-diff -Nur linux-2.6.17/include/linux/netfilter_ipv4/ip_conntrack.h linux-2.6.17-owrt/include/linux/netfilter_ipv4/ip_conntrack.h
---- linux-2.6.17/include/linux/netfilter_ipv4/ip_conntrack.h 2006-06-18 03:49:35.000000000 +0200
-+++ linux-2.6.17-owrt/include/linux/netfilter_ipv4/ip_conntrack.h 2006-06-18 12:29:04.000000000 +0200
-@@ -124,6 +124,15 @@
+diff -urN linux-2.6.19.old/include/linux/netfilter_ipv4/ip_conntrack.h linux-2.6.19.dev/include/linux/netfilter_ipv4/ip_conntrack.h
+--- linux-2.6.19.old/include/linux/netfilter_ipv4/ip_conntrack.h 2006-11-29 22:57:37.000000000 +0100
++++ linux-2.6.19.dev/include/linux/netfilter_ipv4/ip_conntrack.h 2006-12-14 03:13:37.000000000 +0100
+@@ -127,6 +127,15 @@
/* Traversed often, so hopefully in different cacheline to top */
/* These are my tuples; original and reply */
struct ip_conntrack_tuple_hash tuplehash[IP_CT_DIR_MAX];
};
struct ip_conntrack_expect
-diff -Nur linux-2.6.17/include/linux/netfilter_ipv4/ipt_layer7.h linux-2.6.17-owrt/include/linux/netfilter_ipv4/ipt_layer7.h
---- linux-2.6.17/include/linux/netfilter_ipv4/ipt_layer7.h 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.17-owrt/include/linux/netfilter_ipv4/ipt_layer7.h 2006-06-18 12:29:04.000000000 +0200
+diff -urN linux-2.6.19.old/include/linux/netfilter_ipv4/ipt_layer7.h linux-2.6.19.dev/include/linux/netfilter_ipv4/ipt_layer7.h
+--- linux-2.6.19.old/include/linux/netfilter_ipv4/ipt_layer7.h 1970-01-01 01:00:00.000000000 +0100
++++ linux-2.6.19.dev/include/linux/netfilter_ipv4/ipt_layer7.h 2006-12-14 03:13:37.000000000 +0100
@@ -0,0 +1,27 @@
-+/*
++/*
+ By Matthew Strait <quadong@users.sf.net>, Dec 2003.
+ http://l7-filter.sf.net
+
+};
+
+#endif /* _IPT_LAYER7_H */
-diff -Nur linux-2.6.17/net/ipv4/netfilter/ip_conntrack_core.c linux-2.6.17-owrt/net/ipv4/netfilter/ip_conntrack_core.c
---- linux-2.6.17/net/ipv4/netfilter/ip_conntrack_core.c 2006-06-18 03:49:35.000000000 +0200
-+++ linux-2.6.17-owrt/net/ipv4/netfilter/ip_conntrack_core.c 2006-06-18 12:29:04.000000000 +0200
-@@ -339,6 +339,13 @@
+diff -urN linux-2.6.19.old/net/ipv4/netfilter/ip_conntrack_core.c linux-2.6.19.dev/net/ipv4/netfilter/ip_conntrack_core.c
+--- linux-2.6.19.old/net/ipv4/netfilter/ip_conntrack_core.c 2006-11-29 22:57:37.000000000 +0100
++++ linux-2.6.19.dev/net/ipv4/netfilter/ip_conntrack_core.c 2006-12-14 03:13:37.000000000 +0100
+@@ -337,6 +337,13 @@
* too. */
ip_ct_remove_expectations(ct);
/* We overload first tuple to link into unconfirmed list. */
if (!is_confirmed(ct)) {
BUG_ON(list_empty(&ct->tuplehash[IP_CT_DIR_ORIGINAL].list));
-diff -Nur linux-2.6.17/net/ipv4/netfilter/ip_conntrack_standalone.c linux-2.6.17-owrt/net/ipv4/netfilter/ip_conntrack_standalone.c
---- linux-2.6.17/net/ipv4/netfilter/ip_conntrack_standalone.c 2006-06-18 03:49:35.000000000 +0200
-+++ linux-2.6.17-owrt/net/ipv4/netfilter/ip_conntrack_standalone.c 2006-06-18 12:29:04.000000000 +0200
-@@ -189,6 +189,12 @@
+diff -urN linux-2.6.19.old/net/ipv4/netfilter/ip_conntrack_standalone.c linux-2.6.19.dev/net/ipv4/netfilter/ip_conntrack_standalone.c
+--- linux-2.6.19.old/net/ipv4/netfilter/ip_conntrack_standalone.c 2006-11-29 22:57:37.000000000 +0100
++++ linux-2.6.19.dev/net/ipv4/netfilter/ip_conntrack_standalone.c 2006-12-14 03:13:37.000000000 +0100
+@@ -192,6 +192,12 @@
return -ENOSPC;
#endif
if (seq_printf(s, "use=%u\n", atomic_read(&conntrack->ct_general.use)))
