "";
++
++ n = scandir(dirname, &namelist, 0, alphasort);
++
++ if (n < 0)
++ {
++ perror("scandir");
++ exit_error(OTHER_PROBLEM, "Couldn't open %s\n", dirname);
++ }
++ else
++ {
++ while(n--)
++ {
++ char fulldirname[MAX_FN_LEN];
++
++ snprintf(fulldirname, MAX_FN_LEN, "%s/%s", dirname, namelist[n]->d_name);
++
++ if((scratchdir = opendir(fulldirname)) != NULL)
++ {
++ closedir(scratchdir);
++
++ if(!strcmp(namelist[n]->d_name, ".") ||
++ !strcmp(namelist[n]->d_name, ".."))
++ /* do nothing */ ;
++ else
++ {
++ subdirs[d] = malloc(strlen(namelist[n]->d_name) + 1);
++ strcpy(subdirs[d], namelist[n]->d_name);
++ d++;
++ if(d >= MAX_SUBDIRS - 1)
++ {
++ fprintf(stderr,
++ "Too many subdirectories, skipping the rest!\n");
++ break;
++ }
++ }
++ }
++ free(namelist[n]);
++ }
++ free(namelist);
++ }
++
++ subdirs[d] = NULL;
++
++ return subdirs;
++}
++
++static void
++parse_layer7_protocol(const unsigned char *s, struct ipt_layer7_info *info)
++{
++ char filename[MAX_FN_LEN];
++ char * dir = NULL;
++ char ** subdirs;
++ int n = 0, done = 0;
++
++ if(strlen(l7dir) > 0)
++ dir = l7dir;
++ else
++ dir = "/etc/l7-protocols";
++
++ subdirs = readl7dir(dir);
++
++ while(subdirs[n] != NULL)
++ {
++ int c = snprintf(filename, MAX_FN_LEN, "%s/%s/%s.pat", dir, subdirs[n], s);
++
++ //fprintf(stderr, "Trying to find pattern in %s ... ", filename);
++
++ if(c > MAX_FN_LEN)
++ {
++ exit_error(OTHER_PROBLEM,
++ "Filename beginning with %s is too long!\n", filename);
++ }
++
++ /* read in the pattern from the file */
++ if(parse_protocol_file(filename, s, info))
++ {
++ //fprintf(stderr, "found\n");
++ done = 1;
++ break;
++ }
++
++ //fprintf(stderr, "not found\n");
++
++ n++;
++ }
++
++ if(!done)
++ exit_error(OTHER_PROBLEM,
++ "Couldn't find a pattern definition file for %s.\n", s);
++
++ /* process \xHH escapes and tolower everything. (our regex lib has no
++ case insensitivity option.) */
++ strncpy(info->pattern, pre_process(info->pattern), MAX_PATTERN_LEN);
++}
++
++/* Function which parses command options; returns true if it ate an option */
++static int parse(int c, char **argv, int invert, unsigned int *flags,
++ const struct ipt_entry *entry, unsigned int *nfcache,
++ struct ipt_entry_match **match)
++{
++ struct ipt_layer7_info *layer7info =
++ (struct ipt_layer7_info *)(*match)->data;
++
++ switch (c) {
++ case '1':
++ check_inverse(optarg, &invert, &optind, 0);
++ parse_layer7_protocol(argv[optind-1], layer7info);
++ if (invert)
++ layer7info->invert = 1;
++ *flags = 1;
++ break;
++
++ case '2':
++ /* not going to use this, but maybe we need to strip a ! anyway (?) */
++ check_inverse(optarg, &invert, &optind, 0);
++
++ if(strlen(argv[optind-1]) >= MAX_FN_LEN)
++ exit_error(PARAMETER_PROBLEM, "directory name too long\n");
++
++ strncpy(l7dir, argv[optind-1], MAX_FN_LEN);
++
++ *flags = 1;
++ break;
++ case '3':
++ layer7info->pkt = 1;
++ break;
++
++ default:
++ return 0;
++ }
++
++ return 1;
++}
++
++/* Final check; must have specified --pattern. */
++static void final_check(unsigned int flags)
++{
++ if (!flags)
++ exit_error(PARAMETER_PROBLEM,
++ "LAYER7 match: You must specify `--pattern'");
++}
++
++static void print_protocol(char s[], int invert, int numeric)
++{
++ fputs("l7proto ", stdout);
++ if (invert) fputc('!', stdout);
++ printf("%s ", s);
++}
++
++/* Prints out the matchinfo. */
++static void print(const struct ipt_ip *ip,
++ const struct ipt_entry_match *match,
++ int numeric)
++{
++ printf("LAYER7 ");
++
++ print_protocol(((struct ipt_layer7_info *)match->data)->protocol,
++ ((struct ipt_layer7_info *)match->data)->invert, numeric);
++
++ if (((struct ipt_layer7_info *)match->data)->pkt)
++ printf("l7pkt ");
++}
++/* Saves the union ipt_matchinfo in parsable form to stdout. */
++static void save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
++{
++ const struct ipt_layer7_info *info =
++ (const struct ipt_layer7_info*) match->data;
++
++ printf("--l7proto %s%s ", (info->invert) ? "! ": "", info->protocol);
++}
++
++static struct iptables_match layer7 = {
++ .name = "layer7",
++ .version = IPTABLES_VERSION,
++ .size = IPT_ALIGN(sizeof(struct ipt_layer7_info)),
++ .userspacesize = IPT_ALIGN(sizeof(struct ipt_layer7_info)),
++ .help = &help,
++ .parse = &parse,
++ .final_check = &final_check,
++ .print = &print,
++ .save = &save,
++ .extra_opts = opts
++};
++
++void _init(void)
++{
++ register_match(&layer7);
++}
+diff -urN iptables.old/extensions/libipt_layer7.man iptables.dev/extensions/libipt_layer7.man
+--- iptables.old/extensions/libipt_layer7.man 1970-01-01 01:00:00.000000000 +0100
++++ iptables.dev/extensions/libipt_layer7.man 2005-11-10 16:57:51.823381250 +0100
+@@ -0,0 +1,13 @@
++This module matches packets based on the application layer data of
++their connections. It uses regular expression matching to compare
++the application layer data to regular expressions found it the layer7
++configuration files. This is an experimental module which can be found at
++http://l7-filter.sf.net. It takes two options.
++.TP
++.BI "--l7proto " "\fIprotocol\fP"
++Match the specified protocol. The protocol name must match a file
++name in /etc/l7-protocols/
++.TP
++.BI "--l7dir " "\fIdirectory\fP"
++Use \fIdirectory\fP instead of /etc/l7-protocols/
++
--- /dev/null
+diff -urN iptables.old/extensions/libipt_multiport.c iptables.dev/extensions/libipt_multiport.c
+--- iptables.old/extensions/libipt_multiport.c 2005-02-19 20:19:17.000000000 +0100
++++ iptables.dev/extensions/libipt_multiport.c 2006-02-04 05:46:12.154127750 +0100
+@@ -8,24 +8,6 @@
+ /* To ensure that iptables compiles with an old kernel */
+ #include "../include/linux/netfilter_ipv4/ipt_multiport.h"
+
+-/* Function which prints out usage message. */
+-static void
+-help(void)
+-{
+- printf(
+-"multiport v%s options:\n"
+-" --source-ports port[,port,port...]\n"
+-" --sports ...\n"
+-" match source port(s)\n"
+-" --destination-ports port[,port,port...]\n"
+-" --dports ...\n"
+-" match destination port(s)\n"
+-" --ports port[,port,port]\n"
+-" match both source and destination port(s)\n"
+-" NOTE: this kernel does not support port ranges in multiport.\n",
+-IPTABLES_VERSION);
+-}
+-
+ static void
+ help_v1(void)
+ {
+@@ -75,26 +57,6 @@
+ "invalid port/service `%s' specified", port);
+ }
+
+-static unsigned int
+-parse_multi_ports(const char *portstring, u_int16_t *ports, const char *proto)
+-{
+- char *buffer, *cp, *next;
+- unsigned int i;
+-
+- buffer = strdup(portstring);
+- if (!buffer) exit_error(OTHER_PROBLEM, "strdup failed");
+-
+- for (cp=buffer, i=0; cp && i<IPT_MULTI_PORTS; cp=next,i++)
+- {
+- next=strchr(cp, ',');
+- if (next) *next++='\0';
+- ports[i] = parse_port(cp, proto);
+- }
+- if (cp) exit_error(PARAMETER_PROBLEM, "too many ports specified");
+- free(buffer);
+- return i;
+-}
+-
+ static void
+ parse_multi_ports_v1(const char *portstring,
+ struct ipt_multiport_v1 *multiinfo,
+@@ -160,58 +122,6 @@
+ "multiport only works with TCP or UDP");
+ }
+
+-/* Function which parses command options; returns true if it
+- ate an option */
+-static int
+-parse(int c, char **argv, int invert, unsigned int *flags,
+- const struct ipt_entry *entry,
+- unsigned int *nfcache,
+- struct ipt_entry_match **match)
+-{
+- const char *proto;
+- struct ipt_multiport *multiinfo
+- = (struct ipt_multiport *)(*match)->data;
+-
+- switch (c) {
+- case '1':
+- check_inverse(argv[optind-1], &invert, &optind, 0);
+- proto = check_proto(entry);
+- multiinfo->count = parse_multi_ports(argv[optind-1],
+- multiinfo->ports, proto);
+- multiinfo->flags = IPT_MULTIPORT_SOURCE;
+- break;
+-
+- case '2':
+- check_inverse(argv[optind-1], &invert, &optind, 0);
+- proto = check_proto(entry);
+- multiinfo->count = parse_multi_ports(argv[optind-1],
+- multiinfo->ports, proto);
+- multiinfo->flags = IPT_MULTIPORT_DESTINATION;
+- break;
+-
+- case '3':
+- check_inverse(argv[optind-1], &invert, &optind, 0);
+- proto = check_proto(entry);
+- multiinfo->count = parse_multi_ports(argv[optind-1],
+- multiinfo->ports, proto);
+- multiinfo->flags = IPT_MULTIPORT_EITHER;
+- break;
+-
+- default:
+- return 0;
+- }
+-
+- if (invert)
+- exit_error(PARAMETER_PROBLEM,
+- "multiport does not support invert");
+-
+- if (*flags)
+- exit_error(PARAMETER_PROBLEM,
+- "multiport can only have one option");
+- *flags = 1;
+- return 1;
+-}
+-
+ static int
+ parse_v1(int c, char **argv, int invert, unsigned int *flags,
+ const struct ipt_entry *entry,
+@@ -289,43 +199,6 @@
+ printf("%s", service);
+ }
+
+-/* Prints out the matchinfo. */
+-static void
+-print(const struct ipt_ip *ip,
+- const struct ipt_entry_match *match,
+- int numeric)
+-{
+- const struct ipt_multiport *multiinfo
+- = (const struct ipt_multiport *)match->data;
+- unsigned int i;
+-
+- printf("multiport ");
+-
+- switch (multiinfo->flags) {
+- case IPT_MULTIPORT_SOURCE:
+- printf("sports ");
+- break;
+-
+- case IPT_MULTIPORT_DESTINATION:
+- printf("dports ");
+- break;
+-
+- case IPT_MULTIPORT_EITHER:
+- printf("ports ");
+- break;
+-
+- default:
+- printf("ERROR ");
+- break;
+- }
+-
+- for (i=0; i < multiinfo->count; i++) {
+- printf("%s", i ? "," : "");
+- print_port(multiinfo->ports[i], ip->proto, numeric);
+- }
+- printf(" ");
+-}
+-
+ static void
+ print_v1(const struct ipt_ip *ip,
+ const struct ipt_entry_match *match,
+@@ -369,34 +242,6 @@
+ printf(" ");
+ }
+
+-/* Saves the union ipt_matchinfo in parsable form to stdout. */
+-static void save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
+-{
+- const struct ipt_multiport *multiinfo
+- = (const struct ipt_multiport *)match->data;
+- unsigned int i;
+-
+- switch (multiinfo->flags) {
+- case IPT_MULTIPORT_SOURCE:
+- printf("--sports ");
+- break;
+-
+- case IPT_MULTIPORT_DESTINATION:
+- printf("--dports ");
+- break;
+-
+- case IPT_MULTIPORT_EITHER:
+- printf("--ports ");
+- break;
+- }
+-
+- for (i=0; i < multiinfo->count; i++) {
+- printf("%s", i ? "," : "");
+- print_port(multiinfo->ports[i], ip->proto, 1);
+- }
+- printf(" ");
+-}
+-
+ static void save_v1(const struct ipt_ip *ip,
+ const struct ipt_entry_match *match)
+ {
+@@ -432,19 +277,20 @@
+ printf(" ");
+ }
+
++
+ static struct iptables_match multiport = {
+ .next = NULL,
+ .name = "multiport",
+- .revision = 0,
+ .version = IPTABLES_VERSION,
+- .size = IPT_ALIGN(sizeof(struct ipt_multiport)),
+- .userspacesize = IPT_ALIGN(sizeof(struct ipt_multiport)),
+- .help = &help,
++ .revision = 0,
++ .size = IPT_ALIGN(sizeof(struct ipt_multiport_v1)),
++ .userspacesize = IPT_ALIGN(sizeof(struct ipt_multiport_v1)),
++ .help = &help_v1,
+ .init = &init,
+- .parse = &parse,
++ .parse = &parse_v1,
+ .final_check = &final_check,
+- .print = &print,
+- .save = &save,
++ .print = &print_v1,
++ .save = &save_v1,
+ .extra_opts = opts
+ };
+
--- /dev/null
+diff -urN iptables.old/extensions/.IMQ-test iptables.dev/extensions/.IMQ-test
+--- iptables.old/extensions/.IMQ-test 1970-01-01 01:00:00.000000000 +0100
++++ iptables.dev/extensions/.IMQ-test 2005-10-09 01:00:36.358959750 +0200
+@@ -0,0 +1,3 @@
++#!/bin/sh
++# True if IMQ target patch is applied.
++[ -f $KERNEL_DIR/net/ipv4/netfilter/ipt_IMQ.c ] && echo IMQ
+diff -urN iptables.old/extensions/.IMQ-test6 iptables.dev/extensions/.IMQ-test6
+--- iptables.old/extensions/.IMQ-test6 1970-01-01 01:00:00.000000000 +0100
++++ iptables.dev/extensions/.IMQ-test6 2005-10-09 01:00:36.358959750 +0200
+@@ -0,0 +1,3 @@
++#!/bin/sh
++# True if IMQ target patch is applied.
++[ -f $KERNEL_DIR/net/ipv6/netfilter/ip6t_IMQ.c ] && echo IMQ
+diff -urN iptables.old/extensions/libip6t_IMQ.c iptables.dev/extensions/libip6t_IMQ.c
+--- iptables.old/extensions/libip6t_IMQ.c 1970-01-01 01:00:00.000000000 +0100
++++ iptables.dev/extensions/libip6t_IMQ.c 2005-10-09 01:00:36.358959750 +0200
+@@ -0,0 +1,101 @@
++/* Shared library add-on to iptables to add IMQ target support. */
++#include <stdio.h>
++#include <string.h>
++#include <stdlib.h>
++#include <getopt.h>
++
++#include <ip6tables.h>
++#include <linux/netfilter_ipv6/ip6_tables.h>
++#include <linux/netfilter_ipv6/ip6t_IMQ.h>
++
++/* Function which prints out usage message. */
++static void
++help(void)
++{
++ printf(
++"IMQ target v%s options:\n"
++" --todev <N> enqueue to imq<N>, defaults to 0\n",
++IPTABLES_VERSION);
++}
++
++static struct option opts[] = {
++ { "todev", 1, 0, '1' },
++ { 0 }
++};
++
++/* Initialize the target. */
++static void
++init(struct ip6t_entry_target *t, unsigned int *nfcache)
++{
++ struct ip6t_imq_info *mr = (struct ip6t_imq_info*)t->data;
++
++ mr->todev = 0;
++ *nfcache |= NFC_UNKNOWN;
++}
++
++/* Function which parses command options; returns true if it
++ ate an option */
++static int
++parse(int c, char **argv, int invert, unsigned int *flags,
++ const struct ip6t_entry *entry,
++ struct ip6t_entry_target **target)
++{
++ struct ip6t_imq_info *mr = (struct ip6t_imq_info*)(*target)->data;
++
++ switch(c) {
++ case '1':
++ if (check_inverse(optarg, &invert, NULL, 0))
++ exit_error(PARAMETER_PROBLEM,
++ "Unexpected `!' after --todev");
++ mr->todev=atoi(optarg);
++ break;
++ default:
++ return 0;
++ }
++ return 1;
++}
++
++static void
++final_check(unsigned int flags)
++{
++}
++
++/* Prints out the targinfo. */
++static void
++print(const struct ip6t_ip6 *ip,
++ const struct ip6t_entry_target *target,
++ int numeric)
++{
++ struct ip6t_imq_info *mr = (struct ip6t_imq_info*)target->data;
++
++ printf("IMQ: todev %u ", mr->todev);
++}
++
++/* Saves the union ipt_targinfo in parsable form to stdout. */
++static void
++save(const struct ip6t_ip6 *ip, const struct ip6t_entry_target *target)
++{
++ struct ip6t_imq_info *mr = (struct ip6t_imq_info*)target->data;
++
++ printf("--todev %u", mr->todev);
++}
++
++static struct ip6tables_target imq = {
++ .next = NULL,
++ .name = "IMQ",
++ .version = IPTABLES_VERSION,
++ .size = IP6T_ALIGN(sizeof(struct ip6t_imq_info)),
++ .userspacesize = IP6T_ALIGN(sizeof(struct ip6t_imq_info)),
++ .help = &help,
++ .init = &init,
++ .parse = &parse,
++ .final_check = &final_check,
++ .print = &print,
++ .save = &save,
++ .extra_opts = opts
++};
++
++void _init(void)
++{
++ register_target6(&imq);
++}
+diff -urN iptables.old/extensions/libipt_IMQ.c iptables.dev/extensions/libipt_IMQ.c
+--- iptables.old/extensions/libipt_IMQ.c 1970-01-01 01:00:00.000000000 +0100
++++ iptables.dev/extensions/libipt_IMQ.c 2005-10-09 01:00:36.358959750 +0200
+@@ -0,0 +1,101 @@
++/* Shared library add-on to iptables to add IMQ target support. */
++#include <stdio.h>
++#include <string.h>
++#include <stdlib.h>
++#include <getopt.h>
++
++#include <iptables.h>
++#include <linux/netfilter_ipv4/ip_tables.h>
++#include <linux/netfilter_ipv4/ipt_IMQ.h>
++
++/* Function which prints out usage message. */
++static void
++help(void)
++{
++ printf(
++"IMQ target v%s options:\n"
++" --todev <N> enqueue to imq<N>, defaults to 0\n",
++IPTABLES_VERSION);
++}
++
++static struct option opts[] = {
++ { "todev", 1, 0, '1' },
++ { 0 }
++};
++
++/* Initialize the target. */
++static void
++init(struct ipt_entry_target *t, unsigned int *nfcache)
++{
++ struct ipt_imq_info *mr = (struct ipt_imq_info*)t->data;
++
++ mr->todev = 0;
++ *nfcache |= NFC_UNKNOWN;
++}
++
++/* Function which parses command options; returns true if it
++ ate an option */
++static int
++parse(int c, char **argv, int invert, unsigned int *flags,
++ const struct ipt_entry *entry,
++ struct ipt_entry_target **target)
++{
++ struct ipt_imq_info *mr = (struct ipt_imq_info*)(*target)->data;
++
++ switch(c) {
++ case '1':
++ if (check_inverse(optarg, &invert, NULL, 0))
++ exit_error(PARAMETER_PROBLEM,
++ "Unexpected `!' after --todev");
++ mr->todev=atoi(optarg);
++ break;
++ default:
++ return 0;
++ }
++ return 1;
++}
++
++static void
++final_check(unsigned int flags)
++{
++}
++
++/* Prints out the targinfo. */
++static void
++print(const struct ipt_ip *ip,
++ const struct ipt_entry_target *target,
++ int numeric)
++{
++ struct ipt_imq_info *mr = (struct ipt_imq_info*)target->data;
++
++ printf("IMQ: todev %u ", mr->todev);
++}
++
++/* Saves the union ipt_targinfo in parsable form to stdout. */
++static void
++save(const struct ipt_ip *ip, const struct ipt_entry_target *target)
++{
++ struct ipt_imq_info *mr = (struct ipt_imq_info*)target->data;
++
++ printf("--todev %u", mr->todev);
++}
++
++static struct iptables_target imq = {
++ .next = NULL,
++ .name = "IMQ",
++ .version = IPTABLES_VERSION,
++ .size = IPT_ALIGN(sizeof(struct ipt_imq_info)),
++ .userspacesize = IPT_ALIGN(sizeof(struct ipt_imq_info)),
++ .help = &help,
++ .init = &init,
++ .parse = &parse,
++ .final_check = &final_check,
++ .print = &print,
++ .save = &save,
++ .extra_opts = opts
++};
++
++void _init(void)
++{
++ register_target(&imq);
++}
--- /dev/null
+--- iptables-1.3.5/extensions/libipt_iprange.c.orig 2006-12-05 19:28:58.000000000 +0100
++++ iptables-1.3.5/extensions/libipt_iprange.c 2006-12-05 19:30:28.000000000 +0100
+@@ -6,6 +6,7 @@
+ #include <getopt.h>
+
+ #include <iptables.h>
++#include <linux/types.h>
+ #include <linux/netfilter_ipv4/ipt_iprange.h>
+
+ /* Function which prints out usage message. */
--- /dev/null
+diff -ur iptables.old/ip6tables.c iptables.dev/ip6tables.c
+--- iptables.old/ip6tables.c 2006-01-30 09:43:12.000000000 +0100
++++ iptables.dev/ip6tables.c 2007-01-02 00:29:50.000000000 +0100
+@@ -857,8 +857,9 @@
+ for (i = 0; vianame[i]; i++) {
+ if (!isalnum(vianame[i])
+ && vianame[i] != '_'
++ && vianame[i] != '-'
+ && vianame[i] != '.') {
+- printf("Warning: wierd character in interface"
++ printf("Warning: weird character in interface"
+ " `%s' (No aliases, :, ! or *).\n",
+ vianame);
+ break;
+diff -ur iptables.old/iptables.c iptables.dev/iptables.c
+--- iptables.old/iptables.c 2006-01-30 09:43:09.000000000 +0100
++++ iptables.dev/iptables.c 2007-01-02 00:29:38.000000000 +0100
+@@ -805,8 +805,9 @@
+ for (i = 0; vianame[i]; i++) {
+ if (!isalnum(vianame[i])
+ && vianame[i] != '_'
++ && vianame[i] != '-'
+ && vianame[i] != '.') {
+- printf("Warning: wierd character in interface"
++ printf("Warning: weird character in interface"
+ " `%s' (No aliases, :, ! or *).\n",
+ vianame);
+ break;
--- /dev/null
+diff -ruN iptables-1.3.5.orig/extensions/.CHAOS-test iptables-1.3.5/extensions/.CHAOS-test
+--- iptables-1.3.5.orig/extensions/.CHAOS-test 1970-01-01 01:00:00.000000000 +0100
++++ iptables-1.3.5/extensions/.CHAOS-test 2007-01-09 16:05:23.251885840 +0100
+@@ -0,0 +1,2 @@
++#!/bin/sh
++[ -f "$KERNEL_DIR/include/linux/netfilter/xt_CHAOS.h" ] && echo "CHAOS";
+diff -ruN iptables-1.3.5.orig/extensions/.DELUDE-test iptables-1.3.5/extensions/.DELUDE-test
+--- iptables-1.3.5.orig/extensions/.DELUDE-test 1970-01-01 01:00:00.000000000 +0100
++++ iptables-1.3.5/extensions/.DELUDE-test 2007-01-09 16:05:18.104057722 +0100
+@@ -0,0 +1,2 @@
++#!/bin/sh
++echo "DELUDE";
+diff -ruN iptables-1.3.5.orig/extensions/libipt_CHAOS.c iptables-1.3.5/extensions/libipt_CHAOS.c
+--- iptables-1.3.5.orig/extensions/libipt_CHAOS.c 1970-01-01 01:00:00.000000000 +0100
++++ iptables-1.3.5/extensions/libipt_CHAOS.c 2007-01-09 16:05:23.251885840 +0100
+@@ -0,0 +1,111 @@
++/*
++ CHAOS target for iptables
++
++ Copyright © Jan Engelhardt <jengelh [at] gmx de>, 2006 - 2007
++ released under the terms of the GNU General Public
++ License version 2.x and only versions 2.x.
++*/
++#include <getopt.h>
++#include <stdio.h>
++#include <string.h>
++
++#include <iptables.h>
++#include <linux/netfilter_ipv4/ip_tables.h>
++#include <linux/netfilter/xt_CHAOS.h>
++
++static void libipt_chaos_help(void)
++{
++ printf(
++ "CHAOS target v%s options:\n"
++ " --delude Enable DELUDE processing for TCP\n"
++ " --tarpit Enable TARPIT processing for TCP\n",
++ IPTABLES_VERSION);
++ return;
++}
++
++static int libipt_chaos_parse(int c, char **argv, int invert,
++ unsigned int *flags, const struct ipt_entry *entry,
++ struct ipt_entry_target **target)
++{
++ struct xt_chaos_info *info = (void *)((*target)->data);
++ switch(c) {
++ case 'd':
++ info->variant = XTCHAOS_DELUDE;
++ *flags |= 0x02;
++ return 1;
++ case 't':
++ info->variant = XTCHAOS_TARPIT;
++ *flags |= 0x01;
++ return 1;
++ }
++ return 0;
++}
++
++static void libipt_chaos_check(unsigned int flags)
++{
++ if(flags != 0x03)
++ return;
++ /* If flags == 0x03, both were specified, which should not be. */
++ exit_error(PARAMETER_PROBLEM,
++ "CHAOS: only one of --tarpit or --delude may be specified");
++ return;
++}
++
++static void libipt_chaos_print(const struct ipt_ip *ip,
++ const struct ipt_entry_target *target, int numeric)
++{
++ const struct xt_chaos_info *info = (const void *)target->data;
++ switch(info->variant) {
++ case XTCHAOS_DELUDE:
++ printf("DELUDE ");
++ break;
++ case XTCHAOS_TARPIT:
++ printf("TARPIT ");
++ break;
++ default:
++ break;
++ }
++ return;
++}
++
++static void libipt_chaos_save(const struct ipt_ip *ip,
++ const struct ipt_entry_target *target)
++{
++ const struct xt_chaos_info *info = (const void *)target->data;
++ switch(info->variant) {
++ case XTCHAOS_DELUDE:
++ printf("--delude ");
++ break;
++ case XTCHAOS_TARPIT:
++ printf("--tarpit ");
++ break;
++ default:
++ break;
++ }
++ return;
++}
++
++static struct option libipt_chaos_opts[] = {
++ {"delude", 0, NULL, 'd'},
++ {"tarpit", 0, NULL, 't'},
++ {NULL},
++};
++
++static struct iptables_target libipt_chaos_info = {
++ .name = "CHAOS",
++ .version = IPTABLES_VERSION,
++ .size = IPT_ALIGN(sizeof(struct xt_chaos_info)),
++ .userspacesize = IPT_ALIGN(sizeof(struct xt_chaos_info)),
++ .help = libipt_chaos_help,
++ .parse = libipt_chaos_parse,
++ .final_check = libipt_chaos_check,
++ .print = libipt_chaos_print,
++ .save = libipt_chaos_save,
++ .extra_opts = libipt_chaos_opts,
++};
++
++static __attribute__((constructor)) void libipt_chaos_init(void)
++{
++ register_target(&libipt_chaos_info);
++ return;
++}
+diff -ruN iptables-1.3.5.orig/extensions/libipt_DELUDE.c iptables-1.3.5/extensions/libipt_DELUDE.c
+--- iptables-1.3.5.orig/extensions/libipt_DELUDE.c 1970-01-01 01:00:00.000000000 +0100
++++ iptables-1.3.5/extensions/libipt_DELUDE.c 2007-01-09 16:05:18.104057722 +0100
+@@ -0,0 +1,66 @@
++/*
++ DELUDE target for iptables
++
++ Copyright © Jan Engelhardt <jengelh [at] gmx de>, 2006 - 2007
++ released under the terms of the GNU General Public
++ License version 2.x and only versions 2.x.
++*/
++#include <getopt.h>
++#include <stdio.h>
++#include <string.h>
++
++#include <iptables.h>
++#include <linux/netfilter_ipv4/ip_tables.h>
++
++static void libipt_delude_help(void)
++{
++ printf("DELUDE takes no options\n");
++ return;
++}
++
++static int libipt_delude_parse(int c, char **argv, int invert,
++ unsigned int *flags, const struct ipt_entry *entry,
++ struct ipt_entry_target **target)
++{
++ return 0;
++}
++
++static void libipt_delude_check(unsigned int flags)
++{
++ return;
++}
++
++static void libipt_delude_print(const struct ipt_ip *ip,
++ const struct ipt_entry_target *target, int numeric)
++{
++ return;
++}
++
++static void libipt_delude_save(const struct ipt_ip *ip,
++ const struct ipt_entry_target *target)
++{
++ return;
++}
++
++static struct option libipt_delude_opts[] = {
++ {NULL},
++};
++
++static struct iptables_target libipt_delude_info = {
++ .name = "DELUDE",
++ .version = IPTABLES_VERSION,
++ .size = IPT_ALIGN(0),
++ .userspacesize = IPT_ALIGN(0),
++ .help = libipt_delude_help,
++ .parse = libipt_delude_parse,
++ .final_check = libipt_delude_check,
++ .print = libipt_delude_print,
++ .save = libipt_delude_save,
++ .extra_opts = libipt_delude_opts,
++};
++
++static __attribute__((constructor)) void libipt_delude_init(void)
++{
++ register_target(&libipt_delude_info);
++ return;
++}
+diff -ruN iptables-1.3.5.orig/extensions/libipt_portscan.c iptables-1.3.5/extensions/libipt_portscan.c
+--- iptables-1.3.5.orig/extensions/libipt_portscan.c 1970-01-01 01:00:00.000000000 +0100
++++ iptables-1.3.5/extensions/libipt_portscan.c 2007-01-09 16:05:14.228187134 +0100
+@@ -0,0 +1,129 @@
++/*
++ portscan match for iptables
++
++ Copyright © Jan Engelhardt <jengelh [at] gmx de>, 2006 - 2007
++ released under the terms of the GNU General Public
++ License version 2.x and only versions 2.x.
++*/
++#include <stdio.h>
++#include <string.h>
++#include <stdlib.h>
++#include <getopt.h>
++
++#include <iptables.h>
++#include <linux/netfilter_ipv4/ip_tables.h>
++#include <linux/netfilter/xt_portscan.h>
++
++static void libipt_portscan_help(void)
++{
++ printf(
++ "portscan match v%s options:\n"
++ "(Combining them will make them match by OR-logic)\n"
++ " --stealth Match TCP Stealth packets\n"
++ " --synscan Match TCP SYN scans\n"
++ " --cnscan Match TCP Connect scans\n"
++ " --grscan Match Banner Grabbing scans\n",
++ IPTABLES_VERSION);
++ return;
++}
++
++static void libipt_portscan_mtinit(struct ipt_entry_match *match,
++ unsigned int *nfcache)
++{
++ /* Cannot cache this */
++ *nfcache |= NFC_UNKNOWN;
++ return;
++}
++
++static int libipt_portscan_parse(int c, char **argv, int invert,
++ unsigned int *flags, const struct ipt_entry *entry, unsigned int *nfc,
++ struct ipt_entry_match **match)
++{
++ struct xt_portscan_info *info = (void *)((*match)->data);
++
++ switch(c) {
++ case 'c':
++ info->match_cn = 1;
++ return 1;
++ case 'g':
++ info->match_gr = 1;
++ return 1;
++ case 's':
++ info->match_syn = 1;
++ return 1;
++ case 'x':
++ info->match_stealth = 1;
++ return 1;
++ default:
++ return 0;
++ }
++}
++
++static void libipt_portscan_check(unsigned int flags)
++{
++ return;
++}
++
++static void libipt_portscan_print(const struct ipt_ip *ip,
++ const struct ipt_entry_match *match, int numeric)
++{
++ const struct xt_portscan_info *info = (const void *)(match->data);
++ const char *s = "";
++
++ printf("portscan ");
++ if(info->match_stealth) {
++ printf("STEALTH");
++ s = ",";
++ }
++ if(info->match_syn) {
++ printf("%sSYNSCAN", s);
++ s = ",";
++ }
++ if(info->match_cn) {
++ printf("%sCNSCAN", s);
++ s = ",";
++ }
++ if(info->match_gr)
++ printf("%sGRSCAN", s);
++ printf(" ");
++ return;
++}
++
++static void libipt_portscan_save(const struct ipt_ip *ip,
++ const struct ipt_entry_match *match)
++{
++ const struct xt_portscan_info *info = (const void *)(match->data);
++ if(info->match_stealth) printf("--stealth ");
++ if(info->match_syn) printf("--synscan ");
++ if(info->match_cn) printf("--cnscan ");
++ if(info->match_gr) printf("--grscan ");
++ return;
++}
++
++static struct option libipt_portscan_opts[] = {
++ {"stealth", 0, NULL, 'x'},
++ {"synscan", 0, NULL, 's'},
++ {"cnscan", 0, NULL, 'c'},
++ {"grscan", 0, NULL, 'g'},
++ {NULL},
++};
++
++static struct iptables_match libipt_portscan_info = {
++ .name = "portscan",
++ .version = IPTABLES_VERSION,
++ .size = IPT_ALIGN(sizeof(struct xt_portscan_info)),
++ .userspacesize = IPT_ALIGN(sizeof(struct xt_portscan_info)),
++ .help = libipt_portscan_help,
++ .init = libipt_portscan_mtinit,
++ .parse = libipt_portscan_parse,
++ .final_check = libipt_portscan_check,
++ .print = libipt_portscan_print,
++ .save = libipt_portscan_save,
++ .extra_opts = libipt_portscan_opts,
++};
++
++static __attribute__((constructor)) void libipt_portscan_init(void)
++{
++ register_match(&libipt_portscan_info);
++ return;
++}
+diff -ruN iptables-1.3.5.orig/extensions/.portscan-test iptables-1.3.5/extensions/.portscan-test
+--- iptables-1.3.5.orig/extensions/.portscan-test 1970-01-01 01:00:00.000000000 +0100
++++ iptables-1.3.5/extensions/.portscan-test 2007-01-09 16:05:14.228187134 +0100
+@@ -0,0 +1,2 @@
++#!/bin/sh
++[ -f "$KERNEL_DIR/include/linux/netfilter/xt_portscan.h" ] && echo "portscan";
+++ /dev/null
-diff -urN iptables.old/extensions/Makefile iptables.dev/extensions/Makefile
---- iptables.old/extensions/Makefile 2005-07-20 04:22:56.000000000 +0200
-+++ iptables.dev/extensions/Makefile 2006-03-23 14:42:28.000000000 +0100
-@@ -8,6 +8,10 @@
- PF_EXT_SLIB:=ah addrtype comment connlimit connmark conntrack dscp ecn esp hashlimit helper icmp iprange length limit mac mark multiport owner physdev pkttype realm rpc sctp standard state tcp tcpmss tos ttl udp unclean CLASSIFY CONNMARK DNAT DSCP ECN LOG MARK MASQUERADE MIRROR NETMAP NFQUEUE NOTRACK REDIRECT REJECT SAME SNAT TARPIT TCPMSS TOS TRACE TTL ULOG
- PF6_EXT_SLIB:=eui64 hl icmpv6 length limit mac mark multiport owner physdev standard tcp udp HL LOG NFQUEUE MARK TRACE
-
-+
-+# ipp2p
-+PF_EXT_SLIB += ipp2p
-+
- # Optionals
- PF_EXT_SLIB_OPTS:=$(foreach T,$(wildcard extensions/.*-test),$(shell KERNEL_DIR=$(KERNEL_DIR) $(T)))
- PF6_EXT_SLIB_OPTS:=$(foreach T,$(wildcard extensions/.*-test6),$(shell KERNEL_DIR=$(KERNEL_DIR) $(T)))
-diff -urN iptables.old/extensions/libipt_ipp2p.c iptables.dev/extensions/libipt_ipp2p.c
---- iptables.old/extensions/libipt_ipp2p.c 1970-01-01 01:00:00.000000000 +0100
-+++ iptables.dev/extensions/libipt_ipp2p.c 2006-03-23 14:43:26.000000000 +0100
-@@ -0,0 +1,401 @@
-+
-+#include <stdio.h>
-+#include <netdb.h>
-+#include <string.h>
-+#include <stdlib.h>
-+#include <getopt.h>
-+#include <ctype.h>
-+
-+#include <iptables.h>
-+
-+#include <linux/netfilter_ipv4/ipt_ipp2p.h>
-+
-+static void
-+help(void)
-+{
-+ printf(
-+ "IPP2P v%s options:\n"
-+ " --ipp2p Grab all known p2p packets\n"
-+ " --edk [TCP&UDP] All known eDonkey/eMule/Overnet packets\n"
-+ " --dc [TCP] All known Direct Connect packets\n"
-+ " --kazaa [TCP&UDP] All known KaZaA packets\n"
-+ " --gnu [TCP&UDP] All known Gnutella packets\n"
-+ " --bit [TCP&UDP] All known BitTorrent packets\n"
-+ " --apple [TCP] All known AppleJuice packets\n"
-+ " --winmx [TCP] All known WinMX\n"
-+ " --soul [TCP] All known SoulSeek\n"
-+ " --ares [TCP] All known Ares\n\n"
-+ " EXPERIMENTAL protocols (please send feedback to: ipp2p@ipp2p.org) :\n"
-+ " --mute [TCP] All known Mute packets\n"
-+ " --waste [TCP] All known Waste packets\n"
-+ " --xdcc [TCP] All known XDCC packets (only xdcc login)\n\n"
-+ " DEBUG SUPPPORT, use only if you know why\n"
-+ " --debug Generate kernel debug output, THIS WILL SLOW DOWN THE FILTER\n"
-+ "\nNote that the follwing options will have the same meaning:\n"
-+ " '--ipp2p' is equal to '--edk --dc --kazaa --gnu --bit --apple --winmx --soul --ares'\n"
-+ "\nIPP2P was intended for TCP only. Due to increasing usage of UDP we needed to change this.\n"
-+ "You can now use -p udp to search UDP packets only or without -p switch to search UDP and TCP packets.\n"
-+ "\nSee README included with this package for more details or visit http://www.ipp2p.org\n"
-+ "\nExamples:\n"
-+ " iptables -A FORWARD -m ipp2p --ipp2p -j MARK --set-mark 0x01\n"
-+ " iptables -A FORWARD -p udp -m ipp2p --kazaa --bit -j DROP\n"
-+ " iptables -A FORWARD -p tcp -m ipp2p --edk --soul -j DROP\n\n"
-+ , IPP2P_VERSION);
-+}
-+
-+static struct option opts[] = {
-+ { "ipp2p", 0, 0, '1' },
-+ { "edk", 0, 0, '2' },
-+ { "dc", 0, 0, '7' },
-+ { "gnu", 0, 0, '9' },
-+ { "kazaa", 0, 0, 'a' },
-+ { "bit", 0, 0, 'b' },
-+ { "apple", 0, 0, 'c' },
-+ { "soul", 0, 0, 'd' },
-+ { "winmx", 0, 0, 'e' },
-+ { "ares", 0, 0, 'f' },
-+ { "mute", 0, 0, 'g' },
-+ { "waste", 0, 0, 'h' },
-+ { "xdcc", 0, 0, 'i' },
-+ { "debug", 0, 0, 'j' },
-+ {0}
-+};
-+
-+
-+
-+static void
-+init(struct ipt_entry_match *m, unsigned int *nfcache)
-+{
-+ struct ipt_p2p_info *info = (struct ipt_p2p_info *)m->data;
-+
-+ *nfcache |= NFC_UNKNOWN;
-+
-+ /*init the module with default values*/
-+ info->cmd = 0;
-+ info->debug = 0;
-+
-+}
-+
-+
-+static int
-+parse(int c, char **argv, int invert, unsigned int *flags,
-+ const struct ipt_entry *entry,
-+ unsigned int *nfcache,
-+ struct ipt_entry_match **match)
-+{
-+ struct ipt_p2p_info *info = (struct ipt_p2p_info *)(*match)->data;
-+
-+ switch (c) {
-+ case '1': /*cmd: ipp2p*/
-+ if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P)
-+ exit_error(PARAMETER_PROBLEM,
-+ "ipp2p: `--ipp2p' may only be "
-+ "specified once!");
-+/* if ((*flags & SHORT_HAND_DATA) == SHORT_HAND_DATA)
-+ exit_error(PARAMETER_PROBLEM,
-+ "ipp2p: `--ipp2p-data' may only be "
-+ "specified alone!");*/
-+ if ((*flags) != 0)
-+ exit_error(PARAMETER_PROBLEM,
-+ "ipp2p: `--ipp2p' may only be "
-+ "specified alone!");
-+ if (invert) exit_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!");
-+ *flags += SHORT_HAND_IPP2P;
-+ info->cmd = *flags;
-+ break;
-+
-+ case '2': /*cmd: edk*/
-+ if ((*flags & IPP2P_EDK) == IPP2P_EDK)
-+ exit_error(PARAMETER_PROBLEM,
-+ "ipp2p: `--edk' may only be "
-+ "specified once");
-+ if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P)
-+ exit_error(PARAMETER_PROBLEM,
-+ "ipp2p: `--ipp2p' may only be "
-+ "specified alone!");
-+/* if ((*flags & SHORT_HAND_DATA) == SHORT_HAND_DATA)
-+ exit_error(PARAMETER_PROBLEM,
-+ "ipp2p: `--ipp2p-data' may only be "
-+ "specified alone!");*/
-+ if ((*flags & IPP2P_DATA_EDK) == IPP2P_DATA_EDK)
-+ exit_error(PARAMETER_PROBLEM,
-+ "ipp2p: use `--edk' OR `--edk-data' but not both of them!");
-+ if (invert) exit_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!");
-+ *flags += IPP2P_EDK;
-+ info->cmd = *flags;
-+ break;
-+
-+
-+ case '7': /*cmd: dc*/
-+ if ((*flags & IPP2P_DC) == IPP2P_DC)
-+ exit_error(PARAMETER_PROBLEM,
-+ "ipp2p: `--dc' may only be "
-+ "specified once!");
-+ if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P)
-+ exit_error(PARAMETER_PROBLEM,
-+ "ipp2p: `--ipp2p' may only be "
-+ "specified alone!");
-+/* if ((*flags & SHORT_HAND_DATA) == SHORT_HAND_DATA)
-+ exit_error(PARAMETER_PROBLEM,
-+ "ipp2p: `--ipp2p-data' may only be "
-+ "specified alone!");*/
-+ if ((*flags & IPP2P_DATA_DC) == IPP2P_DATA_DC)
-+ exit_error(PARAMETER_PROBLEM,
-+ "ipp2p: use `--dc' OR `--dc-data' but not both of them!");
-+ if (invert) exit_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!");
-+ *flags += IPP2P_DC;
-+ info->cmd = *flags;
-+ break;
-+
-+
-+ case '9': /*cmd: gnu*/
-+ if ((*flags & IPP2P_GNU) == IPP2P_GNU)
-+ exit_error(PARAMETER_PROBLEM,
-+ "ipp2p: `--gnu' may only be "
-+ "specified once!");
-+/* if ((*flags & SHORT_HAND_DATA) == SHORT_HAND_DATA)
-+ exit_error(PARAMETER_PROBLEM,
-+ "ipp2p: `--ipp2p-data' may only be "
-+ "specified alone!");*/
-+ if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P)
-+ exit_error(PARAMETER_PROBLEM,
-+ "ipp2p: `--ipp2p' may only be "
-+ "specified alone!");
-+ if ((*flags & IPP2P_DATA_GNU) == IPP2P_DATA_GNU)
-+ exit_error(PARAMETER_PROBLEM,
-+ "ipp2p: use `--gnu' OR `--gnu-data' but not both of them!");
-+ if (invert) exit_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!");
-+ *flags += IPP2P_GNU;
-+ info->cmd = *flags;
-+ break;
-+
-+ case 'a': /*cmd: kazaa*/
-+ if ((*flags & IPP2P_KAZAA) == IPP2P_KAZAA)
-+ exit_error(PARAMETER_PROBLEM,
-+ "ipp2p: `--kazaa' may only be "
-+ "specified once!");
-+/* if ((*flags & SHORT_HAND_DATA) == SHORT_HAND_DATA)
-+ exit_error(PARAMETER_PROBLEM,
-+ "ipp2p: `--ipp2p-data' may only be "
-+ "specified alone!");*/
-+ if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P)
-+ exit_error(PARAMETER_PROBLEM,
-+ "ipp2p: `--ipp2p' may only be "
-+ "specified alone!");
-+ if ((*flags & IPP2P_DATA_KAZAA) == IPP2P_DATA_KAZAA)
-+ exit_error(PARAMETER_PROBLEM,
-+ "ipp2p: use `--kazaa' OR `--kazaa-data' but not both of them!");
-+ if (invert) exit_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!");
-+ *flags += IPP2P_KAZAA;
-+ info->cmd = *flags;
-+ break;
-+
-+ case 'b': /*cmd: bit*/
-+ if ((*flags & IPP2P_BIT) == IPP2P_BIT)
-+ exit_error(PARAMETER_PROBLEM,
-+ "ipp2p: `--bit' may only be "
-+ "specified once!");
-+ if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P)
-+ exit_error(PARAMETER_PROBLEM,
-+ "ipp2p: `--ipp2p' may only be "
-+ "specified alone!");
-+ if (invert) exit_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!");
-+ *flags += IPP2P_BIT;
-+ info->cmd = *flags;
-+ break;
-+
-+ case 'c': /*cmd: apple*/
-+ if ((*flags & IPP2P_APPLE) == IPP2P_APPLE)
-+ exit_error(PARAMETER_PROBLEM,
-+ "ipp2p: `--apple' may only be "
-+ "specified once!");
-+ if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P)
-+ exit_error(PARAMETER_PROBLEM,
-+ "ipp2p: `--ipp2p' may only be "
-+ "specified alone!");
-+ if (invert) exit_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!");
-+ *flags += IPP2P_APPLE;
-+ info->cmd = *flags;
-+ break;
-+
-+
-+ case 'd': /*cmd: soul*/
-+ if ((*flags & IPP2P_SOUL) == IPP2P_SOUL)
-+ exit_error(PARAMETER_PROBLEM,
-+ "ipp2p: `--soul' may only be "
-+ "specified once!");
-+ if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P)
-+ exit_error(PARAMETER_PROBLEM,
-+ "ipp2p: `--ipp2p' may only be "
-+ "specified alone!");
-+ if (invert) exit_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!");
-+ *flags += IPP2P_SOUL;
-+ info->cmd = *flags;
-+ break;
-+
-+
-+ case 'e': /*cmd: winmx*/
-+ if ((*flags & IPP2P_WINMX) == IPP2P_WINMX)
-+ exit_error(PARAMETER_PROBLEM,
-+ "ipp2p: `--winmx' may only be "
-+ "specified once!");
-+ if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P)
-+ exit_error(PARAMETER_PROBLEM,
-+ "ipp2p: `--ipp2p' may only be "
-+ "specified alone!");