return -ENOSPC;
-diff -Nur linux-2.6.17/net/ipv4/netfilter/ipt_layer7.c linux-2.6.17-owrt/net/ipv4/netfilter/ipt_layer7.c
---- linux-2.6.17/net/ipv4/netfilter/ipt_layer7.c 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.17-owrt/net/ipv4/netfilter/ipt_layer7.c 2006-06-18 12:29:04.000000000 +0200
-@@ -0,0 +1,592 @@
-+/*
-+ Kernel module to match application layer (OSI layer 7)
+diff -urN linux-2.6.19.old/net/ipv4/netfilter/ipt_layer7.c linux-2.6.19.dev/net/ipv4/netfilter/ipt_layer7.c
+--- linux-2.6.19.old/net/ipv4/netfilter/ipt_layer7.c 1970-01-01 01:00:00.000000000 +0100
++++ linux-2.6.19.dev/net/ipv4/netfilter/ipt_layer7.c 2006-12-14 03:13:37.000000000 +0100
+@@ -0,0 +1,586 @@
++/*
++ Kernel module to match application layer (OSI layer 7)
+ data in connections.
-+
++
+ http://l7-filter.sf.net
+
+ By Matthew Strait and Ethan Sommer, 2003-2005.
+
+/* I'm new to locking. Here are my assumptions:
+
-+- No one will write to /proc/net/layer7_numpackets over and over very fast;
++- No one will write to /proc/net/layer7_numpackets over and over very fast;
+ if they did, nothing awful would happen.
+
+- This code will never be processing the same packet twice at the same time,
+ because iptables rules are traversed in order.
+
-+- It doesn't matter if two packets from different connections are in here at
++- It doesn't matter if two packets from different connections are in here at
+ the same time, because they don't share any data.
+
+- It _does_ matter if two packets from the same connection are here at the same
-+ time. In this case, we have to protect the conntracks and the list of
++ time. In this case, we have to protect the conntracks and the list of
+ compiled patterns.
+*/
+DEFINE_RWLOCK(ct_lock);
+DEFINE_SPINLOCK(list_lock);
+
+#ifdef CONFIG_IP_NF_MATCH_LAYER7_DEBUG
-+/* Converts an unfriendly string into a friendly one by
++/* Converts an unfriendly string into a friendly one by
+replacing unprintables with periods and all whitespace with " ". */
+static char * friendly_print(unsigned char * s)
+{
+ int i;
+
+ if(!f) {
-+ if (net_ratelimit())
++ if (net_ratelimit())
+ printk(KERN_ERR "layer7: out of memory in friendly_print, bailing.\n");
+ return NULL;
+ }
+ return (char)(i - 10 + 'a');
+ break;
+ default:
-+ if (net_ratelimit())
++ if (net_ratelimit())
+ printk("Problem in dec2hex\n");
+ return '\0';
+ }
+ int i;
+
+ if(!g) {
-+ if (net_ratelimit())
++ if (net_ratelimit())
+ printk(KERN_ERR "layer7: out of memory in hex_print, bailing.\n");
+ return NULL;
+ }
+
+/* Use instead of regcomp. As we expect to be seeing the same regexps over and
+over again, it make sense to cache the results. */
-+static regexp * compile_and_cache(char * regex_string, char * protocol)
++static regexp * compile_and_cache(char * regex_string, char * protocol)
+{
+ struct pattern_cache * node = first_pattern_cache;
+ struct pattern_cache * last_pattern_cache = first_pattern_cache;
+ unsigned int len;
+
+ while (node != NULL) {
-+ if (!strcmp(node->regex_string, regex_string))
++ if (!strcmp(node->regex_string, regex_string))
+ return node->pattern;
+
+ last_pattern_cache = node;/* points at the last non-NULL node */
+ }
+
+ /* If we reach the end of the list, then we have not yet cached
-+ the pattern for this regex. Let's do that now.
++ the pattern for this regex. Let's do that now.