-+ if (invert) exit_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!");
-+ *flags += IPP2P_WINMX;
-+ info->cmd = *flags;
-+ break;
-+
-+ case 'f': /*cmd: ares*/
-+ if ((*flags & IPP2P_ARES) == IPP2P_ARES)
-+ exit_error(PARAMETER_PROBLEM,
-+ "ipp2p: `--ares' may only be "
-+ "specified once!");
-+ if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P)
-+ exit_error(PARAMETER_PROBLEM,
-+ "ipp2p: `--ipp2p' may only be "
-+ "specified alone!");
-+ if (invert) exit_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!");
-+ *flags += IPP2P_ARES;
-+ info->cmd = *flags;
-+ break;
-+
-+ case 'g': /*cmd: mute*/
-+ if ((*flags & IPP2P_MUTE) == IPP2P_MUTE)
-+ exit_error(PARAMETER_PROBLEM,
-+ "ipp2p: `--mute' may only be "
-+ "specified once!");
-+ if (invert) exit_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!");
-+ *flags += IPP2P_MUTE;
-+ info->cmd = *flags;
-+ break;
-+ case 'h': /*cmd: waste*/
-+ if ((*flags & IPP2P_WASTE) == IPP2P_WASTE)
-+ exit_error(PARAMETER_PROBLEM,
-+ "ipp2p: `--waste' may only be "
-+ "specified once!");
-+ if (invert) exit_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!");
-+ *flags += IPP2P_WASTE;
-+ info->cmd = *flags;
-+ break;
-+ case 'i': /*cmd: xdcc*/
-+ if ((*flags & IPP2P_XDCC) == IPP2P_XDCC)
-+ exit_error(PARAMETER_PROBLEM,
-+ "ipp2p: `--ares' may only be "
-+ "specified once!");
-+ if (invert) exit_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!");
-+ *flags += IPP2P_XDCC;
-+ info->cmd = *flags;
-+ break;
-+
-+ case 'j': /*cmd: debug*/
-+ if (invert) exit_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!");
-+ info->debug = 1;
-+ break;
-+
-+ default:
-+// exit_error(PARAMETER_PROBLEM,
-+// "\nipp2p-parameter problem: for ipp2p usage type: iptables -m ipp2p --help\n");
-+ return 0;
-+ }
-+ return 1;
-+}
-+
-+
-+static void
-+final_check(unsigned int flags)
-+{
-+ if (!flags)
-+ exit_error(PARAMETER_PROBLEM,
-+ "\nipp2p-parameter problem: for ipp2p usage type: iptables -m ipp2p --help\n");
-+}
-+
-+
-+
-+static void
-+print(const struct ipt_ip *ip,
-+ const struct ipt_entry_match *match,
-+ int numeric)
-+{
-+ struct ipt_p2p_info *info = (struct ipt_p2p_info *)match->data;
-+
-+ printf("ipp2p v%s", IPP2P_VERSION);
-+ if ((info->cmd & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P) printf(" --ipp2p");
-+// if ((info->cmd & SHORT_HAND_DATA) == SHORT_HAND_DATA) printf(" --ipp2p-data");
-+ if ((info->cmd & IPP2P_KAZAA) == IPP2P_KAZAA) printf(" --kazaa");
-+// if ((info->cmd & IPP2P_DATA_KAZAA) == IPP2P_DATA_KAZAA) printf(" --kazaa-data");
-+// if ((info->cmd & IPP2P_DATA_GNU) == IPP2P_DATA_GNU) printf(" --gnu-data");
-+ if ((info->cmd & IPP2P_GNU) == IPP2P_GNU) printf(" --gnu");
-+ if ((info->cmd & IPP2P_EDK) == IPP2P_EDK) printf(" --edk");
-+// if ((info->cmd & IPP2P_DATA_EDK) == IPP2P_DATA_EDK) printf(" --edk-data");
-+// if ((info->cmd & IPP2P_DATA_DC) == IPP2P_DATA_DC) printf(" --dc-data");
-+ if ((info->cmd & IPP2P_DC) == IPP2P_DC) printf(" --dc");
-+ if ((info->cmd & IPP2P_BIT) == IPP2P_BIT) printf(" --bit");
-+ if ((info->cmd & IPP2P_APPLE) == IPP2P_APPLE) printf(" --apple");
-+ if ((info->cmd & IPP2P_SOUL) == IPP2P_SOUL) printf(" --soul");
-+ if ((info->cmd & IPP2P_WINMX) == IPP2P_WINMX) printf(" --winmx");
-+ if ((info->cmd & IPP2P_ARES) == IPP2P_ARES) printf(" --ares");
-+ if ((info->cmd & IPP2P_MUTE) == IPP2P_MUTE) printf(" --mute");
-+ if ((info->cmd & IPP2P_WASTE) == IPP2P_WASTE) printf(" --waste");
-+ if ((info->cmd & IPP2P_XDCC) == IPP2P_XDCC) printf(" --xdcc");
-+ if (info->debug != 0) printf(" --debug");
-+ printf(" ");
-+}
-+
-+
-+
-+static void
-+save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
-+{
-+ struct ipt_p2p_info *info = (struct ipt_p2p_info *)match->data;
-+
-+ if ((info->cmd & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P) printf("--ipp2p ");
-+// if ((info->cmd & SHORT_HAND_DATA) == SHORT_HAND_DATA) printf("--ipp2p-data ");
-+ if ((info->cmd & IPP2P_KAZAA) == IPP2P_KAZAA) printf("--kazaa ");
-+// if ((info->cmd & IPP2P_DATA_KAZAA) == IPP2P_DATA_KAZAA) printf("--kazaa-data ");
-+// if ((info->cmd & IPP2P_DATA_GNU) == IPP2P_DATA_GNU) printf("--gnu-data ");
-+ if ((info->cmd & IPP2P_GNU) == IPP2P_GNU) printf("--gnu ");
-+ if ((info->cmd & IPP2P_EDK) == IPP2P_EDK) printf("--edk ");
-+// if ((info->cmd & IPP2P_DATA_EDK) == IPP2P_DATA_EDK) printf("--edk-data ");
-+// if ((info->cmd & IPP2P_DATA_DC) == IPP2P_DATA_DC) printf("--dc-data ");
-+ if ((info->cmd & IPP2P_DC) == IPP2P_DC) printf("--dc ");
-+ if ((info->cmd & IPP2P_BIT) == IPP2P_BIT) printf("--bit ");
-+ if ((info->cmd & IPP2P_APPLE) == IPP2P_APPLE) printf("--apple ");
-+ if ((info->cmd & IPP2P_SOUL) == IPP2P_SOUL) printf("--soul ");
-+ if ((info->cmd & IPP2P_WINMX) == IPP2P_WINMX) printf("--winmx ");
-+ if ((info->cmd & IPP2P_ARES) == IPP2P_ARES) printf("--ares ");
-+ if ((info->cmd & IPP2P_MUTE) == IPP2P_MUTE) printf(" --mute");
-+ if ((info->cmd & IPP2P_WASTE) == IPP2P_WASTE) printf(" --waste");
-+ if ((info->cmd & IPP2P_XDCC) == IPP2P_XDCC) printf(" --xdcc");
-+ if (info->debug != 0) printf("--debug ");
-+}
-+
-+
-+
-+
-+static
-+struct iptables_match ipp2p=
-+{
-+ .next = NULL,
-+ .name = "ipp2p",
-+ .version = IPTABLES_VERSION,
-+ .size = IPT_ALIGN(sizeof(struct ipt_p2p_info)),
-+ .userspacesize = IPT_ALIGN(sizeof(struct ipt_p2p_info)),
-+ .help = &help,
-+ .init = &init,
-+ .parse = &parse,
-+ .final_check = &final_check,
-+ .print = &print,
-+ .save = &save,
-+ .extra_opts = opts
-+};
-+
-+
-+
-+void _init(void)
-+{
-+ register_match(&ipp2p);
-+}
-+
-diff -urN iptables.old/include/linux/netfilter_ipv4/ipt_ipp2p.h iptables.dev/include/linux/netfilter_ipv4/ipt_ipp2p.h
---- iptables.old/include/linux/netfilter_ipv4/ipt_ipp2p.h 1970-01-01 01:00:00.000000000 +0100
-+++ iptables.dev/include/linux/netfilter_ipv4/ipt_ipp2p.h 2006-03-23 14:44:26.000000000 +0100
-@@ -0,0 +1,31 @@
-+#ifndef __IPT_IPP2P_H
-+#define __IPT_IPP2P_H
-+#define IPP2P_VERSION "0.8.1_rc1"
-+
-+struct ipt_p2p_info {
-+ int cmd;
-+ int debug;
-+};
-+
-+#endif //__IPT_IPP2P_H
-+
-+#define SHORT_HAND_IPP2P 1 /* --ipp2p switch*/
-+//#define SHORT_HAND_DATA 4 /* --ipp2p-data switch*/
-+#define SHORT_HAND_NONE 5 /* no short hand*/
-+
-+#define IPP2P_EDK (1 << 1)
-+#define IPP2P_DATA_KAZAA (1 << 2)
-+#define IPP2P_DATA_EDK (1 << 3)
-+#define IPP2P_DATA_DC (1 << 4)
-+#define IPP2P_DC (1 << 5)
-+#define IPP2P_DATA_GNU (1 << 6)
-+#define IPP2P_GNU (1 << 7)
-+#define IPP2P_KAZAA (1 << 8)
-+#define IPP2P_BIT (1 << 9)
-+#define IPP2P_APPLE (1 << 10)
-+#define IPP2P_SOUL (1 << 11)
-+#define IPP2P_WINMX (1 << 12)
-+#define IPP2P_ARES (1 << 13)
-+#define IPP2P_MUTE (1 << 14)
-+#define IPP2P_WASTE (1 << 15)
-+#define IPP2P_XDCC (1 << 16)
+++ /dev/null
-diff -urN iptables.old/extensions/.layer7-test iptables.dev/extensions/.layer7-test
---- iptables.old/extensions/.layer7-test 1970-01-01 01:00:00.000000000 +0100
-+++ iptables.dev/extensions/.layer7-test 2005-11-10 16:57:51.819381000 +0100
-@@ -0,0 +1,2 @@
-+#! /bin/sh
-+[ -f $KERNEL_DIR/include/linux/netfilter_ipv4/ipt_layer7.h ] && echo layer7
-diff -urN iptables.old/extensions/ipt_layer7.h iptables.dev/extensions/ipt_layer7.h
---- iptables.old/extensions/ipt_layer7.h 1970-01-01 01:00:00.000000000 +0100
-+++ iptables.dev/extensions/ipt_layer7.h 2005-11-10 17:46:32.933599750 +0100
-@@ -0,0 +1,27 @@
-+/*
-+ By Matthew Strait <quadong@users.sf.net>, Dec 2003.
-+ http://l7-filter.sf.net
-+
-+ This program is free software; you can redistribute it and/or
-+ modify it under the terms of the GNU General Public License
-+ as published by the Free Software Foundation; either version
-+ 2 of the License, or (at your option) any later version.
-+ http://www.gnu.org/licenses/gpl.txt
-+*/
-+
-+#ifndef _IPT_LAYER7_H
-+#define _IPT_LAYER7_H
-+
-+#define MAX_PATTERN_LEN 8192
-+#define MAX_PROTOCOL_LEN 256
-+
-+typedef char *(*proc_ipt_search) (char *, char, char *);
-+
-+struct ipt_layer7_info {
-+ char protocol[MAX_PROTOCOL_LEN];
-+ char invert:1;
-+ char pattern[MAX_PATTERN_LEN];
-+ char pkt;
-+};
-+
-+#endif /* _IPT_LAYER7_H */
-diff -urN iptables.old/extensions/libipt_layer7.c iptables.dev/extensions/libipt_layer7.c
---- iptables.old/extensions/libipt_layer7.c 1970-01-01 01:00:00.000000000 +0100
-+++ iptables.dev/extensions/libipt_layer7.c 2005-11-10 17:47:01.399378750 +0100
-@@ -0,0 +1,358 @@
-+/*
-+ Shared library add-on to iptables to add layer 7 matching support.
-+
-+ By Matthew Strait <quadong@users.sf.net>, Oct 2003.
-+
-+ http://l7-filter.sf.net
-+
-+ This program is free software; you can redistribute it and/or
-+ modify it under the terms of the GNU General Public License
-+ as published by the Free Software Foundation; either version
-+ 2 of the License, or (at your option) any later version.
-+ http://www.gnu.org/licenses/gpl.txt
-+
-+ Based on libipt_string.c (C) 2000 Emmanuel Roger <winfield@freegates.be>
-+*/
-+
-+#define _GNU_SOURCE
-+#include <stdio.h>
-+#include <netdb.h>
-+#include <string.h>
-+#include <stdlib.h>
-+#include <getopt.h>
-+#include <ctype.h>
-+#include <dirent.h>
-+
-+#include <iptables.h>
-+#include "ipt_layer7.h"
-+
-+#define MAX_FN_LEN 256
-+
-+static char l7dir[MAX_FN_LEN] = "\0";
-+
-+/* Function which prints out usage message. */
-+static void help(void)
-+{
-+ printf(
-+ "LAYER7 match v%s options:\n"
-+ "--l7dir <directory> : Look for patterns here instead of /etc/l7-protocols/\n"
-+ " (--l7dir must be specified before --l7proto if used!)\n"
-+ "--l7proto [!] <name> : Match the protocol defined in /etc/l7-protocols/name.pat\n"
-+ "--l7pkt : Skip connection tracking and match individual packets\n",
-+ IPTABLES_VERSION);
-+ fputc('\n', stdout);
-+}
-+
-+static struct option opts[] = {
-+ { .name = "l7proto", .has_arg = 1, .flag = 0, .val = '1' },
-+ { .name = "l7dir", .has_arg = 1, .flag = 0, .val = '2' },
-+ { .name = "l7pkt", .has_arg = 0, .flag = 0, .val = '3' },
-+ { .name = 0 }
-+};
-+
-+/* reads filename, puts protocol info into layer7_protocol_info, number of protocols to numprotos */
-+int parse_protocol_file(char * filename, const unsigned char * protoname, struct ipt_layer7_info *info)
-+{
-+ FILE * f;
-+ char * line = NULL;
-+ size_t len = 0;
-+
-+ enum { protocol, pattern, done } datatype = protocol;
-+
-+ f = fopen(filename, "r");
-+
-+ if(!f)
-+ return 0;
-+
-+ while(getline(&line, &len, f) != -1)
-+ {
-+ if(strlen(line) < 2 || line[0] == '#')
-+ continue;
-+
-+ /* strip the pesky newline... */
-+ if(line[strlen(line) - 1] == '\n')
-+ line[strlen(line) - 1] = '\0';
-+
-+ if(datatype == protocol)
-+ {
-+ if(strcmp(line, protoname))
-+ exit_error(OTHER_PROBLEM,
-+ "Protocol name (%s) doesn't match file name (%s). Bailing out\n",
-+ protoname, filename);
-+
-+ if(strlen(line) >= MAX_PROTOCOL_LEN)
-+ exit_error(PARAMETER_PROBLEM,
-+ "Protocol name in %s too long!", filename);
-+ strncpy(info->protocol, line, MAX_PROTOCOL_LEN);
-+
-+ datatype = pattern;
-+ }
-+ else if(datatype == pattern)
-+ {
-+ if(strlen(line) >= MAX_PATTERN_LEN)
-+ exit_error(PARAMETER_PROBLEM, "Pattern in %s too long!", filename);
-+ strncpy(info->pattern, line, MAX_PATTERN_LEN);
-+
-+ datatype = done;
-+ break;
-+ }
-+ else
-+ exit_error(OTHER_PROBLEM, "Internal error");
-+ }
-+
-+ if(datatype != done)
-+ exit_error(OTHER_PROBLEM, "Failed to get all needed data from %s", filename);
-+
-+ if(line) free(line);
-+ fclose(f);
-+
-+ return 1;
-+
-+/*
-+ fprintf(stderr, "protocol: %s\npattern: %s\n\n",
-+ info->protocol,
-+ info->pattern);
-+*/
-+}
-+
-+static int hex2dec(char c)
-+{
-+ switch (c)
-+ {
-+ case '0' ... '9':
-+ return c - '0';
-+ case 'a' ... 'f':
-+ return c - 'a' + 10;
-+ case 'A' ... 'F':
-+ return c - 'A' + 10;
-+ default:
-+ exit_error(OTHER_PROBLEM, "hex2dec: bad value!\n");
-+ return 0;
-+ }
-+}
-+
-+/* takes a string with \xHH escapes and returns one with the characters
-+they stand for */
-+static char * pre_process(char * s)
-+{
-+ char * result = malloc(strlen(s) + 1);
-+ int sindex = 0, rindex = 0;
-+ while( sindex < strlen(s) )
-+ {
-+ if( sindex + 3 < strlen(s) &&
-+ s[sindex] == '\\' && s[sindex+1] == 'x' &&
-+ isxdigit(s[sindex + 2]) && isxdigit(s[sindex + 3]) )
-+ {
-+ /* carefully remember to call tolower here... */
-+ result[rindex] = tolower( hex2dec(s[sindex + 2])*16 +
-+ hex2dec(s[sindex + 3] ) );
-+ sindex += 3; /* 4 total */
-+ }
-+ else
-+ result[rindex] = tolower(s[sindex]);
-+
-+ sindex++;
-+ rindex++;
-+ }
-+ result[rindex] = '\0';
-+
-+ return result;
-+}
-+
-+#define MAX_SUBDIRS 128
-+char ** readl7dir(char * dirname)
-+{
-+ DIR * scratchdir;
-+ struct dirent ** namelist;
-+ char ** subdirs = malloc(MAX_SUBDIRS * sizeof(char *));
-+
-+ int n, d = 1;
-+ subdirs[0] = "";
-+
-+ n = scandir(dirname, &namelist, 0, alphasort);
-+
-+ if (n < 0)
-+ {
-+ perror("scandir");
-+ exit_error(OTHER_PROBLEM, "Couldn't open %s\n", dirname);
-+ }
-+ else
-+ {
-+ while(n--)
-+ {
-+ char fulldirname[MAX_FN_LEN];
-+
-+ snprintf(fulldirname, MAX_FN_LEN, "%s/%s", dirname, namelist[n]->d_name);
-+
-+ if((scratchdir = opendir(fulldirname)) != NULL)
-+ {
-+ closedir(scratchdir);
-+
-+ if(!strcmp(namelist[n]->d_name, ".") ||
-+ !strcmp(namelist[n]->d_name, ".."))
-+ /* do nothing */ ;
-+ else
-+ {
-+ subdirs[d] = malloc(strlen(namelist[n]->d_name) + 1);
-+ strcpy(subdirs[d], namelist[n]->d_name);
-+ d++;
-+ if(d >= MAX_SUBDIRS - 1)
-+ {
-+ fprintf(stderr,
-+ "Too many subdirectories, skipping the rest!\n");
-+ break;
-+ }
-+ }
-+ }
-+ free(namelist[n]);
-+ }
-+ free(namelist);
-+ }
-+
-+ subdirs[d] = NULL;
-+
-+ return subdirs;
-+}
-+
-+static void
-+parse_layer7_protocol(const unsigned char *s, struct ipt_layer7_info *info)
-+{
-+ char filename[MAX_FN_LEN];
-+ char * dir = NULL;
-+ char ** subdirs;
-+ int n = 0, done = 0;
-+
-+ if(strlen(l7dir) > 0)
-+ dir = l7dir;
-+ else
-+ dir = "/etc/l7-protocols";
-+
-+ subdirs = readl7dir(dir);
-+
-+ while(subdirs[n] != NULL)
-+ {
-+ int c = snprintf(filename, MAX_FN_LEN, "%s/%s/%s.pat", dir, subdirs[n], s);
-+
-+ //fprintf(stderr, "Trying to find pattern in %s ... ", filename);
-+
-+ if(c > MAX_FN_LEN)
-+ {
-+ exit_error(OTHER_PROBLEM,
-+ "Filename beginning with %s is too long!\n", filename);
-+ }
-+
-+ /* read in the pattern from the file */
-+ if(parse_protocol_file(filename, s, info))
-+ {
-+ //fprintf(stderr, "found\n");
-+ done = 1;
-+ break;
-+ }
-+
-+ //fprintf(stderr, "not found\n");
-+
-+ n++;
-+ }
-+
-+ if(!done)
-+ exit_error(OTHER_PROBLEM,
-+ "Couldn't find a pattern definition file for %s.\n", s);
-+
-+ /* process \xHH escapes and tolower everything. (our regex lib has no
-+ case insensitivity option.) */
-+ strncpy(info->pattern, pre_process(info->pattern), MAX_PATTERN_LEN);
-+}
-+
-+/* Function which parses command options; returns true if it ate an option */
-+static int parse(int c, char **argv, int invert, unsigned int *flags,
-+ const struct ipt_entry *entry, unsigned int *nfcache,
-+ struct ipt_entry_match **match)
-+{
-+ struct ipt_layer7_info *layer7info =
-+ (struct ipt_layer7_info *)(*match)->data;
-+
-+ switch (c) {
-+ case '1':
-+ check_inverse(optarg, &invert, &optind, 0);
-+ parse_layer7_protocol(argv[optind-1], layer7info);
-+ if (invert)
-+ layer7info->invert = 1;
-+ *flags = 1;
-+ break;
-+
-+ case '2':
-+ /* not going to use this, but maybe we need to strip a ! anyway (?) */
-+ check_inverse(optarg, &invert, &optind, 0);
-+
-+ if(strlen(argv[optind-1]) >= MAX_FN_LEN)
-+ exit_error(PARAMETER_PROBLEM, "directory name too long\n");
-+
-+ strncpy(l7dir, argv[optind-1], MAX_FN_LEN);
-+
-+ *flags = 1;
-+ break;
-+ case '3':
-+ layer7info->pkt = 1;
-+ break;
-+
-+ default:
-+ return 0;
-+ }
-+
-+ return 1;
-+}
-+
-+/* Final check; must have specified --pattern. */
-+static void final_check(unsigned int flags)
-+{
-+ if (!flags)
-+ exit_error(PARAMETER_PROBLEM,
-+ "LAYER7 match: You must specify `--pattern'");
-+}
-+
-+static void print_protocol(char s[], int invert, int numeric)
-+{
-+ fputs("l7proto ", stdout);
-+ if (invert) fputc('!', stdout);
-+ printf("%s ", s);
-+}
-+
-+/* Prints out the matchinfo. */
-+static void print(const struct ipt_ip *ip,
-+ const struct ipt_entry_match *match,
-+ int numeric)
-+{
-+ printf("LAYER7 ");
-+
-+ print_protocol(((struct ipt_layer7_info *)match->data)->protocol,
-+ ((struct ipt_layer7_info *)match->data)->invert, numeric);
-+
-+ if (((struct ipt_layer7_info *)match->data)->pkt)
-+ printf("l7pkt ");
-+}
-+/* Saves the union ipt_matchinfo in parsable form to stdout. */
-+static void save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
-+{
-+ const struct ipt_layer7_info *info =
-+ (const struct ipt_layer7_info*) match->data;
-+
-+ printf("--l7proto %s%s ", (info->invert) ? "! ": "", info->protocol);
-+}
-+
-+static struct iptables_match layer7 = {
-+ .name = "layer7",
-+ .version = IPTABLES_VERSION,
-+ .size = IPT_ALIGN(sizeof(struct ipt_layer7_info)),
-+ .userspacesize = IPT_ALIGN(sizeof(struct ipt_layer7_info)),
-+ .help = &help,
-+ .parse = &parse,
-+ .final_check = &final_check,
-+ .print = &print,
-+ .save = &save,
-+ .extra_opts = opts
-+};
-+
-+void _init(void)
-+{
-+ register_match(&layer7);
-+}
-diff -urN iptables.old/extensions/libipt_layer7.man iptables.dev/extensions/libipt_layer7.man
---- iptables.old/extensions/libipt_layer7.man 1970-01-01 01:00:00.000000000 +0100
-+++ iptables.dev/extensions/libipt_layer7.man 2005-11-10 16:57:51.823381250 +0100
-@@ -0,0 +1,13 @@
-+This module matches packets based on the application layer data of
-+their connections. It uses regular expression matching to compare
-+the application layer data to regular expressions found it the layer7
-+configuration files. This is an experimental module which can be found at
-+http://l7-filter.sf.net. It takes two options.
-+.TP
-+.BI "--l7proto " "\fIprotocol\fP"
-+Match the specified protocol. The protocol name must match a file
-+name in /etc/l7-protocols/
-+.TP
-+.BI "--l7dir " "\fIdirectory\fP"
-+Use \fIdirectory\fP instead of /etc/l7-protocols/
-+
+++ /dev/null
-diff -urN iptables.old/extensions/libipt_multiport.c iptables.dev/extensions/libipt_multiport.c
---- iptables.old/extensions/libipt_multiport.c 2005-02-19 20:19:17.000000000 +0100
-+++ iptables.dev/extensions/libipt_multiport.c 2006-02-04 05:46:12.154127750 +0100
-@@ -8,24 +8,6 @@
- /* To ensure that iptables compiles with an old kernel */
- #include "../include/linux/netfilter_ipv4/ipt_multiport.h"
-
--/* Function which prints out usage message. */
--static void
--help(void)
--{
-- printf(
--"multiport v%s options:\n"
--" --source-ports port[,port,port...]\n"
--" --sports ...\n"
--" match source port(s)\n"
--" --destination-ports port[,port,port...]\n"
--" --dports ...\n"
--" match destination port(s)\n"
--" --ports port[,port,port]\n"
--" match both source and destination port(s)\n"
--" NOTE: this kernel does not support port ranges in multiport.\n",
--IPTABLES_VERSION);
--}
--
- static void
- help_v1(void)
- {
-@@ -75,26 +57,6 @@
- "invalid port/service `%s' specified", port);
- }
-
--static unsigned int
--parse_multi_ports(const char *portstring, u_int16_t *ports, const char *proto)
--{
-- char *buffer, *cp, *next;
-- unsigned int i;
--
-- buffer = strdup(portstring);
-- if (!buffer) exit_error(OTHER_PROBLEM, "strdup failed");
--
-- for (cp=buffer, i=0; cp && i<IPT_MULTI_PORTS; cp=next,i++)
-- {
-- next=strchr(cp, ',');
-- if (next) *next++='\0';
-- ports[i] = parse_port(cp, proto);
-- }
-- if (cp) exit_error(PARAMETER_PROBLEM, "too many ports specified");
-- free(buffer);
-- return i;
--}
--
- static void
- parse_multi_ports_v1(const char *portstring,
- struct ipt_multiport_v1 *multiinfo,
-@@ -160,58 +122,6 @@
- "multiport only works with TCP or UDP");
- }
-
--/* Function which parses command options; returns true if it
-- ate an option */
--static int
--parse(int c, char **argv, int invert, unsigned int *flags,
-- const struct ipt_entry *entry,
-- unsigned int *nfcache,
-- struct ipt_entry_match **match)
--{
-- const char *proto;
-- struct ipt_multiport *multiinfo
-- = (struct ipt_multiport *)(*match)->data;
--
-- switch (c) {
-- case '1':
-- check_inverse(argv[optind-1], &invert, &optind, 0);
-- proto = check_proto(entry);
-- multiinfo->count = parse_multi_ports(argv[optind-1],
-- multiinfo->ports, proto);
-- multiinfo->flags = IPT_MULTIPORT_SOURCE;
-- break;
--
-- case '2':
-- check_inverse(argv[optind-1], &invert, &optind, 0);
-- proto = check_proto(entry);
-- multiinfo->count = parse_multi_ports(argv[optind-1],
-- multiinfo->ports, proto);
-- multiinfo->flags = IPT_MULTIPORT_DESTINATION;
-- break;
--
-- case '3':
-- check_inverse(argv[optind-1], &invert, &optind, 0);
-- proto = check_proto(entry);
-- multiinfo->count = parse_multi_ports(argv[optind-1],
-- multiinfo->ports, proto);
-- multiinfo->flags = IPT_MULTIPORT_EITHER;
-- break;
--
-- default:
-- return 0;
-- }
--
-- if (invert)
-- exit_error(PARAMETER_PROBLEM,
-- "multiport does not support invert");
--
-- if (*flags)
-- exit_error(PARAMETER_PROBLEM,
-- "multiport can only have one option");
-- *flags = 1;
-- return 1;
--}
--
- static int
- parse_v1(int c, char **argv, int invert, unsigned int *flags,
- const struct ipt_entry *entry,
-@@ -289,43 +199,6 @@
- printf("%s", service);
- }
-
--/* Prints out the matchinfo. */
--static void
--print(const struct ipt_ip *ip,
-- const struct ipt_entry_match *match,
-- int numeric)
--{
-- const struct ipt_multiport *multiinfo
-- = (const struct ipt_multiport *)match->data;
-- unsigned int i;
--
-- printf("multiport ");
--
-- switch (multiinfo->flags) {
-- case IPT_MULTIPORT_SOURCE:
-- printf("sports ");
-- break;
--
-- case IPT_MULTIPORT_DESTINATION:
-- printf("dports ");
-- break;
--
-- case IPT_MULTIPORT_EITHER:
-- printf("ports ");
-- break;
--
-- default:
-- printf("ERROR ");
-- break;
-- }
--
-- for (i=0; i < multiinfo->count; i++) {
-- printf("%s", i ? "," : "");
-- print_port(multiinfo->ports[i], ip->proto, numeric);
-- }
-- printf(" ");
--}
--
- static void
- print_v1(const struct ipt_ip *ip,
- const struct ipt_entry_match *match,
-@@ -369,34 +242,6 @@
- printf(" ");
- }
-
--/* Saves the union ipt_matchinfo in parsable form to stdout. */
--static void save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
--{
-- const struct ipt_multiport *multiinfo
-- = (const struct ipt_multiport *)match->data;
-- unsigned int i;
--
-- switch (multiinfo->flags) {
-- case IPT_MULTIPORT_SOURCE:
-- printf("--sports ");
-- break;
--
-- case IPT_MULTIPORT_DESTINATION:
-- printf("--dports ");
-- break;
--
-- case IPT_MULTIPORT_EITHER:
-- printf("--ports ");
-- break;
-- }
--
-- for (i=0; i < multiinfo->count; i++) {
-- printf("%s", i ? "," : "");
-- print_port(multiinfo->ports[i], ip->proto, 1);
-- }
-- printf(" ");
--}
--
- static void save_v1(const struct ipt_ip *ip,
- const struct ipt_entry_match *match)
- {
-@@ -432,19 +277,20 @@
- printf(" ");
- }
-
-+
- static struct iptables_match multiport = {
- .next = NULL,
- .name = "multiport",
-- .revision = 0,
- .version = IPTABLES_VERSION,
-- .size = IPT_ALIGN(sizeof(struct ipt_multiport)),
-- .userspacesize = IPT_ALIGN(sizeof(struct ipt_multiport)),
-- .help = &help,
-+ .revision = 0,
-+ .size = IPT_ALIGN(sizeof(struct ipt_multiport_v1)),
-+ .userspacesize = IPT_ALIGN(sizeof(struct ipt_multiport_v1)),
-+ .help = &help_v1,
- .init = &init,
-- .parse = &parse,
-+ .parse = &parse_v1,
- .final_check = &final_check,
-- .print = &print,
-- .save = &save,
-+ .print = &print_v1,
-+ .save = &save_v1,
- .extra_opts = opts
- };
-
+++ /dev/null
-diff -urN iptables.old/extensions/.IMQ-test iptables.dev/extensions/.IMQ-test
---- iptables.old/extensions/.IMQ-test 1970-01-01 01:00:00.000000000 +0100
-+++ iptables.dev/extensions/.IMQ-test 2005-10-09 01:00:36.358959750 +0200
-@@ -0,0 +1,3 @@
-+#!/bin/sh
-+# True if IMQ target patch is applied.
-+[ -f $KERNEL_DIR/net/ipv4/netfilter/ipt_IMQ.c ] && echo IMQ
-diff -urN iptables.old/extensions/.IMQ-test6 iptables.dev/extensions/.IMQ-test6
---- iptables.old/extensions/.IMQ-test6 1970-01-01 01:00:00.000000000 +0100
-+++ iptables.dev/extensions/.IMQ-test6 2005-10-09 01:00:36.358959750 +0200
-@@ -0,0 +1,3 @@
-+#!/bin/sh
-+# True if IMQ target patch is applied.
-+[ -f $KERNEL_DIR/net/ipv6/netfilter/ip6t_IMQ.c ] && echo IMQ
-diff -urN iptables.old/extensions/libip6t_IMQ.c iptables.dev/extensions/libip6t_IMQ.c
---- iptables.old/extensions/libip6t_IMQ.c 1970-01-01 01:00:00.000000000 +0100
-+++ iptables.dev/extensions/libip6t_IMQ.c 2005-10-09 01:00:36.358959750 +0200
-@@ -0,0 +1,101 @@
-+/* Shared library add-on to iptables to add IMQ target support. */
-+#include <stdio.h>
-+#include <string.h>
-+#include <stdlib.h>
-+#include <getopt.h>
-+
-+#include <ip6tables.h>
-+#include <linux/netfilter_ipv6/ip6_tables.h>
-+#include <linux/netfilter_ipv6/ip6t_IMQ.h>
-+
-+/* Function which prints out usage message. */
-+static void
-+help(void)
-+{
-+ printf(
-+"IMQ target v%s options:\n"
-+" --todev <N> enqueue to imq<N>, defaults to 0\n",
-+IPTABLES_VERSION);
-+}
-+
-+static struct option opts[] = {
-+ { "todev", 1, 0, '1' },
-+ { 0 }
-+};
-+
-+/* Initialize the target. */
-+static void
-+init(struct ip6t_entry_target *t, unsigned int *nfcache)
-+{
-+ struct ip6t_imq_info *mr = (struct ip6t_imq_info*)t->data;
-+
-+ mr->todev = 0;
-+ *nfcache |= NFC_UNKNOWN;
-+}
-+
-+/* Function which parses command options; returns true if it
-+ ate an option */
-+static int
-+parse(int c, char **argv, int invert, unsigned int *flags,
-+ const struct ip6t_entry *entry,
-+ struct ip6t_entry_target **target)
-+{
-+ struct ip6t_imq_info *mr = (struct ip6t_imq_info*)(*target)->data;
-+
-+ switch(c) {
-+ case '1':
-+ if (check_inverse(optarg, &invert, NULL, 0))
-+ exit_error(PARAMETER_PROBLEM,
-+ "Unexpected `!' after --todev");
-+ mr->todev=atoi(optarg);
-+ break;
-+ default:
-+ return 0;
-+ }
-+ return 1;
-+}
-+
-+static void
-+final_check(unsigned int flags)
-+{
-+}
-+
-+/* Prints out the targinfo. */
-+static void
-+print(const struct ip6t_ip6 *ip,
-+ const struct ip6t_entry_target *target,
-+ int numeric)
-+{
-+ struct ip6t_imq_info *mr = (struct ip6t_imq_info*)target->data;
-+
-+ printf("IMQ: todev %u ", mr->todev);
-+}
-+
-+/* Saves the union ipt_targinfo in parsable form to stdout. */
-+static void
-+save(const struct ip6t_ip6 *ip, const struct ip6t_entry_target *target)
-+{
-+ struct ip6t_imq_info *mr = (struct ip6t_imq_info*)target->data;
-+
-+ printf("--todev %u", mr->todev);
-+}
-+
-+static struct ip6tables_target imq = {
-+ .next = NULL,
-+ .name = "IMQ",
-+ .version = IPTABLES_VERSION,
-+ .size = IP6T_ALIGN(sizeof(struct ip6t_imq_info)),
-+ .userspacesize = IP6T_ALIGN(sizeof(struct ip6t_imq_info)),
-+ .help = &help,
-+ .init = &init,
-+ .parse = &parse,
-+ .final_check = &final_check,
-+ .print = &print,
-+ .save = &save,
-+ .extra_opts = opts
-+};
-+
-+void _init(void)
-+{
-+ register_target6(&imq);
-+}
-diff -urN iptables.old/extensions/libipt_IMQ.c iptables.dev/extensions/libipt_IMQ.c
---- iptables.old/extensions/libipt_IMQ.c 1970-01-01 01:00:00.000000000 +0100
-+++ iptables.dev/extensions/libipt_IMQ.c 2005-10-09 01:00:36.358959750 +0200
-@@ -0,0 +1,101 @@
-+/* Shared library add-on to iptables to add IMQ target support. */
-+#include <stdio.h>
-+#include <string.h>
-+#include <stdlib.h>
-+#include <getopt.h>
-+
-+#include <iptables.h>
-+#include <linux/netfilter_ipv4/ip_tables.h>
-+#include <linux/netfilter_ipv4/ipt_IMQ.h>
-+
-+/* Function which prints out usage message. */
-+static void
-+help(void)
-+{
-+ printf(
-+"IMQ target v%s options:\n"
-+" --todev <N> enqueue to imq<N>, defaults to 0\n",
-+IPTABLES_VERSION);
-+}
-+
-+static struct option opts[] = {
-+ { "todev", 1, 0, '1' },
-+ { 0 }
-+};
-+
-+/* Initialize the target. */
-+static void
-+init(struct ipt_entry_target *t, unsigned int *nfcache)
-+{
-+ struct ipt_imq_info *mr = (struct ipt_imq_info*)t->data;
-+
-+ mr->todev = 0;
-+ *nfcache |= NFC_UNKNOWN;
-+}
-+
-+/* Function which parses command options; returns true if it
-+ ate an option */
-+static int
-+parse(int c, char **argv, int invert, unsigned int *flags,
-+ const struct ipt_entry *entry,
-+ struct ipt_entry_target **target)
-+{
-+ struct ipt_imq_info *mr = (struct ipt_imq_info*)(*target)->data;
-+
-+ switch(c) {
-+ case '1':
-+ if (check_inverse(optarg, &invert, NULL, 0))
-+ exit_error(PARAMETER_PROBLEM,
-+ "Unexpected `!' after --todev");
-+ mr->todev=atoi(optarg);
-+ break;
-+ default:
-+ return 0;
-+ }
-+ return 1;
-+}
-+
-+static void
-+final_check(unsigned int flags)
-+{
-+}
-+
-+/* Prints out the targinfo. */
-+static void
-+print(const struct ipt_ip *ip,
-+ const struct ipt_entry_target *target,
-+ int numeric)
-+{
-+ struct ipt_imq_info *mr = (struct ipt_imq_info*)target->data;
-+
-+ printf("IMQ: todev %u ", mr->todev);
-+}
-+
-+/* Saves the union ipt_targinfo in parsable form to stdout. */
-+static void
-+save(const struct ipt_ip *ip, const struct ipt_entry_target *target)
-+{
-+ struct ipt_imq_info *mr = (struct ipt_imq_info*)target->data;
-+
-+ printf("--todev %u", mr->todev);
-+}
-+
-+static struct iptables_target imq = {
-+ .next = NULL,
-+ .name = "IMQ",
-+ .version = IPTABLES_VERSION,
-+ .size = IPT_ALIGN(sizeof(struct ipt_imq_info)),
-+ .userspacesize = IPT_ALIGN(sizeof(struct ipt_imq_info)),
-+ .help = &help,
-+ .init = &init,
-+ .parse = &parse,
-+ .final_check = &final_check,
-+ .print = &print,
-+ .save = &save,
-+ .extra_opts = opts
-+};
-+
-+void _init(void)
-+{
-+ register_target(&imq);
-+}
+++ /dev/null
---- iptables-1.3.5/extensions/libipt_iprange.c.orig 2006-12-05 19:28:58.000000000 +0100
-+++ iptables-1.3.5/extensions/libipt_iprange.c 2006-12-05 19:30:28.000000000 +0100
-@@ -6,6 +6,7 @@
- #include <getopt.h>
-
- #include <iptables.h>
-+#include <linux/types.h>
- #include <linux/netfilter_ipv4/ipt_iprange.h>
-
- /* Function which prints out usage message. */
+++ /dev/null
-diff -ur iptables.old/ip6tables.c iptables.dev/ip6tables.c
---- iptables.old/ip6tables.c 2006-01-30 09:43:12.000000000 +0100
-+++ iptables.dev/ip6tables.c 2007-01-02 00:29:50.000000000 +0100
-@@ -857,8 +857,9 @@
- for (i = 0; vianame[i]; i++) {
- if (!isalnum(vianame[i])
- && vianame[i] != '_'
-+ && vianame[i] != '-'
- && vianame[i] != '.') {
-- printf("Warning: wierd character in interface"
-+ printf("Warning: weird character in interface"
- " `%s' (No aliases, :, ! or *).\n",
- vianame);
- break;
-diff -ur iptables.old/iptables.c iptables.dev/iptables.c
---- iptables.old/iptables.c 2006-01-30 09:43:09.000000000 +0100
-+++ iptables.dev/iptables.c 2007-01-02 00:29:38.000000000 +0100
-@@ -805,8 +805,9 @@
- for (i = 0; vianame[i]; i++) {
- if (!isalnum(vianame[i])
- && vianame[i] != '_'
-+ && vianame[i] != '-'
- && vianame[i] != '.') {
-- printf("Warning: wierd character in interface"
-+ printf("Warning: weird character in interface"
- " `%s' (No aliases, :, ! or *).\n",
- vianame);
- break;
+++ /dev/null
-diff -ruN iptables-1.3.5.orig/extensions/.CHAOS-test iptables-1.3.5/extensions/.CHAOS-test
---- iptables-1.3.5.orig/extensions/.CHAOS-test 1970-01-01 01:00:00.000000000 +0100
-+++ iptables-1.3.5/extensions/.CHAOS-test 2007-01-09 16:05:23.251885840 +0100
-@@ -0,0 +1,2 @@
-+#!/bin/sh
-+[ -f "$KERNEL_DIR/include/linux/netfilter/xt_CHAOS.h" ] && echo "CHAOS";
-diff -ruN iptables-1.3.5.orig/extensions/.DELUDE-test iptables-1.3.5/extensions/.DELUDE-test
---- iptables-1.3.5.orig/extensions/.DELUDE-test 1970-01-01 01:00:00.000000000 +0100
-+++ iptables-1.3.5/extensions/.DELUDE-test 2007-01-09 16:05:18.104057722 +0100
-@@ -0,0 +1,2 @@
-+#!/bin/sh
-+echo "DELUDE";
-diff -ruN iptables-1.3.5.orig/extensions/libipt_CHAOS.c iptables-1.3.5/extensions/libipt_CHAOS.c
---- iptables-1.3.5.orig/extensions/libipt_CHAOS.c 1970-01-01 01:00:00.000000000 +0100
-+++ iptables-1.3.5/extensions/libipt_CHAOS.c 2007-01-09 16:05:23.251885840 +0100
-@@ -0,0 +1,111 @@
-+/*
-+ CHAOS target for iptables
-+
-+ Copyright © Jan Engelhardt <jengelh [at] gmx de>, 2006 - 2007
-+ released under the terms of the GNU General Public
-+ License version 2.x and only versions 2.x.
-+*/
-+#include <getopt.h>
-+#include <stdio.h>
-+#include <string.h>
-+
-+#include <iptables.h>
-+#include <linux/netfilter_ipv4/ip_tables.h>
-+#include <linux/netfilter/xt_CHAOS.h>
-+
-+static void libipt_chaos_help(void)
-+{
-+ printf(
-+ "CHAOS target v%s options:\n"
-+ " --delude Enable DELUDE processing for TCP\n"
-+ " --tarpit Enable TARPIT processing for TCP\n",
-+ IPTABLES_VERSION);
-+ return;
-+}
-+
-+static int libipt_chaos_parse(int c, char **argv, int invert,
-+ unsigned int *flags, const struct ipt_entry *entry,
-+ struct ipt_entry_target **target)
-+{
-+ struct xt_chaos_info *info = (void *)((*target)->data);
-+ switch(c) {
-+ case 'd':
-+ info->variant = XTCHAOS_DELUDE;
-+ *flags |= 0x02;
-+ return 1;
-+ case 't':
-+ info->variant = XTCHAOS_TARPIT;
-+ *flags |= 0x01;
-+ return 1;
-+ }
-+ return 0;
-+}
-+
-+static void libipt_chaos_check(unsigned int flags)
-+{
-+ if(flags != 0x03)
-+ return;
-+ /* If flags == 0x03, both were specified, which should not be. */
-+ exit_error(PARAMETER_PROBLEM,
-+ "CHAOS: only one of --tarpit or --delude may be specified");
-+ return;
-+}
-+
-+static void libipt_chaos_print(const struct ipt_ip *ip,
-+ const struct ipt_entry_target *target, int numeric)
-+{
-+ const struct xt_chaos_info *info = (const void *)target->data;
-+ switch(info->variant) {
-+ case XTCHAOS_DELUDE:
-+ printf("DELUDE ");
-+ break;
-+ case XTCHAOS_TARPIT:
-+ printf("TARPIT ");
-+ break;
-+ default:
-+ break;
-+ }
-+ return;
-+}
-+
-+static void libipt_chaos_save(const struct ipt_ip *ip,
-+ const struct ipt_entry_target *target)
-+{
-+ const struct xt_chaos_info *info = (const void *)target->data;
-+ switch(info->variant) {
-+ case XTCHAOS_DELUDE:
-+ printf("--delude ");
-+ break;
-+ case XTCHAOS_TARPIT:
-+ printf("--tarpit ");
-+ break;
-+ default:
-+ break;
-+ }
-+ return;
-+}
-+
-+static struct option libipt_chaos_opts[] = {
-+ {"delude", 0, NULL, 'd'},
-+ {"tarpit", 0, NULL, 't'},
-+ {NULL},
-+};
-+
-+static struct iptables_target libipt_chaos_info = {
-+ .name = "CHAOS",
-+ .version = IPTABLES_VERSION,
-+ .size = IPT_ALIGN(sizeof(struct xt_chaos_info)),
-+ .userspacesize = IPT_ALIGN(sizeof(struct xt_chaos_info)),
-+ .help = libipt_chaos_help,
-+ .parse = libipt_chaos_parse,
-+ .final_check = libipt_chaos_check,
-+ .print = libipt_chaos_print,
-+ .save = libipt_chaos_save,
-+ .extra_opts = libipt_chaos_opts,
-+};
-+
-+static __attribute__((constructor)) void libipt_chaos_init(void)
-+{
-+ register_target(&libipt_chaos_info);
-+ return;
-+}
-diff -ruN iptables-1.3.5.orig/extensions/libipt_DELUDE.c iptables-1.3.5/extensions/libipt_DELUDE.c
---- iptables-1.3.5.orig/extensions/libipt_DELUDE.c 1970-01-01 01:00:00.000000000 +0100
-+++ iptables-1.3.5/extensions/libipt_DELUDE.c 2007-01-09 16:05:18.104057722 +0100
-@@ -0,0 +1,66 @@
-+/*
-+ DELUDE target for iptables
-+
-+ Copyright © Jan Engelhardt <jengelh [at] gmx de>, 2006 - 2007
-+ released under the terms of the GNU General Public
-+ License version 2.x and only versions 2.x.
-+*/
-+#include <getopt.h>
-+#include <stdio.h>
-+#include <string.h>
-+
-+#include <iptables.h>
-+#include <linux/netfilter_ipv4/ip_tables.h>
-+
-+static void libipt_delude_help(void)
-+{
-+ printf("DELUDE takes no options\n");
-+ return;
-+}
-+
-+static int libipt_delude_parse(int c, char **argv, int invert,
-+ unsigned int *flags, const struct ipt_entry *entry,
-+ struct ipt_entry_target **target)
-+{
-+ return 0;
-+}
-+
-+static void libipt_delude_check(unsigned int flags)
-+{
-+ return;
-+}
-+
-+static void libipt_delude_print(const struct ipt_ip *ip,
-+ const struct ipt_entry_target *target, int numeric)
-+{
-+ return;
-+}
-+
-+static void libipt_delude_save(const struct ipt_ip *ip,
-+ const struct ipt_entry_target *target)
-+{
-+ return;
-+}
-+
-+static struct option libipt_delude_opts[] = {
-+ {NULL},
-+};
-+
-+static struct iptables_target libipt_delude_info = {
-+ .name = "DELUDE",
-+ .version = IPTABLES_VERSION,
-+ .size = IPT_ALIGN(0),
-+ .userspacesize = IPT_ALIGN(0),
-+ .help = libipt_delude_help,
-+ .parse = libipt_delude_parse,
-+ .final_check = libipt_delude_check,
-+ .print = libipt_delude_print,
-+ .save = libipt_delude_save,
-+ .extra_opts = libipt_delude_opts,
-+};
-+
-+static __attribute__((constructor)) void libipt_delude_init(void)
-+{
-+ register_target(&libipt_delude_info);
-+ return;
-+}
-diff -ruN iptables-1.3.5.orig/extensions/libipt_portscan.c iptables-1.3.5/extensions/libipt_portscan.c
---- iptables-1.3.5.orig/extensions/libipt_portscan.c 1970-01-01 01:00:00.000000000 +0100
-+++ iptables-1.3.5/extensions/libipt_portscan.c 2007-01-09 16:05:14.228187134 +0100
-@@ -0,0 +1,129 @@
-+/*
-+ portscan match for iptables
-+
-+ Copyright © Jan Engelhardt <jengelh [at] gmx de>, 2006 - 2007
-+ released under the terms of the GNU General Public
-+ License version 2.x and only versions 2.x.
-+*/
-+#include <stdio.h>
-+#include <string.h>
-+#include <stdlib.h>
-+#include <getopt.h>
-+
-+#include <iptables.h>
-+#include <linux/netfilter_ipv4/ip_tables.h>
-+#include <linux/netfilter/xt_portscan.h>
-+
-+static void libipt_portscan_help(void)
-+{
-+ printf(
-+ "portscan match v%s options:\n"
-+ "(Combining them will make them match by OR-logic)\n"
-+ " --stealth Match TCP Stealth packets\n"
-+ " --synscan Match TCP SYN scans\n"
-+ " --cnscan Match TCP Connect scans\n"
-+ " --grscan Match Banner Grabbing scans\n",
-+ IPTABLES_VERSION);
-+ return;
-+}
-+
-+static void libipt_portscan_mtinit(struct ipt_entry_match *match,
-+ unsigned int *nfcache)
-+{
-+ /* Cannot cache this */
-+ *nfcache |= NFC_UNKNOWN;
-+ return;
-+}
-+
-+static int libipt_portscan_parse(int c, char **argv, int invert,
-+ unsigned int *flags, const struct ipt_entry *entry, unsigned int *nfc,
-+ struct ipt_entry_match **match)
-+{
-+ struct xt_portscan_info *info = (void *)((*match)->data);
-+
-+ switch(c) {
-+ case 'c':
-+ info->match_cn = 1;
-+ return 1;
-+ case 'g':
-+ info->match_gr = 1;
-+ return 1;
-+ case 's':
-+ info->match_syn = 1;
-+ return 1;
-+ case 'x':
-+ info->match_stealth = 1;
-+ return 1;
-+ default:
-+ return 0;
-+ }
-+}
-+
-+static void libipt_portscan_check(unsigned int flags)
-+{
-+ return;
-+}
-+
-+static void libipt_portscan_print(const struct ipt_ip *ip,
-+ const struct ipt_entry_match *match, int numeric)
-+{
-+ const struct xt_portscan_info *info = (const void *)(match->data);
-+ const char *s = "";
-+
-+ printf("portscan ");
-+ if(info->match_stealth) {
-+ printf("STEALTH");
-+ s = ",";
-+ }
-+ if(info->match_syn) {
-+ printf("%sSYNSCAN", s);
-+ s = ",";
-+ }
-+ if(info->match_cn) {
-+ printf("%sCNSCAN", s);
-+ s = ",";
-+ }
-+ if(info->match_gr)
-+ printf("%sGRSCAN", s);
-+ printf(" ");
-+ return;
-+}
-+
-+static void libipt_portscan_save(const struct ipt_ip *ip,
-+ const struct ipt_entry_match *match)
-+{
-+ const struct xt_portscan_info *info = (const void *)(match->data);
-+ if(info->match_stealth) printf("--stealth ");
-+ if(info->match_syn) printf("--synscan ");
-+ if(info->match_cn) printf("--cnscan ");
-+ if(info->match_gr) printf("--grscan ");
-+ return;
-+}
-+
-+static struct option libipt_portscan_opts[] = {
-+ {"stealth", 0, NULL, 'x'},
-+ {"synscan", 0, NULL, 's'},
-+ {"cnscan", 0, NULL, 'c'},
-+ {"grscan", 0, NULL, 'g'},
-+ {NULL},
-+};
-+
-+static struct iptables_match libipt_portscan_info = {
-+ .name = "portscan",
-+ .version = IPTABLES_VERSION,
-+ .size = IPT_ALIGN(sizeof(struct xt_portscan_info)),
-+ .userspacesize = IPT_ALIGN(sizeof(struct xt_portscan_info)),
-+ .help = libipt_portscan_help,
-+ .init = libipt_portscan_mtinit,
-+ .parse = libipt_portscan_parse,
-+ .final_check = libipt_portscan_check,
-+ .print = libipt_portscan_print,
-+ .save = libipt_portscan_save,
-+ .extra_opts = libipt_portscan_opts,
-+};
-+
-+static __attribute__((constructor)) void libipt_portscan_init(void)
-+{
-+ register_match(&libipt_portscan_info);
-+ return;
-+}
-diff -ruN iptables-1.3.5.orig/extensions/.portscan-test iptables-1.3.5/extensions/.portscan-test
---- iptables-1.3.5.orig/extensions/.portscan-test 1970-01-01 01:00:00.000000000 +0100
-+++ iptables-1.3.5/extensions/.portscan-test 2007-01-09 16:05:14.228187134 +0100
-@@ -0,0 +1,2 @@
-+#!/bin/sh
-+[ -f "$KERNEL_DIR/include/linux/netfilter/xt_portscan.h" ] && echo "portscan";
--- /dev/null
+diff -ru keynote-2.3/configure.in keynote-2.3.new/configure.in
+--- keynote-2.3/configure.in 2000-09-27 01:16:28.000000000 +0200
++++ keynote-2.3.new/configure.in 2004-01-16 11:34:03.991537404 +0100
+@@ -21,19 +21,13 @@
+ AC_PATH_PROG(ECHO, echo, /bin/echo)
+ AC_PATH_PROG(SED, sed, /usr/bin/sed)
+
+-dnl Checks for libraries.
+-LIBS="-L/usr/lib -L/usr/local/lib -L/usr/ssl/lib -L/usr/openssl/lib\
+- -L/usr/local/ssl/lib -L/usr/local/openssl/lib -L/usr/pkg/lib -L/pkg/lib"
+-
+ AC_CHECK_LIB(m, floor, LIBS="$LIBS -lm")
+ AC_CHECK_LIB(rsaref, RSAPrivateDecrypt, LIBS="$LIBS -lrsaref")
+ AC_CHECK_LIB(crypto, i2a_ASN1_STRING, LIBS="$LIBS -lcrypto")
+ AC_CHECK_LIB(RSAglue, RSA_ref_private_encrypt, LIBS="$LIBS -lRSAglue")
+
+ dnl Checks for header files.
+-CPPFLAGS="-I/usr/include -I/usr/local/include -I/usr/ssl/include\
+- -I/usr/local/ssl/include -I/usr/openssl/include -I/usr/pkg/include\
+- -I/usr/local/openssl/include -I/pkg/include"
++CPPFLAGS="-I/usr/include/openssl"
+
+ AC_HEADER_STDC
+ AC_HEADER_TIME
+diff -ru keynote-2.3/keynote-keygen.c keynote-2.3.new/keynote-keygen.c
+--- keynote-2.3/keynote-keygen.c 2000-09-27 02:09:13.000000000 +0200
++++ keynote-2.3.new/keynote-keygen.c 2004-01-16 11:32:06.652242269 +0100
+@@ -161,7 +161,7 @@
+ if (strlen(algname) + 2 > prlen)
+ {
+ fprintf(stderr, "Parameter ``print-length'' should be larger "
+- "than the length of AlgorithmName (%d)\n", strlen(algname));
++ "than the length of AlgorithmName (%lu)\n", strlen(algname));
+ exit(-1);
+ }
+
+diff -ru keynote-2.3/keynote.l keynote-2.3.new/keynote.l
+--- keynote-2.3/keynote.l 2000-08-11 22:49:13.000000000 +0200
++++ keynote-2.3.new/keynote.l 2004-01-16 11:17:29.910430978 +0100
+@@ -61,7 +61,8 @@ struct lex_list
+ static struct lex_list *keynote_lex_list = (struct lex_list *) NULL;
+ static int keynote_max_lex_list = 32;
+ static int keynote_lex_counter = 0;
+-static int first_tok = 0;
++extern int first_tok;
++int first_tok = 0;
+ %}
+ digit [0-9]
+ specnumber [1-9][0-9]*
+@@ -766,7 +767,7 @@
+ if (0)
+ {
+ yyunput(0, NULL);
+- yy_flex_realloc(0, NULL);
++ yy_flex_realloc(NULL, 0);
+ }
+
+ return en;
+diff -ru keynote-2.3/keynote-ver.l keynote-2.3.new/keynote-ver.l
+--- keynote-2.3/keynote-ver.l 2000-08-11 22:49:13.000000000 +0200
++++ keynote-2.3.new/keynote-ver.l 2004-01-16 11:31:14.667107044 +0100
+@@ -267,7 +267,7 @@
+ if (0)
+ {
+ yyunput(0, NULL);
+- yy_flex_realloc(0, NULL);
++ yy_flex_realloc(NULL, 0);
+ }
+ }
+
+diff -ru keynote-2.3/keynote-ver.y keynote-2.3.new/keynote-ver.y
+--- keynote-2.3/keynote-ver.y 1999-10-12 00:34:29.000000000 +0200
++++ keynote-2.3.new/keynote-ver.y 2004-01-16 11:07:19.709634736 +0100
+@@ -49,7 +49,7 @@
+ return keynote_errno;
+ free($1);
+ }
+-
++ ;
+ expr: VSTRING EQ STRING { int i = kn_add_action(sessid, $1, $3, 0);
+
+ if (i != 0)
+@@ -64,6 +64,7 @@
+ free($1);
+ free($3);
+ } expr
++ ;
+ %%
+ void
+ kverror(char *s)
+diff -ru keynote-2.3/keynote.y keynote-2.3.new/keynote.y
+--- keynote-2.3/keynote.y 2000-06-14 08:28:23.000000000 +0200
++++ keynote-2.3.new/keynote.y 2004-01-16 11:14:55.365898229 +0100
+@@ -73,8 +73,7 @@
+ %}
+ %%
+
+-grammarswitch: LOCINI { keynote_exceptionflag = keynote_donteval = 0; }
+- localinit
++grammarswitch: LOCINI { keynote_exceptionflag = keynote_donteval = 0; } localinit
+ | ACTSTR { keynote_exceptionflag = keynote_donteval = 0; } program
+ | KEYPRE { keynote_exceptionflag = keynote_donteval = 0; }
+ keypredicate
+@@ -91,17 +90,17 @@
+ STRING { keynote_lex_remove($3);
+ keynote_privkey = $3;
+ }
+-
++ ;
+ keypredicate: /* Nothing */ { keynote_returnvalue = 0;
+ return 0;
+ }
+ | notemptykeypredicate { keynote_returnvalue = $1;
+ return 0;
+ }
+-
++ ;
+ notemptykeypredicate: key { $$ = $1; }
+ | keyexp { $$ = $1; }
+-
++ ;
+ keyexp: notemptykeypredicate AND { if (($1 == 0) && !keynote_justrecord)
+ keynote_donteval = 1;
+ } notemptykeypredicate
+@@ -138,7 +137,7 @@
+ else
+ $$ = 0;
+ } /* K-th */
+-
++ ;
+ keylist: key
+ { /* Don't do anything if we're just recording */
+ if (!keynote_justrecord && !keynote_donteval)
+@@ -155,7 +154,7 @@
+
+ keylistcount++;
+ }
+-
++ ;
+ key: str {
+ if (keynote_donteval)
+ $$ = 0;
+@@ -193,10 +192,10 @@
+ }
+ }
+ }
+-
++ ;
+ localinit: /* Nothing */
+ | localconstants
+-
++ ;
+ localconstants: VARIABLE EQQ STRING
+ {
+ int i;
+@@ -265,12 +264,12 @@
+ if (i != RESULT_TRUE)
+ return -1;
+ } localconstants
+-
++ ;
+ program: prog {
+ keynote_returnvalue = $1;
+ return 0;
+ }
+-
++ ;
+ prog: /* Nada */ { $$ = 0; }
+ | notemptyprog {
+ /*
+@@ -285,7 +284,7 @@
+ else
+ $$ = $4;
+ }
+-
++ ;
+ notemptyprog: expr HINT afterhint
+ {
+ if (checkexception($1))
+@@ -300,7 +299,7 @@
+ else
+ $$ = 0;
+ }
+-
++ ;
+ afterhint: str { if (keynote_exceptionflag || keynote_donteval)
+ $$ = 0;
+ else
+@@ -315,7 +314,7 @@
+ }
+ }
+ | OPENBLOCK prog CLOSEBLOCK { $$ = $2; }
+-
++ ;
+
+ expr: OPENPAREN expr CLOSEPAREN { $$ = $2; }
+ | expr AND { if ($1 == 0)
+@@ -334,19 +333,19 @@
+ | stringexp { $$ = $1; }
+ | TRUE { $$ = 1; }
+ | FALSE { $$ = 0; }
+-
++ ;
+ numexp: numex LT numex { $$ = $1 < $3; }
+ | numex GT numex { $$ = $1 > $3; }
+ | numex EQ numex { $$ = $1 == $3; }
+ | numex LE numex { $$ = $1 <= $3; }
+ | numex GE numex { $$ = $1 >= $3; }
+ | numex NE numex { $$ = $1 != $3; }
+-
++ ;
+ floatexp: floatex LT floatex { $$ = $1 < $3; }
+ | floatex GT floatex { $$ = $1 > $3; }
+ | floatex LE floatex { $$ = $1 <= $3; }
+ | floatex GE floatex { $$ = $1 >= $3; }
+-
++ ;
+ numex: numex PLUS numex { $$ = $1 + $3; }
+ | numex MINUS numex { $$ = $1 - $3; }
+ | numex MULT numex { $$ = $1 * $3; }
+@@ -384,7 +383,7 @@
+ free($2);
+ }
+ }
+-
++ ;
+ floatex: floatex PLUS floatex { $$ = ($1 + $3); }
+ | floatex MINUS floatex { $$ = ($1 - $3); }
+ | floatex MULT floatex { $$ = ($1 * $3); }
+@@ -418,7 +417,7 @@
+ free($2);
+ }
+ }
+-
++ ;
+ stringexp: str EQ str {
+ if (keynote_exceptionflag || keynote_donteval)
+ $$ = 0;
+@@ -529,9 +528,9 @@
+ if (i == 0)
+ {
+ #if !defined(HAVE_SNPRINTF)
+- sprintf(grp, "%d", preg.re_nsub);
++ sprintf(grp, "%d", (int)preg.re_nsub);
+ #else /* !HAVE_SNPRINTF */
+- snprintf(grp, 3, "%d", preg.re_nsub);
++ snprintf(grp, 3, "%d", (int)preg.re_nsub);
+ #endif /* !HAVE_SNPRINTF */
+ if (keynote_env_add("_0", grp, &keynote_temp_list,
+ 1, 0) != RESULT_TRUE)
+@@ -579,7 +578,7 @@
+ }
+ }
+ }
+-
++ ;
+ str: str DOTT str { if (keynote_exceptionflag || keynote_donteval)
+ $$ = (char *) NULL;
+ else
+@@ -605,7 +604,7 @@
+ }
+ }
+ | strnotconcat { $$ = $1; }
+-
++ ;
+ strnotconcat: STRING { $$ = $1; }
+ | OPENPAREN str CLOSEPAREN { $$ = $2; }
+ | VARIABLE { if (keynote_exceptionflag || keynote_donteval)
+@@ -660,6 +659,7 @@
+ return -1;
+ }
+ }
++ ;
+ %%
+
+ /*
+diff -ru keynote-2.3/Makefile.in keynote-2.3.new/Makefile.in
+--- keynote-2.3/Makefile.in 2000-09-27 01:16:27.000000000 +0200
++++ keynote-2.3.new/Makefile.in 2004-01-16 11:35:38.841528129 +0100
+@@ -41,7 +41,7 @@
+ YACCFLAGS = -d -p kn -b k
+ LEXFLAGS2 = -Pkv -s -i
+ LEXFLAGS = -Cr -Pkn -s -i
+-CFLAGS = -O2 -Wall # -g
++CFLAGS = -O2 -Wall -fno-strict-aliasing # -g
+ RMFLAGS2 = -rf
+ RMFLAGS = -f
+ NROFFFLAGS = -mandoc
+diff -ru keynote-2.3/signature.c keynote-2.3.new/signature.c
+--- keynote-2.3/signature.c 1999-10-12 00:34:31.000000000 +0200
++++ keynote-2.3.new/signature.c 2004-01-16 11:30:48.062084986 +0100
+@@ -515,7 +515,7 @@
+ kk = dc->dec_key;
+ if (keytype == KEYNOTE_PRIVATE_KEY)
+ {
+- if (d2i_DSAPrivateKey((DSA **) &kk, &decoded, len) == (DSA *) NULL)
++ if (d2i_DSAPrivateKey((DSA **) &kk, (const unsigned char **) &decoded, len) == (DSA *) NULL)
+ {
+ if (ptr != (unsigned char *) NULL)
+ free(ptr);
+@@ -526,7 +526,7 @@
+ }
+ else
+ {
+- if (d2i_DSAPublicKey((DSA **) &kk, &decoded, len) == (DSA *) NULL)
++ if (d2i_DSAPublicKey((DSA **) &kk, (const unsigned char **) &decoded, len) == (DSA *) NULL)
+ {
+ if (ptr != (unsigned char *) NULL)
+ free(ptr);
+@@ -556,7 +556,7 @@
+ kk = dc->dec_key;
+ if (keytype == KEYNOTE_PRIVATE_KEY)
+ {
+- if (d2i_RSAPrivateKey((RSA **) &kk, &decoded, len) == (RSA *) NULL)
++ if (d2i_RSAPrivateKey((RSA **) &kk, (const unsigned char **) &decoded, len) == (RSA *) NULL)
+ {
+ if (ptr != (unsigned char *) NULL)
+ free(ptr);
+@@ -567,7 +567,7 @@
+ }
+ else
+ {
+- if (d2i_RSAPublicKey((RSA **) &kk, &decoded, len) == (RSA *) NULL)
++ if (d2i_RSAPublicKey((RSA **) &kk, (const unsigned char **) &decoded, len) == (RSA *) NULL)
+ {
+ if (ptr != (unsigned char *) NULL)
+ free(ptr);
--- /dev/null
+diff -urN keynote-2.3/configure keynote-2.3.new/configure
+--- keynote-2.3/configure 2000-09-27 01:16:28.000000000 +0200
++++ keynote-2.3.new/configure 2006-09-01 19:16:35.000000000 +0200
+@@ -889,52 +889,10 @@
+ done
+ test -n "$YACC" || YACC="yacc"
+
+-for ac_prog in openssl ssleay
+-do
+-# Extract the first word of "$ac_prog", so it can be a program name with args.
+-set dummy $ac_prog; ac_word=$2
+-echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
+-echo "configure:898: checking for $ac_word" >&5
+-if eval "test \"`echo '$''{'ac_cv_path_SSLEAY'+set}'`\" = set"; then
+- echo $ac_n "(cached) $ac_c" 1>&6
+-else
+- case "$SSLEAY" in
+- /*)
+- ac_cv_path_SSLEAY="$SSLEAY" # Let the user override the test with a path.
+- ;;
+- ?:/*)
+- ac_cv_path_SSLEAY="$SSLEAY" # Let the user override the test with a dos path.
+- ;;
+- *)
+- IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":"
+- ac_dummy="\
+- $PATH:/usr/local/bin:/usr/local/ssl/sbin:/usr/local/ssl/bin:/usr/ssl/bin:/usr/ssl/sbin:/usr/sbin:/usr/openssl/bin:/usr/openssl/bin:/usr/local/openssl/bin:/usr/local/openssl/sbin"
+- for ac_dir in $ac_dummy; do
+- test -z "$ac_dir" && ac_dir=.
+- if test -f $ac_dir/$ac_word; then
+- ac_cv_path_SSLEAY="$ac_dir/$ac_word"
+- break
+- fi
+- done
+- IFS="$ac_save_ifs"
+- ;;
+-esac
+-fi
+-SSLEAY="$ac_cv_path_SSLEAY"
+-if test -n "$SSLEAY"; then
+- echo "$ac_t""$SSLEAY" 1>&6
+-else
+- echo "$ac_t""no" 1>&6
+-fi
+-
+-test -n "$SSLEAY" && break
+-done
+-test -n "$SSLEAY" || SSLEAY="/usr/local/bin/ssleay"
+-
+ # Extract the first word of "rm", so it can be a program name with args.
+ set dummy rm; ac_word=$2
+ echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
+-echo "configure:938: checking for $ac_word" >&5
++echo "configure:896: checking for $ac_word" >&5
+ if eval "test \"`echo '$''{'ac_cv_path_RM'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+ else
+@@ -970,7 +928,7 @@
+ # Extract the first word of "ar", so it can be a program name with args.
+ set dummy ar; ac_word=$2
+ echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
+-echo "configure:974: checking for $ac_word" >&5
++echo "configure:932: checking for $ac_word" >&5
+ if eval "test \"`echo '$''{'ac_cv_path_AR'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+ else
+@@ -1006,7 +964,7 @@
+ # Extract the first word of "nroff", so it can be a program name with args.
+ set dummy nroff; ac_word=$2
+ echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
+-echo "configure:1010: checking for $ac_word" >&5
++echo "configure:968: checking for $ac_word" >&5
+ if eval "test \"`echo '$''{'ac_cv_path_NROFF'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+ else
+@@ -1042,7 +1000,7 @@
+ # Extract the first word of "tar", so it can be a program name with args.
+ set dummy tar; ac_word=$2
+ echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
+-echo "configure:1046: checking for $ac_word" >&5
++echo "configure:1004: checking for $ac_word" >&5
+ if eval "test \"`echo '$''{'ac_cv_path_TAR'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+ else
+@@ -1078,7 +1036,7 @@
+ # Extract the first word of "true", so it can be a program name with args.
+ set dummy true; ac_word=$2
+ echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
+-echo "configure:1082: checking for $ac_word" >&5
++echo "configure:1040: checking for $ac_word" >&5
+ if eval "test \"`echo '$''{'ac_cv_path_TRUE'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+ else
+@@ -1114,7 +1072,7 @@
+ # Extract the first word of "mkdir", so it can be a program name with args.
+ set dummy mkdir; ac_word=$2
+ echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
+-echo "configure:1118: checking for $ac_word" >&5
++echo "configure:1076: checking for $ac_word" >&5
+ if eval "test \"`echo '$''{'ac_cv_path_MKDIR'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+ else
+@@ -1150,7 +1108,7 @@
+ # Extract the first word of "tr", so it can be a program name with args.
+ set dummy tr; ac_word=$2
+ echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
+-echo "configure:1154: checking for $ac_word" >&5
++echo "configure:1112: checking for $ac_word" >&5
+ if eval "test \"`echo '$''{'ac_cv_path_TR'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+ else
+@@ -1186,7 +1144,7 @@
+ # Extract the first word of "echo", so it can be a program name with args.
+ set dummy echo; ac_word=$2
+ echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
+-echo "configure:1190: checking for $ac_word" >&5
++echo "configure:1148: checking for $ac_word" >&5
+ if eval "test \"`echo '$''{'ac_cv_path_ECHO'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+ else
+@@ -1222,7 +1180,7 @@
+ # Extract the first word of "sed", so it can be a program name with args.
+ set dummy sed; ac_word=$2
+ echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
+-echo "configure:1226: checking for $ac_word" >&5
++echo "configure:1184: checking for $ac_word" >&5
+ if eval "test \"`echo '$''{'ac_cv_path_SED'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+ else
+@@ -1256,11 +1214,8 @@
+ fi
+
+
+-LIBS="-L/usr/lib -L/usr/local/lib -L/usr/ssl/lib -L/usr/openssl/lib\
+- -L/usr/local/ssl/lib -L/usr/local/openssl/lib -L/usr/pkg/lib -L/pkg/lib"
+-
+ echo $ac_n "checking for floor in -lm""... $ac_c" 1>&6
+-echo "configure:1264: checking for floor in -lm" >&5
++echo "configure:1219: checking for floor in -lm" >&5
+ ac_lib_var=`echo m'_'floor | sed 'y%./+-%__p_%'`
+ if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+@@ -1268,7 +1223,7 @@
+ ac_save_LIBS="$LIBS"
+ LIBS="-lm $LIBS"
+ cat > conftest.$ac_ext <<EOF
+-#line 1272 "configure"
++#line 1227 "configure"
+ #include "confdefs.h"
+ /* Override any gcc2 internal prototype to avoid an error. */
+ /* We use char because int might match the return type of a gcc2
+@@ -1279,7 +1234,7 @@
+ floor()
+ ; return 0; }
+ EOF
+-if { (eval echo configure:1283: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
++if { (eval echo configure:1238: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+ rm -rf conftest*
+ eval "ac_cv_lib_$ac_lib_var=yes"
+ else
+@@ -1300,7 +1255,7 @@
+ fi
+
+ echo $ac_n "checking for RSAPrivateDecrypt in -lrsaref""... $ac_c" 1>&6
+-echo "configure:1304: checking for RSAPrivateDecrypt in -lrsaref" >&5
++echo "configure:1259: checking for RSAPrivateDecrypt in -lrsaref" >&5
+ ac_lib_var=`echo rsaref'_'RSAPrivateDecrypt | sed 'y%./+-%__p_%'`
+ if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+@@ -1308,7 +1263,7 @@
+ ac_save_LIBS="$LIBS"
+ LIBS="-lrsaref $LIBS"
+ cat > conftest.$ac_ext <<EOF
+-#line 1312 "configure"
++#line 1267 "configure"
+ #include "confdefs.h"
+ /* Override any gcc2 internal prototype to avoid an error. */
+ /* We use char because int might match the return type of a gcc2
+@@ -1319,7 +1274,7 @@
+ RSAPrivateDecrypt()
+ ; return 0; }
+ EOF
+-if { (eval echo configure:1323: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
++if { (eval echo configure:1278: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+ rm -rf conftest*
+ eval "ac_cv_lib_$ac_lib_var=yes"
+ else
+@@ -1340,7 +1295,7 @@
+ fi
+
+ echo $ac_n "checking for i2a_ASN1_STRING in -lcrypto""... $ac_c" 1>&6
+-echo "configure:1344: checking for i2a_ASN1_STRING in -lcrypto" >&5
++echo "configure:1299: checking for i2a_ASN1_STRING in -lcrypto" >&5
+ ac_lib_var=`echo crypto'_'i2a_ASN1_STRING | sed 'y%./+-%__p_%'`
+ if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+@@ -1348,7 +1303,7 @@
+ ac_save_LIBS="$LIBS"
+ LIBS="-lcrypto $LIBS"
+ cat > conftest.$ac_ext <<EOF
+-#line 1352 "configure"
++#line 1307 "configure"
+ #include "confdefs.h"
+ /* Override any gcc2 internal prototype to avoid an error. */
+ /* We use char because int might match the return type of a gcc2
+@@ -1359,7 +1314,7 @@
+ i2a_ASN1_STRING()
+ ; return 0; }
+ EOF
+-if { (eval echo configure:1363: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
++if { (eval echo configure:1318: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+ rm -rf conftest*
+ eval "ac_cv_lib_$ac_lib_var=yes"
+ else
+@@ -1380,7 +1335,7 @@
+ fi
+
+ echo $ac_n "checking for RSA_ref_private_encrypt in -lRSAglue""... $ac_c" 1>&6
+-echo "configure:1384: checking for RSA_ref_private_encrypt in -lRSAglue" >&5
++echo "configure:1339: checking for RSA_ref_private_encrypt in -lRSAglue" >&5
+ ac_lib_var=`echo RSAglue'_'RSA_ref_private_encrypt | sed 'y%./+-%__p_%'`
+ if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+@@ -1388,7 +1343,7 @@
+ ac_save_LIBS="$LIBS"
+ LIBS="-lRSAglue $LIBS"
+ cat > conftest.$ac_ext <<EOF
+-#line 1392 "configure"
++#line 1347 "configure"
+ #include "confdefs.h"
+ /* Override any gcc2 internal prototype to avoid an error. */
+ /* We use char because int might match the return type of a gcc2
+@@ -1399,7 +1354,7 @@
+ RSA_ref_private_encrypt()
+ ; return 0; }
+ EOF
+-if { (eval echo configure:1403: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
++if { (eval echo configure:1358: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+ rm -rf conftest*
+ eval "ac_cv_lib_$ac_lib_var=yes"
+ else
+@@ -1420,12 +1375,9 @@
+ fi
+
+
+-CPPFLAGS="-I/usr/include -I/usr/local/include -I/usr/ssl/include\
+- -I/usr/local/ssl/include -I/usr/openssl/include -I/usr/pkg/include\
+- -I/usr/local/openssl/include -I/pkg/include"
+
+ echo $ac_n "checking how to run the C preprocessor""... $ac_c" 1>&6
+-echo "configure:1429: checking how to run the C preprocessor" >&5
++echo "configure:1381: checking how to run the C preprocessor" >&5
+ # On Suns, sometimes $CPP names a directory.
+ if test -n "$CPP" && test -d "$CPP"; then
+ CPP=
+@@ -1440,13 +1392,13 @@
+ # On the NeXT, cc -E runs the code through the compiler's parser,
+ # not just through cpp.
+ cat > conftest.$ac_ext <<EOF
+-#line 1444 "configure"
++#line 1396 "configure"
+ #include "confdefs.h"
+ #include <assert.h>
+ Syntax Error
+ EOF
+ ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
+-{ (eval echo configure:1450: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
++{ (eval echo configure:1402: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+ ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
+ if test -z "$ac_err"; then
+ :
+@@ -1457,13 +1409,13 @@
+ rm -rf conftest*
+ CPP="${CC-cc} -E -traditional-cpp"
+ cat > conftest.$ac_ext <<EOF
+-#line 1461 "configure"
++#line 1413 "configure"
+ #include "confdefs.h"
+ #include <assert.h>
+ Syntax Error
+ EOF
+ ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
+-{ (eval echo configure:1467: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
++{ (eval echo configure:1419: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+ ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
+ if test -z "$ac_err"; then
+ :
+@@ -1474,13 +1426,13 @@
+ rm -rf conftest*
+ CPP="${CC-cc} -nologo -E"
+ cat > conftest.$ac_ext <<EOF
+-#line 1478 "configure"
++#line 1430 "configure"
+ #include "confdefs.h"
+ #include <assert.h>
+ Syntax Error
+ EOF
+ ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
+-{ (eval echo configure:1484: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
++{ (eval echo configure:1436: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+ ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
+ if test -z "$ac_err"; then
+ :
+@@ -1505,12 +1457,12 @@
+ echo "$ac_t""$CPP" 1>&6
+
+ echo $ac_n "checking for ANSI C header files""... $ac_c" 1>&6
+-echo "configure:1509: checking for ANSI C header files" >&5
++echo "configure:1461: checking for ANSI C header files" >&5
+ if eval "test \"`echo '$''{'ac_cv_header_stdc'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+ else
+ cat > conftest.$ac_ext <<EOF
+-#line 1514 "configure"
++#line 1466 "configure"
+ #include "confdefs.h"
+ #include <stdlib.h>
+ #include <stdarg.h>
+@@ -1518,7 +1470,7 @@
+ #include <float.h>
+ EOF
+ ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
+-{ (eval echo configure:1522: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
++{ (eval echo configure:1474: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+ ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
+ if test -z "$ac_err"; then
+ rm -rf conftest*
+@@ -1535,7 +1487,7 @@
+ if test $ac_cv_header_stdc = yes; then
+ # SunOS 4.x string.h does not declare mem*, contrary to ANSI.
+ cat > conftest.$ac_ext <<EOF
+-#line 1539 "configure"
++#line 1491 "configure"
+ #include "confdefs.h"
+ #include <string.h>
+ EOF
+@@ -1553,7 +1505,7 @@
+ if test $ac_cv_header_stdc = yes; then
+ # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI.
+ cat > conftest.$ac_ext <<EOF
+-#line 1557 "configure"
++#line 1509 "configure"
+ #include "confdefs.h"
+ #include <stdlib.h>
+ EOF
+@@ -1574,7 +1526,7 @@
+ :
+ else
+ cat > conftest.$ac_ext <<EOF
+-#line 1578 "configure"
++#line 1530 "configure"
+ #include "confdefs.h"
+ #include <ctype.h>
+ #define ISLOWER(c) ('a' <= (c) && (c) <= 'z')
+@@ -1585,7 +1537,7 @@
+ exit (0); }
+
+ EOF
+-if { (eval echo configure:1589: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
++if { (eval echo configure:1541: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+ then
+ :
+ else
+@@ -1609,12 +1561,12 @@
+ fi
+
+ echo $ac_n "checking whether time.h and sys/time.h may both be included""... $ac_c" 1>&6
+-echo "configure:1613: checking whether time.h and sys/time.h may both be included" >&5
++echo "configure:1565: checking whether time.h and sys/time.h may both be included" >&5
+ if eval "test \"`echo '$''{'ac_cv_header_time'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+ else
+ cat > conftest.$ac_ext <<EOF
+-#line 1618 "configure"
++#line 1570 "configure"
+ #include "confdefs.h"
+ #include <sys/types.h>
+ #include <sys/time.h>
+@@ -1623,7 +1575,7 @@
+ struct tm *tp;
+ ; return 0; }
+ EOF
+-if { (eval echo configure:1627: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
++if { (eval echo configure:1579: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+ rm -rf conftest*
+ ac_cv_header_time=yes
+ else
+@@ -1647,17 +1599,17 @@
+ do
+ ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
+ echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
+-echo "configure:1651: checking for $ac_hdr" >&5
++echo "configure:1603: checking for $ac_hdr" >&5
+ if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+ else
+ cat > conftest.$ac_ext <<EOF
+-#line 1656 "configure"
++#line 1608 "configure"
+ #include "confdefs.h"
+ #include <$ac_hdr>
+ EOF
+ ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
+-{ (eval echo configure:1661: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
++{ (eval echo configure:1613: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+ ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
+ if test -z "$ac_err"; then
+ rm -rf conftest*
+@@ -1687,17 +1639,17 @@
+ do
+ ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
+ echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
+-echo "configure:1691: checking for $ac_hdr" >&5
++echo "configure:1643: checking for $ac_hdr" >&5
+ if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+ else
+ cat > conftest.$ac_ext <<EOF
+-#line 1696 "configure"
++#line 1648 "configure"
+ #include "confdefs.h"
+ #include <$ac_hdr>
+ EOF
+ ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
+-{ (eval echo configure:1701: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
++{ (eval echo configure:1653: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+ ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
+ if test -z "$ac_err"; then
+ rm -rf conftest*
+@@ -1726,12 +1678,12 @@
+
+
+ echo $ac_n "checking for working const""... $ac_c" 1>&6
+-echo "configure:1730: checking for working const" >&5
++echo "configure:1682: checking for working const" >&5
+ if eval "test \"`echo '$''{'ac_cv_c_const'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+ else
+ cat > conftest.$ac_ext <<EOF
+-#line 1735 "configure"
++#line 1687 "configure"
+ #include "confdefs.h"
+
+ int main() {
+@@ -1780,7 +1732,7 @@
+
+ ; return 0; }
+ EOF
+-if { (eval echo configure:1784: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
++if { (eval echo configure:1736: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+ rm -rf conftest*
+ ac_cv_c_const=yes
+ else
+@@ -1801,12 +1753,12 @@
+ fi
+
+ echo $ac_n "checking for u_int""... $ac_c" 1>&6
+-echo "configure:1805: checking for u_int" >&5
++echo "configure:1757: checking for u_int" >&5
+ if eval "test \"`echo '$''{'ac_cv_type_u_int'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+ else
+ cat > conftest.$ac_ext <<EOF
+-#line 1810 "configure"
++#line 1762 "configure"
+ #include "confdefs.h"
+ #include <sys/types.h>
+ #if STDC_HEADERS
+@@ -1834,12 +1786,12 @@
+ fi
+
+ echo $ac_n "checking for u_char""... $ac_c" 1>&6
+-echo "configure:1838: checking for u_char" >&5
++echo "configure:1790: checking for u_char" >&5
+ if eval "test \"`echo '$''{'ac_cv_type_u_char'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+ else
+ cat > conftest.$ac_ext <<EOF
+-#line 1843 "configure"
++#line 1795 "configure"
+ #include "confdefs.h"
+ #include <sys/types.h>
+ #if STDC_HEADERS
+@@ -1870,12 +1822,12 @@
+ for ac_func in regcomp open close read _open _close _read strchr memcpy
+ do
+ echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
+-echo "configure:1874: checking for $ac_func" >&5
++echo "configure:1826: checking for $ac_func" >&5
+ if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+ else
+ cat > conftest.$ac_ext <<EOF
+-#line 1879 "configure"
++#line 1831 "configure"
+ #include "confdefs.h"
+ /* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char $ac_func(); below. */
+@@ -1898,7 +1850,7 @@
+
+ ; return 0; }
+ EOF
+-if { (eval echo configure:1902: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
++if { (eval echo configure:1854: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+ rm -rf conftest*
+ eval "ac_cv_func_$ac_func=yes"
+ else
+@@ -1925,12 +1877,12 @@
+ for ac_func in strcasecmp strncasecmp stricmp strnicmp snprintf __b64_ntop
+ do
+ echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
+-echo "configure:1929: checking for $ac_func" >&5
++echo "configure:1881: checking for $ac_func" >&5
+ if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+ else
+ cat > conftest.$ac_ext <<EOF
+-#line 1934 "configure"
++#line 1886 "configure"
+ #include "confdefs.h"
+ /* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char $ac_func(); below. */
+@@ -1953,7 +1905,7 @@
+
+ ; return 0; }
+ EOF
+-if { (eval echo configure:1957: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
++if { (eval echo configure:1909: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+ rm -rf conftest*
+ eval "ac_cv_func_$ac_func=yes"
+ else
+@@ -1980,12 +1932,12 @@
+ for ac_func in getopt
+ do
+ echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
+-echo "configure:1984: checking for $ac_func" >&5
++echo "configure:1936: checking for $ac_func" >&5
+ if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+ else
+ cat > conftest.$ac_ext <<EOF
+-#line 1989 "configure"
++#line 1941 "configure"
+ #include "confdefs.h"
+ /* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char $ac_func(); below. */
+@@ -2008,7 +1960,7 @@
+
+ ; return 0; }
+ EOF
+-if { (eval echo configure:2012: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
++if { (eval echo configure:1964: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+ rm -rf conftest*
+ eval "ac_cv_func_$ac_func=yes"
+ else
+@@ -2172,7 +2124,6 @@
+ s%@CC@%$CC%g
+ s%@RANLIB@%$RANLIB%g
+ s%@YACC@%$YACC%g
+-s%@SSLEAY@%$SSLEAY%g
+ s%@RM@%$RM%g
+ s%@AR@%$AR%g
+ s%@NROFF@%$NROFF%g
+diff -urN keynote-2.3/configure.in keynote-2.3.new/configure.in
+--- keynote-2.3/configure.in 2006-09-01 19:08:13.000000000 +0200
++++ keynote-2.3.new/configure.in 2006-09-01 19:16:05.000000000 +0200
+@@ -9,8 +9,8 @@
+ AC_PROG_CC
+ AC_PROG_RANLIB
+ AC_PROG_YACC
+-AC_PATH_PROGS(SSLEAY, openssl ssleay, /usr/local/bin/ssleay, \
+- $PATH:/usr/local/bin:/usr/local/ssl/sbin:/usr/local/ssl/bin:/usr/ssl/bin:/usr/ssl/sbin:/usr/sbin:/usr/openssl/bin:/usr/openssl/bin:/usr/local/openssl/bin:/usr/local/openssl/sbin)
++dnl AC_PATH_PROGS(SSLEAY, openssl ssleay, /usr/local/bin/ssleay, \
++dnl $PATH:/usr/local/bin:/usr/local/ssl/sbin:/usr/local/ssl/bin:/usr/ssl/bin:/usr/ssl/sbin:/usr/sbin:/usr/openssl/bin:/usr/openssl/bin:/usr/local/openssl/bin:/usr/local/openssl/sbin)
+ AC_PATH_PROG(RM, rm, /bin/rm)
+ AC_PATH_PROG(AR, ar, /usr/bin/ar)
+ AC_PATH_PROG(NROFF, nroff, /usr/bin/nroff)
+@@ -27,7 +27,7 @@
+ AC_CHECK_LIB(RSAglue, RSA_ref_private_encrypt, LIBS="$LIBS -lRSAglue")
+
+ dnl Checks for header files.
+-CPPFLAGS="-I/usr/include/openssl"
++dnl CPPFLAGS="-I/usr/include/openssl"
+
+ AC_HEADER_STDC
+ AC_HEADER_TIME
+++ /dev/null
-diff -ru keynote-2.3/configure.in keynote-2.3.new/configure.in
---- keynote-2.3/configure.in 2000-09-27 01:16:28.000000000 +0200
-+++ keynote-2.3.new/configure.in 2004-01-16 11:34:03.991537404 +0100
-@@ -21,19 +21,13 @@
- AC_PATH_PROG(ECHO, echo, /bin/echo)
- AC_PATH_PROG(SED, sed, /usr/bin/sed)
-
--dnl Checks for libraries.
--LIBS="-L/usr/lib -L/usr/local/lib -L/usr/ssl/lib -L/usr/openssl/lib\
-- -L/usr/local/ssl/lib -L/usr/local/openssl/lib -L/usr/pkg/lib -L/pkg/lib"
--
- AC_CHECK_LIB(m, floor, LIBS="$LIBS -lm")
- AC_CHECK_LIB(rsaref, RSAPrivateDecrypt, LIBS="$LIBS -lrsaref")
- AC_CHECK_LIB(crypto, i2a_ASN1_STRING, LIBS="$LIBS -lcrypto")
- AC_CHECK_LIB(RSAglue, RSA_ref_private_encrypt, LIBS="$LIBS -lRSAglue")
-
- dnl Checks for header files.
--CPPFLAGS="-I/usr/include -I/usr/local/include -I/usr/ssl/include\
-- -I/usr/local/ssl/include -I/usr/openssl/include -I/usr/pkg/include\
-- -I/usr/local/openssl/include -I/pkg/include"
-+CPPFLAGS="-I/usr/include/openssl"
-
- AC_HEADER_STDC
- AC_HEADER_TIME
-diff -ru keynote-2.3/keynote-keygen.c keynote-2.3.new/keynote-keygen.c
---- keynote-2.3/keynote-keygen.c 2000-09-27 02:09:13.000000000 +0200
-+++ keynote-2.3.new/keynote-keygen.c 2004-01-16 11:32:06.652242269 +0100
-@@ -161,7 +161,7 @@
- if (strlen(algname) + 2 > prlen)
- {
- fprintf(stderr, "Parameter ``print-length'' should be larger "
-- "than the length of AlgorithmName (%d)\n", strlen(algname));
-+ "than the length of AlgorithmName (%lu)\n", strlen(algname));
- exit(-1);
- }
-
-diff -ru keynote-2.3/keynote.l keynote-2.3.new/keynote.l
---- keynote-2.3/keynote.l 2000-08-11 22:49:13.000000000 +0200
-+++ keynote-2.3.new/keynote.l 2004-01-16 11:17:29.910430978 +0100
-@@ -61,7 +61,8 @@ struct lex_list
- static struct lex_list *keynote_lex_list = (struct lex_list *) NULL;
- static int keynote_max_lex_list = 32;
- static int keynote_lex_counter = 0;
--static int first_tok = 0;
-+extern int first_tok;
-+int first_tok = 0;
- %}
- digit [0-9]
- specnumber [1-9][0-9]*
-@@ -766,7 +767,7 @@
- if (0)
- {
- yyunput(0, NULL);
-- yy_flex_realloc(0, NULL);
-+ yy_flex_realloc(NULL, 0);
- }
-
- return en;
-diff -ru keynote-2.3/keynote-ver.l keynote-2.3.new/keynote-ver.l
---- keynote-2.3/keynote-ver.l 2000-08-11 22:49:13.000000000 +0200
-+++ keynote-2.3.new/keynote-ver.l 2004-01-16 11:31:14.667107044 +0100
-@@ -267,7 +267,7 @@
- if (0)
- {
- yyunput(0, NULL);
-- yy_flex_realloc(0, NULL);
-+ yy_flex_realloc(NULL, 0);
- }
- }
-
-diff -ru keynote-2.3/keynote-ver.y keynote-2.3.new/keynote-ver.y
---- keynote-2.3/keynote-ver.y 1999-10-12 00:34:29.000000000 +0200
-+++ keynote-2.3.new/keynote-ver.y 2004-01-16 11:07:19.709634736 +0100
-@@ -49,7 +49,7 @@
- return keynote_errno;
- free($1);
- }
--
-+ ;
- expr: VSTRING EQ STRING { int i = kn_add_action(sessid, $1, $3, 0);
-
- if (i != 0)
-@@ -64,6 +64,7 @@
- free($1);
- free($3);
- } expr
-+ ;
- %%
- void
- kverror(char *s)
-diff -ru keynote-2.3/keynote.y keynote-2.3.new/keynote.y
---- keynote-2.3/keynote.y 2000-06-14 08:28:23.000000000 +0200
-+++ keynote-2.3.new/keynote.y 2004-01-16 11:14:55.365898229 +0100
-@@ -73,8 +73,7 @@
- %}
- %%
-
--grammarswitch: LOCINI { keynote_exceptionflag = keynote_donteval = 0; }
-- localinit
-+grammarswitch: LOCINI { keynote_exceptionflag = keynote_donteval = 0; } localinit
- | ACTSTR { keynote_exceptionflag = keynote_donteval = 0; } program
- | KEYPRE { keynote_exceptionflag = keynote_donteval = 0; }
- keypredicate
-@@ -91,17 +90,17 @@
- STRING { keynote_lex_remove($3);
- keynote_privkey = $3;
- }
--
-+ ;
- keypredicate: /* Nothing */ { keynote_returnvalue = 0;
- return 0;
- }
- | notemptykeypredicate { keynote_returnvalue = $1;
- return 0;
- }
--
-+ ;
- notemptykeypredicate: key { $$ = $1; }
- | keyexp { $$ = $1; }
--
-+ ;
- keyexp: notemptykeypredicate AND { if (($1 == 0) && !keynote_justrecord)
- keynote_donteval = 1;
- } notemptykeypredicate
-@@ -138,7 +137,7 @@
- else
- $$ = 0;
- } /* K-th */
--
-+ ;
- keylist: key
- { /* Don't do anything if we're just recording */
- if (!keynote_justrecord && !keynote_donteval)
-@@ -155,7 +154,7 @@
-
- keylistcount++;
- }
--
-+ ;
- key: str {
- if (keynote_donteval)
- $$ = 0;
-@@ -193,10 +192,10 @@
- }
- }
- }
--
-+ ;
- localinit: /* Nothing */
- | localconstants
--
-+ ;
- localconstants: VARIABLE EQQ STRING
- {
- int i;
-@@ -265,12 +264,12 @@
- if (i != RESULT_TRUE)
- return -1;
- } localconstants
--
-+ ;
- program: prog {
- keynote_returnvalue = $1;
- return 0;
- }
--
-+ ;
- prog: /* Nada */ { $$ = 0; }
- | notemptyprog {
- /*
-@@ -285,7 +284,7 @@
- else
- $$ = $4;
- }
--
-+ ;
- notemptyprog: expr HINT afterhint
- {
- if (checkexception($1))
-@@ -300,7 +299,7 @@
- else
- $$ = 0;
- }
--
-+ ;
- afterhint: str { if (keynote_exceptionflag || keynote_donteval)
- $$ = 0;
- else
-@@ -315,7 +314,7 @@
- }
- }
- | OPENBLOCK prog CLOSEBLOCK { $$ = $2; }
--
-+ ;
-
- expr: OPENPAREN expr CLOSEPAREN { $$ = $2; }
- | expr AND { if ($1 == 0)
-@@ -334,19 +333,19 @@
- | stringexp { $$ = $1; }
- | TRUE { $$ = 1; }
- | FALSE { $$ = 0; }
--
-+ ;
- numexp: numex LT numex { $$ = $1 < $3; }
- | numex GT numex { $$ = $1 > $3; }
- | numex EQ numex { $$ = $1 == $3; }
- | numex LE numex { $$ = $1 <= $3; }
- | numex GE numex { $$ = $1 >= $3; }
- | numex NE numex { $$ = $1 != $3; }
--
-+ ;
- floatexp: floatex LT floatex { $$ = $1 < $3; }
- | floatex GT floatex { $$ = $1 > $3; }
- | floatex LE floatex { $$ = $1 <= $3; }
- | floatex GE floatex { $$ = $1 >= $3; }
--
-+ ;
- numex: numex PLUS numex { $$ = $1 + $3; }
- | numex MINUS numex { $$ = $1 - $3; }
- | numex MULT numex { $$ = $1 * $3; }
-@@ -384,7 +383,7 @@
- free($2);
- }
- }
--
-+ ;
- floatex: floatex PLUS floatex { $$ = ($1 + $3); }
- | floatex MINUS floatex { $$ = ($1 - $3); }
- | floatex MULT floatex { $$ = ($1 * $3); }
-@@ -418,7 +417,7 @@
- free($2);
- }
- }
--
-+ ;
- stringexp: str EQ str {
- if (keynote_exceptionflag || keynote_donteval)
- $$ = 0;
-@@ -529,9 +528,9 @@
- if (i == 0)
- {
- #if !defined(HAVE_SNPRINTF)
-- sprintf(grp, "%d", preg.re_nsub);
-+ sprintf(grp, "%d", (int)preg.re_nsub);
- #else /* !HAVE_SNPRINTF */
-- snprintf(grp, 3, "%d", preg.re_nsub);
-+ snprintf(grp, 3, "%d", (int)preg.re_nsub);
- #endif /* !HAVE_SNPRINTF */
- if (keynote_env_add("_0", grp, &keynote_temp_list,
- 1, 0) != RESULT_TRUE)
-@@ -579,7 +578,7 @@
- }
- }
- }
--
-+ ;
- str: str DOTT str { if (keynote_exceptionflag || keynote_donteval)
- $$ = (char *) NULL;
- else
-@@ -605,7 +604,7 @@
- }
- }
- | strnotconcat { $$ = $1; }
--
-+ ;
- strnotconcat: STRING { $$ = $1; }
- | OPENPAREN str CLOSEPAREN { $$ = $2; }
- | VARIABLE { if (keynote_exceptionflag || keynote_donteval)
-@@ -660,6 +659,7 @@
- return -1;
- }
- }
-+ ;
- %%
-
- /*
-diff -ru keynote-2.3/Makefile.in keynote-2.3.new/Makefile.in
---- keynote-2.3/Makefile.in 2000-09-27 01:16:27.000000000 +0200
-+++ keynote-2.3.new/Makefile.in 2004-01-16 11:35:38.841528129 +0100
-@@ -41,7 +41,7 @@
- YACCFLAGS = -d -p kn -b k
- LEXFLAGS2 = -Pkv -s -i
- LEXFLAGS = -Cr -Pkn -s -i
--CFLAGS = -O2 -Wall # -g
-+CFLAGS = -O2 -Wall -fno-strict-aliasing # -g
- RMFLAGS2 = -rf
- RMFLAGS = -f
- NROFFFLAGS = -mandoc
-diff -ru keynote-2.3/signature.c keynote-2.3.new/signature.c
---- keynote-2.3/signature.c 1999-10-12 00:34:31.000000000 +0200
-+++ keynote-2.3.new/signature.c 2004-01-16 11:30:48.062084986 +0100
-@@ -515,7 +515,7 @@
- kk = dc->dec_key;
- if (keytype == KEYNOTE_PRIVATE_KEY)
- {
-- if (d2i_DSAPrivateKey((DSA **) &kk, &decoded, len) == (DSA *) NULL)
-+ if (d2i_DSAPrivateKey((DSA **) &kk, (const unsigned char **) &decoded, len) == (DSA *) NULL)
- {
- if (ptr != (unsigned char *) NULL)
- free(ptr);
-@@ -526,7 +526,7 @@
- }
- else
- {
-- if (d2i_DSAPublicKey((DSA **) &kk, &decoded, len) == (DSA *) NULL)
-+ if (d2i_DSAPublicKey((DSA **) &kk, (const unsigned char **) &decoded, len) == (DSA *) NULL)
- {
- if (ptr != (unsigned char *) NULL)
- free(ptr);
-@@ -556,7 +556,7 @@
- kk = dc->dec_key;
- if (keytype == KEYNOTE_PRIVATE_KEY)
- {
-- if (d2i_RSAPrivateKey((RSA **) &kk, &decoded, len) == (RSA *) NULL)
-+ if (d2i_RSAPrivateKey((RSA **) &kk, (const unsigned char **) &decoded, len) == (RSA *) NULL)
- {
- if (ptr != (unsigned char *) NULL)
- free(ptr);
-@@ -567,7 +567,7 @@
- }
- else
- {
-- if (d2i_RSAPublicKey((RSA **) &kk, &decoded, len) == (RSA *) NULL)
-+ if (d2i_RSAPublicKey((RSA **) &kk, (const unsigned char **) &decoded, len) == (RSA *) NULL)
- {
- if (ptr != (unsigned char *) NULL)
- free(ptr);
+++ /dev/null
-diff -urN keynote-2.3/configure keynote-2.3.new/configure
---- keynote-2.3/configure 2000-09-27 01:16:28.000000000 +0200
-+++ keynote-2.3.new/configure 2006-09-01 19:16:35.000000000 +0200
-@@ -889,52 +889,10 @@
- done
- test -n "$YACC" || YACC="yacc"
-
--for ac_prog in openssl ssleay
--do
--# Extract the first word of "$ac_prog", so it can be a program name with args.
--set dummy $ac_prog; ac_word=$2
--echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
--echo "configure:898: checking for $ac_word" >&5
--if eval "test \"`echo '$''{'ac_cv_path_SSLEAY'+set}'`\" = set"; then
-- echo $ac_n "(cached) $ac_c" 1>&6
--else
-- case "$SSLEAY" in
-- /*)
-- ac_cv_path_SSLEAY="$SSLEAY" # Let the user override the test with a path.
-- ;;
-- ?:/*)
-- ac_cv_path_SSLEAY="$SSLEAY" # Let the user override the test with a dos path.
-- ;;
-- *)
-- IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":"
-- ac_dummy="\
-- $PATH:/usr/local/bin:/usr/local/ssl/sbin:/usr/local/ssl/bin:/usr/ssl/bin:/usr/ssl/sbin:/usr/sbin:/usr/openssl/bin:/usr/openssl/bin:/usr/local/openssl/bin:/usr/local/openssl/sbin"
-- for ac_dir in $ac_dummy; do
-- test -z "$ac_dir" && ac_dir=.
-- if test -f $ac_dir/$ac_word; then
-- ac_cv_path_SSLEAY="$ac_dir/$ac_word"
-- break
-- fi
-- done
-- IFS="$ac_save_ifs"
-- ;;
--esac
--fi
--SSLEAY="$ac_cv_path_SSLEAY"
--if test -n "$SSLEAY"; then
-- echo "$ac_t""$SSLEAY" 1>&6
--else
-- echo "$ac_t""no" 1>&6
--fi
--
--test -n "$SSLEAY" && break
--done
--test -n "$SSLEAY" || SSLEAY="/usr/local/bin/ssleay"
--
- # Extract the first word of "rm", so it can be a program name with args.
- set dummy rm; ac_word=$2
- echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
--echo "configure:938: checking for $ac_word" >&5
-+echo "configure:896: checking for $ac_word" >&5
- if eval "test \"`echo '$''{'ac_cv_path_RM'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
- else
-@@ -970,7 +928,7 @@
- # Extract the first word of "ar", so it can be a program name with args.
- set dummy ar; ac_word=$2
- echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
--echo "configure:974: checking for $ac_word" >&5
-+echo "configure:932: checking for $ac_word" >&5
- if eval "test \"`echo '$''{'ac_cv_path_AR'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
- else
-@@ -1006,7 +964,7 @@
- # Extract the first word of "nroff", so it can be a program name with args.
- set dummy nroff; ac_word=$2
- echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
--echo "configure:1010: checking for $ac_word" >&5
-+echo "configure:968: checking for $ac_word" >&5
- if eval "test \"`echo '$''{'ac_cv_path_NROFF'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
- else
-@@ -1042,7 +1000,7 @@
- # Extract the first word of "tar", so it can be a program name with args.
- set dummy tar; ac_word=$2
- echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
--echo "configure:1046: checking for $ac_word" >&5
-+echo "configure:1004: checking for $ac_word" >&5
- if eval "test \"`echo '$''{'ac_cv_path_TAR'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
- else
-@@ -1078,7 +1036,7 @@
- # Extract the first word of "true", so it can be a program name with args.
- set dummy true; ac_word=$2
- echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
--echo "configure:1082: checking for $ac_word" >&5
-+echo "configure:1040: checking for $ac_word" >&5
- if eval "test \"`echo '$''{'ac_cv_path_TRUE'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
- else
-@@ -1114,7 +1072,7 @@
- # Extract the first word of "mkdir", so it can be a program name with args.
- set dummy mkdir; ac_word=$2
- echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
--echo "configure:1118: checking for $ac_word" >&5
-+echo "configure:1076: checking for $ac_word" >&5
- if eval "test \"`echo '$''{'ac_cv_path_MKDIR'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
- else
-@@ -1150,7 +1108,7 @@
- # Extract the first word of "tr", so it can be a program name with args.
- set dummy tr; ac_word=$2
- echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
--echo "configure:1154: checking for $ac_word" >&5
-+echo "configure:1112: checking for $ac_word" >&5
- if eval "test \"`echo '$''{'ac_cv_path_TR'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
- else
-@@ -1186,7 +1144,7 @@
- # Extract the first word of "echo", so it can be a program name with args.
- set dummy echo; ac_word=$2
- echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
--echo "configure:1190: checking for $ac_word" >&5
-+echo "configure:1148: checking for $ac_word" >&5
- if eval "test \"`echo '$''{'ac_cv_path_ECHO'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
- else
-@@ -1222,7 +1180,7 @@
- # Extract the first word of "sed", so it can be a program name with args.
- set dummy sed; ac_word=$2
- echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
--echo "configure:1226: checking for $ac_word" >&5
-+echo "configure:1184: checking for $ac_word" >&5
- if eval "test \"`echo '$''{'ac_cv_path_SED'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
- else
-@@ -1256,11 +1214,8 @@
- fi
-
-
--LIBS="-L/usr/lib -L/usr/local/lib -L/usr/ssl/lib -L/usr/openssl/lib\
-- -L/usr/local/ssl/lib -L/usr/local/openssl/lib -L/usr/pkg/lib -L/pkg/lib"
--
- echo $ac_n "checking for floor in -lm""... $ac_c" 1>&6
--echo "configure:1264: checking for floor in -lm" >&5
-+echo "configure:1219: checking for floor in -lm" >&5
- ac_lib_var=`echo m'_'floor | sed 'y%./+-%__p_%'`
- if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
-@@ -1268,7 +1223,7 @@
- ac_save_LIBS="$LIBS"
- LIBS="-lm $LIBS"
- cat > conftest.$ac_ext <<EOF
--#line 1272 "configure"
-+#line 1227 "configure"
- #include "confdefs.h"
- /* Override any gcc2 internal prototype to avoid an error. */
- /* We use char because int might match the return type of a gcc2
-@@ -1279,7 +1234,7 @@
- floor()
- ; return 0; }
- EOF
--if { (eval echo configure:1283: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
-+if { (eval echo configure:1238: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
- rm -rf conftest*
- eval "ac_cv_lib_$ac_lib_var=yes"
- else
-@@ -1300,7 +1255,7 @@
- fi
-
- echo $ac_n "checking for RSAPrivateDecrypt in -lrsaref""... $ac_c" 1>&6
--echo "configure:1304: checking for RSAPrivateDecrypt in -lrsaref" >&5
-+echo "configure:1259: checking for RSAPrivateDecrypt in -lrsaref" >&5
- ac_lib_var=`echo rsaref'_'RSAPrivateDecrypt | sed 'y%./+-%__p_%'`
- if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
-@@ -1308,7 +1263,7 @@
- ac_save_LIBS="$LIBS"
- LIBS="-lrsaref $LIBS"
- cat > conftest.$ac_ext <<EOF
--#line 1312 "configure"
-+#line 1267 "configure"
- #include "confdefs.h"
- /* Override any gcc2 internal prototype to avoid an error. */
- /* We use char because int might match the return type of a gcc2
-@@ -1319,7 +1274,7 @@
- RSAPrivateDecrypt()
- ; return 0; }
- EOF
--if { (eval echo configure:1323: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
-+if { (eval echo configure:1278: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
- rm -rf conftest*
- eval "ac_cv_lib_$ac_lib_var=yes"
- else
-@@ -1340,7 +1295,7 @@
- fi
-
- echo $ac_n "checking for i2a_ASN1_STRING in -lcrypto""... $ac_c" 1>&6
--echo "configure:1344: checking for i2a_ASN1_STRING in -lcrypto" >&5
-+echo "configure:1299: checking for i2a_ASN1_STRING in -lcrypto" >&5
- ac_lib_var=`echo crypto'_'i2a_ASN1_STRING | sed 'y%./+-%__p_%'`
- if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
-@@ -1348,7 +1303,7 @@
- ac_save_LIBS="$LIBS"
- LIBS="-lcrypto $LIBS"
- cat > conftest.$ac_ext <<EOF
--#line 1352 "configure"
-+#line 1307 "configure"
- #include "confdefs.h"
- /* Override any gcc2 internal prototype to avoid an error. */
- /* We use char because int might match the return type of a gcc2
-@@ -1359,7 +1314,7 @@
- i2a_ASN1_STRING()
- ; return 0; }
- EOF
--if { (eval echo configure:1363: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
-+if { (eval echo configure:1318: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
- rm -rf conftest*
- eval "ac_cv_lib_$ac_lib_var=yes"
- else
-@@ -1380,7 +1335,7 @@
- fi
-
- echo $ac_n "checking for RSA_ref_private_encrypt in -lRSAglue""... $ac_c" 1>&6
--echo "configure:1384: checking for RSA_ref_private_encrypt in -lRSAglue" >&5
-+echo "configure:1339: checking for RSA_ref_private_encrypt in -lRSAglue" >&5
- ac_lib_var=`echo RSAglue'_'RSA_ref_private_encrypt | sed 'y%./+-%__p_%'`
- if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
-@@ -1388,7 +1343,7 @@
- ac_save_LIBS="$LIBS"
- LIBS="-lRSAglue $LIBS"
- cat > conftest.$ac_ext <<EOF
--#line 1392 "configure"
-+#line 1347 "configure"
- #include "confdefs.h"
- /* Override any gcc2 internal prototype to avoid an error. */
- /* We use char because int might match the return type of a gcc2
-@@ -1399,7 +1354,7 @@
- RSA_ref_private_encrypt()
- ; return 0; }
- EOF
--if { (eval echo configure:1403: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
-+if { (eval echo configure:1358: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
- rm -rf conftest*
- eval "ac_cv_lib_$ac_lib_var=yes"
- else
-@@ -1420,12 +1375,9 @@
- fi
-
-
--CPPFLAGS="-I/usr/include -I/usr/local/include -I/usr/ssl/include\
-- -I/usr/local/ssl/include -I/usr/openssl/include -I/usr/pkg/include\
-- -I/usr/local/openssl/include -I/pkg/include"
-
- echo $ac_n "checking how to run the C preprocessor""... $ac_c" 1>&6
--echo "configure:1429: checking how to run the C preprocessor" >&5
-+echo "configure:1381: checking how to run the C preprocessor" >&5
- # On Suns, sometimes $CPP names a directory.
- if test -n "$CPP" && test -d "$CPP"; then
- CPP=
-@@ -1440,13 +1392,13 @@
- # On the NeXT, cc -E runs the code through the compiler's parser,
- # not just through cpp.
- cat > conftest.$ac_ext <<EOF
--#line 1444 "configure"
-+#line 1396 "configure"
- #include "confdefs.h"
- #include <assert.h>
- Syntax Error
- EOF
- ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
--{ (eval echo configure:1450: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
-+{ (eval echo configure:1402: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
- ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
- if test -z "$ac_err"; then
- :
-@@ -1457,13 +1409,13 @@
- rm -rf conftest*
- CPP="${CC-cc} -E -traditional-cpp"
- cat > conftest.$ac_ext <<EOF
--#line 1461 "configure"
-+#line 1413 "configure"
- #include "confdefs.h"
- #include <assert.h>
- Syntax Error
- EOF
- ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
--{ (eval echo configure:1467: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
-+{ (eval echo configure:1419: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
- ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
- if test -z "$ac_err"; then
- :
-@@ -1474,13 +1426,13 @@
- rm -rf conftest*
- CPP="${CC-cc} -nologo -E"
- cat > conftest.$ac_ext <<EOF
--#line 1478 "configure"
-+#line 1430 "configure"
- #include "confdefs.h"
- #include <assert.h>
- Syntax Error
- EOF
- ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
--{ (eval echo configure:1484: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
-+{ (eval echo configure:1436: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
- ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
- if test -z "$ac_err"; then
- :
-@@ -1505,12 +1457,12 @@
- echo "$ac_t""$CPP" 1>&6
-
- echo $ac_n "checking for ANSI C header files""... $ac_c" 1>&6
--echo "configure:1509: checking for ANSI C header files" >&5
-+echo "configure:1461: checking for ANSI C header files" >&5
- if eval "test \"`echo '$''{'ac_cv_header_stdc'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
- else
- cat > conftest.$ac_ext <<EOF
--#line 1514 "configure"
-+#line 1466 "configure"
- #include "confdefs.h"
- #include <stdlib.h>
- #include <stdarg.h>
-@@ -1518,7 +1470,7 @@
- #include <float.h>
- EOF
- ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
--{ (eval echo configure:1522: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
-+{ (eval echo configure:1474: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
- ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
- if test -z "$ac_err"; then
- rm -rf conftest*
-@@ -1535,7 +1487,7 @@
- if test $ac_cv_header_stdc = yes; then
- # SunOS 4.x string.h does not declare mem*, contrary to ANSI.
- cat > conftest.$ac_ext <<EOF
--#line 1539 "configure"
-+#line 1491 "configure"
- #include "confdefs.h"
- #include <string.h>
- EOF
-@@ -1553,7 +1505,7 @@
- if test $ac_cv_header_stdc = yes; then
- # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI.
- cat > conftest.$ac_ext <<EOF
--#line 1557 "configure"
-+#line 1509 "configure"
- #include "confdefs.h"
- #include <stdlib.h>
- EOF
-@@ -1574,7 +1526,7 @@
- :
- else
- cat > conftest.$ac_ext <<EOF
--#line 1578 "configure"
-+#line 1530 "configure"
- #include "confdefs.h"
- #include <ctype.h>
- #define ISLOWER(c) ('a' <= (c) && (c) <= 'z')
-@@ -1585,7 +1537,7 @@
- exit (0); }
-
- EOF
--if { (eval echo configure:1589: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
-+if { (eval echo configure:1541: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
- then
- :
- else
-@@ -1609,12 +1561,12 @@
- fi
-
- echo $ac_n "checking whether time.h and sys/time.h may both be included""... $ac_c" 1>&6
--echo "configure:1613: checking whether time.h and sys/time.h may both be included" >&5
-+echo "configure:1565: checking whether time.h and sys/time.h may both be included" >&5
- if eval "test \"`echo '$''{'ac_cv_header_time'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
- else
- cat > conftest.$ac_ext <<EOF
--#line 1618 "configure"
-+#line 1570 "configure"
- #include "confdefs.h"
- #include <sys/types.h>
- #include <sys/time.h>
-@@ -1623,7 +1575,7 @@
- struct tm *tp;
- ; return 0; }
- EOF
--if { (eval echo configure:1627: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
-+if { (eval echo configure:1579: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
- rm -rf conftest*
- ac_cv_header_time=yes
- else
-@@ -1647,17 +1599,17 @@
- do
- ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
- echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
--echo "configure:1651: checking for $ac_hdr" >&5
-+echo "configure:1603: checking for $ac_hdr" >&5
- if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
- else
- cat > conftest.$ac_ext <<EOF
--#line 1656 "configure"
-+#line 1608 "configure"
- #include "confdefs.h"
- #include <$ac_hdr>
- EOF
- ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
--{ (eval echo configure:1661: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
-+{ (eval echo configure:1613: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
- ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
- if test -z "$ac_err"; then
- rm -rf conftest*
-@@ -1687,17 +1639,17 @@
- do
- ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
- echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
--echo "configure:1691: checking for $ac_hdr" >&5
-+echo "configure:1643: checking for $ac_hdr" >&5
- if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
- else
- cat > conftest.$ac_ext <<EOF
--#line 1696 "configure"
-+#line 1648 "configure"
- #include "confdefs.h"
- #include <$ac_hdr>
- EOF
- ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
--{ (eval echo configure:1701: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
-+{ (eval echo configure:1653: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
- ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
- if test -z "$ac_err"; then
- rm -rf conftest*
-@@ -1726,12 +1678,12 @@
-
-
- echo $ac_n "checking for working const""... $ac_c" 1>&6
--echo "configure:1730: checking for working const" >&5
-+echo "configure:1682: checking for working const" >&5
- if eval "test \"`echo '$''{'ac_cv_c_const'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
- else
- cat > conftest.$ac_ext <<EOF
--#line 1735 "configure"
-+#line 1687 "configure"
- #include "confdefs.h"
-
- int main() {
-@@ -1780,7 +1732,7 @@
-
- ; return 0; }
- EOF
--if { (eval echo configure:1784: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
-+if { (eval echo configure:1736: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
- rm -rf conftest*
- ac_cv_c_const=yes
- else
-@@ -1801,12 +1753,12 @@
- fi
-
- echo $ac_n "checking for u_int""... $ac_c" 1>&6
--echo "configure:1805: checking for u_int" >&5
-+echo "configure:1757: checking for u_int" >&5
- if eval "test \"`echo '$''{'ac_cv_type_u_int'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
- else
- cat > conftest.$ac_ext <<EOF
--#line 1810 "configure"
-+#line 1762 "configure"
- #include "confdefs.h"
- #include <sys/types.h>
- #if STDC_HEADERS
-@@ -1834,12 +1786,12 @@
- fi
-
- echo $ac_n "checking for u_char""... $ac_c" 1>&6
--echo "configure:1838: checking for u_char" >&5
-+echo "configure:1790: checking for u_char" >&5
- if eval "test \"`echo '$''{'ac_cv_type_u_char'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
- else
- cat > conftest.$ac_ext <<EOF
--#line 1843 "configure"
-+#line 1795 "configure"
- #include "confdefs.h"
- #include <sys/types.h>
- #if STDC_HEADERS
-@@ -1870,12 +1822,12 @@
- for ac_func in regcomp open close read _open _close _read strchr memcpy
- do
- echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
--echo "configure:1874: checking for $ac_func" >&5
-+echo "configure:1826: checking for $ac_func" >&5
- if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
- else
- cat > conftest.$ac_ext <<EOF
--#line 1879 "configure"
-+#line 1831 "configure"
- #include "confdefs.h"
- /* System header to define __stub macros and hopefully few prototypes,
- which can conflict with char $ac_func(); below. */
-@@ -1898,7 +1850,7 @@
-
- ; return 0; }
- EOF
--if { (eval echo configure:1902: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
-+if { (eval echo configure:1854: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
- rm -rf conftest*
- eval "ac_cv_func_$ac_func=yes"
- else
-@@ -1925,12 +1877,12 @@
- for ac_func in strcasecmp strncasecmp stricmp strnicmp snprintf __b64_ntop
- do
- echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
--echo "configure:1929: checking for $ac_func" >&5
-+echo "configure:1881: checking for $ac_func" >&5
- if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
- else
- cat > conftest.$ac_ext <<EOF
--#line 1934 "configure"
-+#line 1886 "configure"
- #include "confdefs.h"
- /* System header to define __stub macros and hopefully few prototypes,
- which can conflict with char $ac_func(); below. */
-@@ -1953,7 +1905,7 @@
-
- ; return 0; }
- EOF
--if { (eval echo configure:1957: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
-+if { (eval echo configure:1909: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
- rm -rf conftest*
- eval "ac_cv_func_$ac_func=yes"
- else
-@@ -1980,12 +1932,12 @@
- for ac_func in getopt
- do
- echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
--echo "configure:1984: checking for $ac_func" >&5
-+echo "configure:1936: checking for $ac_func" >&5
- if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
- else
- cat > conftest.$ac_ext <<EOF
--#line 1989 "configure"
-+#line 1941 "configure"
- #include "confdefs.h"
- /* System header to define __stub macros and hopefully few prototypes,
- which can conflict with char $ac_func(); below. */
-@@ -2008,7 +1960,7 @@
-
- ; return 0; }
- EOF
--if { (eval echo configure:2012: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
-+if { (eval echo configure:1964: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
- rm -rf conftest*
- eval "ac_cv_func_$ac_func=yes"
- else
-@@ -2172,7 +2124,6 @@
- s%@CC@%$CC%g
- s%@RANLIB@%$RANLIB%g
- s%@YACC@%$YACC%g
--s%@SSLEAY@%$SSLEAY%g
- s%@RM@%$RM%g
- s%@AR@%$AR%g
- s%@NROFF@%$NROFF%g
-diff -urN keynote-2.3/configure.in keynote-2.3.new/configure.in
---- keynote-2.3/configure.in 2006-09-01 19:08:13.000000000 +0200
-+++ keynote-2.3.new/configure.in 2006-09-01 19:16:05.000000000 +0200
-@@ -9,8 +9,8 @@
- AC_PROG_CC
- AC_PROG_RANLIB
- AC_PROG_YACC
--AC_PATH_PROGS(SSLEAY, openssl ssleay, /usr/local/bin/ssleay, \
-- $PATH:/usr/local/bin:/usr/local/ssl/sbin:/usr/local/ssl/bin:/usr/ssl/bin:/usr/ssl/sbin:/usr/sbin:/usr/openssl/bin:/usr/openssl/bin:/usr/local/openssl/bin:/usr/local/openssl/sbin)
-+dnl AC_PATH_PROGS(SSLEAY, openssl ssleay, /usr/local/bin/ssleay, \
-+dnl $PATH:/usr/local/bin:/usr/local/ssl/sbin:/usr/local/ssl/bin:/usr/ssl/bin:/usr/ssl/sbin:/usr/sbin:/usr/openssl/bin:/usr/openssl/bin:/usr/local/openssl/bin:/usr/local/openssl/sbin)
- AC_PATH_PROG(RM, rm, /bin/rm)
- AC_PATH_PROG(AR, ar, /usr/bin/ar)
- AC_PATH_PROG(NROFF, nroff, /usr/bin/nroff)
-@@ -27,7 +27,7 @@
- AC_CHECK_LIB(RSAglue, RSA_ref_private_encrypt, LIBS="$LIBS -lRSAglue")
-
- dnl Checks for header files.
--CPPFLAGS="-I/usr/include/openssl"
-+dnl CPPFLAGS="-I/usr/include/openssl"
-
- AC_HEADER_STDC
- AC_HEADER_TIME
--- /dev/null
+diff -urN rt2500-1.1.0-b4/Module/rt_config.h rt2500-1.1.0-b4.new/Module/rt_config.h
+--- rt2500-1.1.0-b4/Module/rt_config.h 2006-06-17 22:12:58.000000000 +0200
++++ rt2500-1.1.0-b4.new/Module/rt_config.h 2006-12-30 02:56:30.000000000 +0100
+@@ -55,7 +55,7 @@
+ #error You must compile this driver with "-O".
+ #endif
+
+-#include <linux/config.h> //can delete
++#include <linux/autoconf.h> //can delete
+ #include <linux/module.h>
+ #include <linux/version.h>
+ #include <linux/kernel.h>
+@@ -154,6 +154,7 @@
+
+ enum rt2560_chips {
+ RT2560A = 0,
++ RT2561T = 0,
+ };
+
+ #ifdef RTMP_EMBEDDED
+diff -urN rt2500-1.1.0-b4/Module/rtmp_main.c rt2500-1.1.0-b4.new/Module/rtmp_main.c
+--- rt2500-1.1.0-b4/Module/rtmp_main.c 2006-06-17 22:12:58.000000000 +0200
++++ rt2500-1.1.0-b4.new/Module/rtmp_main.c 2006-12-30 02:56:01.000000000 +0100
+@@ -975,6 +975,7 @@
+ static struct pci_device_id rt2500_pci_tbl[] __devinitdata =
+ {
+ {0x1814, 0x0201, PCI_ANY_ID, PCI_ANY_ID, 0, 0, RT2560A},
++ {0x1814, 0x0301, PCI_ANY_ID, PCI_ANY_ID, 0, 0, RT2561T},
+ {0,} /* terminate list */
+ };
+ MODULE_DEVICE_TABLE(pci, rt2500_pci_tbl);
+++ /dev/null
-diff -urN rt2500-1.1.0-b4/Module/rt_config.h rt2500-1.1.0-b4.new/Module/rt_config.h
---- rt2500-1.1.0-b4/Module/rt_config.h 2006-06-17 22:12:58.000000000 +0200
-+++ rt2500-1.1.0-b4.new/Module/rt_config.h 2006-12-30 02:56:30.000000000 +0100
-@@ -55,7 +55,7 @@
- #error You must compile this driver with "-O".
- #endif
-
--#include <linux/config.h> //can delete
-+#include <linux/autoconf.h> //can delete
- #include <linux/module.h>
- #include <linux/version.h>
- #include <linux/kernel.h>
-@@ -154,6 +154,7 @@
-
- enum rt2560_chips {
- RT2560A = 0,
-+ RT2561T = 0,
- };
-
- #ifdef RTMP_EMBEDDED
-diff -urN rt2500-1.1.0-b4/Module/rtmp_main.c rt2500-1.1.0-b4.new/Module/rtmp_main.c
---- rt2500-1.1.0-b4/Module/rtmp_main.c 2006-06-17 22:12:58.000000000 +0200
-+++ rt2500-1.1.0-b4.new/Module/rtmp_main.c 2006-12-30 02:56:01.000000000 +0100
-@@ -975,6 +975,7 @@
- static struct pci_device_id rt2500_pci_tbl[] __devinitdata =
- {
- {0x1814, 0x0201, PCI_ANY_ID, PCI_ANY_ID, 0, 0, RT2560A},
-+ {0x1814, 0x0301, PCI_ANY_ID, PCI_ANY_ID, 0, 0, RT2561T},
- {0,} /* terminate list */
- };
- MODULE_DEVICE_TABLE(pci, rt2500_pci_tbl);
--- /dev/null
+diff -urN rt61-1.1.0-b1/Module/rtmp_main.c rt61-1.1.0-b1.new/Module/rtmp_main.c
+--- rt61-1.1.0-b1/Module/rtmp_main.c 2006-06-18 10:58:40.000000000 +0200
++++ rt61-1.1.0-b1.new/Module/rtmp_main.c 2006-12-17 19:59:10.000000000 +0100
+@@ -252,7 +252,7 @@
+ net_dev->stop = RT61_close;
+ net_dev->get_stats = RT61_get_ether_stats;
+
+-#if WIRELESS_EXT >= 12
++#if WIRELESS_EXT >= 12 && WIRELESS_EXT < 21
+ net_dev->get_wireless_stats = RT61_get_wireless_stats;
+ net_dev->wireless_handlers = (struct iw_handler_def *) &rt61_iw_handler_def;
+ #endif
--- /dev/null
+--- rt61-old/Module/rtmp_main.c 2006/06/16 11:12:40 1.14
++++ rt61-new/Module/rtmp_main.c 2006/08/12 13:03:25 1.15
+@@ -48,11 +48,19 @@
+ // Global variable, debug level flag
+ // Don't hide this behing debug define. There should be as little difference between debug and no-debug as possible.
+ int debug = 0;
++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
+ module_param(debug, int, 0444);
++#else
++MODULE_PARM(debug, "i");
++#endif
+ MODULE_PARM_DESC(debug, "Enable level: accepted values: 1 to switch debug on, 0 to switch debug off.");
+
+ static char *ifname = NULL ;
++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
+ module_param(ifname, charp, 0444);
++#else
++MODULE_PARM(ifname, "s");
++#endif
+ MODULE_PARM_DESC(ifname, "Network device name (default ra%d)");
+
+ static dma_addr_t dma_adapter;
+++ /dev/null
-diff -urN rt61-1.1.0-b1/Module/rtmp_main.c rt61-1.1.0-b1.new/Module/rtmp_main.c
---- rt61-1.1.0-b1/Module/rtmp_main.c 2006-06-18 10:58:40.000000000 +0200
-+++ rt61-1.1.0-b1.new/Module/rtmp_main.c 2006-12-17 19:59:10.000000000 +0100
-@@ -252,7 +252,7 @@
- net_dev->stop = RT61_close;
- net_dev->get_stats = RT61_get_ether_stats;
-
--#if WIRELESS_EXT >= 12
-+#if WIRELESS_EXT >= 12 && WIRELESS_EXT < 21
- net_dev->get_wireless_stats = RT61_get_wireless_stats;
- net_dev->wireless_handlers = (struct iw_handler_def *) &rt61_iw_handler_def;
- #endif
+++ /dev/null
---- rt61-old/Module/rtmp_main.c 2006/06/16 11:12:40 1.14
-+++ rt61-new/Module/rtmp_main.c 2006/08/12 13:03:25 1.15
-@@ -48,11 +48,19 @@
- // Global variable, debug level flag
- // Don't hide this behing debug define. There should be as little difference between debug and no-debug as possible.
- int debug = 0;
-+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
- module_param(debug, int, 0444);
-+#else
-+MODULE_PARM(debug, "i");
-+#endif
- MODULE_PARM_DESC(debug, "Enable level: accepted values: 1 to switch debug on, 0 to switch debug off.");
-
- static char *ifname = NULL ;
-+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
- module_param(ifname, charp, 0444);
-+#else
-+MODULE_PARM(ifname, "s");
-+#endif
- MODULE_PARM_DESC(ifname, "Network device name (default ra%d)");
-
- static dma_addr_t dma_adapter;
--- /dev/null
+diff -Nur udev-103-old/Makefile udev-103-new/Makefile
+--- udev-103-old/Makefile 2006-10-20 14:43:35.000000000 +0200
++++ udev-103-new/Makefile 2006-11-24 15:44:35.000000000 +0100
+@@ -113,7 +113,7 @@
+ AR = $(CROSS_COMPILE)ar
+ RANLIB = $(CROSS_COMPILE)ranlib
+
+-CFLAGS = -g -Wall -pipe -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64
++CFLAGS = -Wall -pipe -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64
+ WARNINGS = -Wstrict-prototypes -Wsign-compare -Wshadow \
+ -Wchar-subscripts -Wmissing-declarations -Wnested-externs \
+ -Wpointer-arith -Wcast-align -Wsign-compare -Wmissing-prototypes
+@@ -130,7 +130,7 @@
+
+ # if DEBUG is enabled, then we do not strip
+ ifeq ($(strip $(DEBUG)),true)
+- CFLAGS += -DDEBUG
++ CFLAGS += -g -DDEBUG
+ endif
+
+ ifeq ($(strip $(USE_GCOV)),true)
--- /dev/null
+--- udev.old/udevtrigger.c 2007-03-03 18:42:09.000000000 +0100
++++ udev.dev/udevtrigger.c 2007-03-04 21:15:18.459211632 +0100
+@@ -446,7 +446,6 @@
+ };
+
+ logging_init("udevtrigger");
+- udev_config_init();
+ dbg("version %s", UDEV_VERSION);
+ sysfs_init();
+
+++ /dev/null
-diff -Nur udev-103-old/Makefile udev-103-new/Makefile
---- udev-103-old/Makefile 2006-10-20 14:43:35.000000000 +0200
-+++ udev-103-new/Makefile 2006-11-24 15:44:35.000000000 +0100
-@@ -113,7 +113,7 @@
- AR = $(CROSS_COMPILE)ar
- RANLIB = $(CROSS_COMPILE)ranlib
-
--CFLAGS = -g -Wall -pipe -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64
-+CFLAGS = -Wall -pipe -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64
- WARNINGS = -Wstrict-prototypes -Wsign-compare -Wshadow \
- -Wchar-subscripts -Wmissing-declarations -Wnested-externs \
- -Wpointer-arith -Wcast-align -Wsign-compare -Wmissing-prototypes
-@@ -130,7 +130,7 @@
-
- # if DEBUG is enabled, then we do not strip
- ifeq ($(strip $(DEBUG)),true)
-- CFLAGS += -DDEBUG
-+ CFLAGS += -g -DDEBUG
- endif
-
- ifeq ($(strip $(USE_GCOV)),true)
+++ /dev/null
---- udev.old/udevtrigger.c 2007-03-03 18:42:09.000000000 +0100
-+++ udev.dev/udevtrigger.c 2007-03-04 21:15:18.459211632 +0100
-@@ -446,7 +446,6 @@
- };
-
- logging_init("udevtrigger");
-- udev_config_init();
- dbg("version %s", UDEV_VERSION);
- sysfs_init();
-
--- /dev/null
+--- wireless-tools-27.orig/iwlib.c
++++ wireless-tools-27/iwlib.c
+@@ -622,6 +622,7 @@
+ {
+ struct iwreq wrq;
+
++ memset((char *) &wrq, 0, sizeof(struct iwreq));
+ memset((char *) info, 0, sizeof(struct wireless_config));
+
+ /* Get wireless name */
+--- wireless-tools-27.orig/Makefile
++++ wireless-tools-27/Makefile
+@@ -64,8 +64,8 @@
+ # Install directories
+ INSTALL_DIR= $(PREFIX)/sbin/
+ INSTALL_LIB= $(PREFIX)/lib/
+-INSTALL_INC= $(PREFIX)/include/
+-INSTALL_MAN= $(PREFIX)/man/
++INSTALL_INC= $(PREFIX)/usr/include/
++INSTALL_MAN= $(PREFIX)/usr/share/man/
+
+ # Various commands
+ RM = rm -f
+@@ -81,9 +81,9 @@
+ endif
+
+ # Other flags
+-CFLAGS=-Os -W -Wall -Wstrict-prototypes -Wmissing-prototypes -Wshadow \
++#CFLAGS=-Os -W -Wall -Wstrict-prototypes -Wmissing-prototypes -Wshadow \
+ -Wpointer-arith -Wcast-qual -Winline -I.
+-#CFLAGS=-O2 -W -Wall -Wstrict-prototypes -I.
++CFLAGS=-O2 -W -Wall -Wstrict-prototypes -I.
+ DEPFLAGS=-MMD
+ XCFLAGS=$(CFLAGS) $(DEPFLAGS) $(WARN) $(HEADERS) $(WELIB_FLAG)
+ PICFLAG=-fPIC
+++ /dev/null
---- wireless-tools-27.orig/iwlib.c
-+++ wireless-tools-27/iwlib.c
-@@ -622,6 +622,7 @@
- {
- struct iwreq wrq;
-
-+ memset((char *) &wrq, 0, sizeof(struct iwreq));
- memset((char *) info, 0, sizeof(struct wireless_config));
-
- /* Get wireless name */
---- wireless-tools-27.orig/Makefile
-+++ wireless-tools-27/Makefile
-@@ -64,8 +64,8 @@
- # Install directories
- INSTALL_DIR= $(PREFIX)/sbin/
- INSTALL_LIB= $(PREFIX)/lib/
--INSTALL_INC= $(PREFIX)/include/
--INSTALL_MAN= $(PREFIX)/man/
-+INSTALL_INC= $(PREFIX)/usr/include/
-+INSTALL_MAN= $(PREFIX)/usr/share/man/
-
- # Various commands
- RM = rm -f
-@@ -81,9 +81,9 @@
- endif
-
- # Other flags
--CFLAGS=-Os -W -Wall -Wstrict-prototypes -Wmissing-prototypes -Wshadow \
-+#CFLAGS=-Os -W -Wall -Wstrict-prototypes -Wmissing-prototypes -Wshadow \
- -Wpointer-arith -Wcast-qual -Winline -I.
--#CFLAGS=-O2 -W -Wall -Wstrict-prototypes -I.
-+CFLAGS=-O2 -W -Wall -Wstrict-prototypes -I.
- DEPFLAGS=-MMD
- XCFLAGS=$(CFLAGS) $(DEPFLAGS) $(WARN) $(HEADERS) $(WELIB_FLAG)
- PICFLAG=-fPIC
projects / openwrt / openwrt.git / commitdiff