+ Be paranoid about running out of memory to avoid list corruption. */
+ tmp = kmalloc(sizeof(struct pattern_cache), GFP_ATOMIC);
+
+ if(!tmp) {
-+ if (net_ratelimit())
++ if (net_ratelimit())
+ printk(KERN_ERR "layer7: out of memory in compile_and_cache, bailing.\n");
+ return NULL;
+ }
+ tmp->next = NULL;
+
+ if(!tmp->regex_string || !tmp->pattern) {
-+ if (net_ratelimit())
++ if (net_ratelimit())
+ printk(KERN_ERR "layer7: out of memory in compile_and_cache, bailing.\n");
+ kfree(tmp->regex_string);
+ kfree(tmp->pattern);
+ DPRINTK("About to compile this: \"%s\"\n", regex_string);
+ node->pattern = regcomp(regex_string, &len);
+ if ( !node->pattern ) {
-+ if (net_ratelimit())
++ if (net_ratelimit())
+ printk(KERN_ERR "layer7: Error compiling regexp \"%s\" (%s)\n", regex_string, protocol);
+ /* pattern is now cached as NULL, so we won't try again. */
+ }
+/* Returns offset the into the skb->data that the application data starts */
+static int app_data_offset(const struct sk_buff *skb)
+{
-+ /* In case we are ported somewhere (ebtables?) where skb->nh.iph
++ /* In case we are ported somewhere (ebtables?) where skb->nh.iph
+ isn't set, this can be gotten from 4*(skb->data[0] & 0x0f) as well. */
+ int ip_hl = 4*skb->nh.iph->ihl;
+
+ if( skb->nh.iph->protocol == IPPROTO_TCP ) {
-+ /* 12 == offset into TCP header for the header length field.
-+ Can't get this with skb->h.th->doff because the tcphdr
-+ struct doesn't get set when routing (this is confirmed to be
++ /* 12 == offset into TCP header for the header length field.
++ Can't get this with skb->h.th->doff because the tcphdr
++ struct doesn't get set when routing (this is confirmed to be
+ true in Netfilter as well as QoS.) */
+ int tcp_hl = 4*(skb->data[ip_hl + 12] >> 4);
+
+ } else if( skb->nh.iph->protocol == IPPROTO_ICMP ) {
+ return ip_hl + 8; /* ICMP header is 8 bytes */
+ } else {
-+ if (net_ratelimit())
++ if (net_ratelimit())
+ printk(KERN_ERR "layer7: tried to handle unknown protocol!\n");
+ return ip_hl + 8; /* something reasonable */
+ }
+ if(!master_conntrack->layer7.app_proto) {
+ char * f = friendly_print(master_conntrack->layer7.app_data);
+ char * g = hex_print(master_conntrack->layer7.app_data);
-+ DPRINTK("\nl7-filter gave up after %d bytes (%llu packets):\n%s\n",
-+ strlen(f),
++ DPRINTK("\nl7-filter gave up after %d bytes (%llu packets):\n%s\n",
++ strlen(f),
+ TOTAL_PACKETS, f);
-+ kfree(f);
++ kfree(f);
+ DPRINTK("In hex: %s\n", g);
+ kfree(g);
+ }
+ if(!conntrack->layer7.app_proto) {
+ conntrack->layer7.app_proto = kmalloc(strlen(master_conntrack->layer7.app_proto)+1, GFP_ATOMIC);
+ if(!conntrack->layer7.app_proto){
-+ if (net_ratelimit())
++ if (net_ratelimit())
+ printk(KERN_ERR "layer7: out of memory in match_no_append, bailing.\n");
+ write_unlock(&ct_lock);
+ return 1;
+ strcpy(conntrack->layer7.app_proto, master_conntrack->layer7.app_proto);
+ }
+ write_unlock(&ct_lock);
-+
++
+ return (!strcmp(master_conntrack->layer7.app_proto, info->protocol));
+ }
+ else {
-+ /* If not classified, set to "unknown" to distinguish from
++ /* If not classified, set to "unknown" to distinguish from
+ connections that are still being tested. */
+ write_lock(&ct_lock);
+ master_conntrack->layer7.app_proto = kmalloc(strlen("unknown")+1, GFP_ATOMIC);
+ if(!master_conntrack->layer7.app_proto){
-+ if (net_ratelimit())
++ if (net_ratelimit())
+ printk(KERN_ERR "layer7: out of memory in match_no_append, bailing.\n");
+ write_unlock(&ct_lock);
+ return 1;
+ do case insensitivity). Add it to the end of the current data. */
+ for(i = 0; i < maxdatalen-offset-1 && i < len; i++) {
+ if(app_data[i] != '\0') {
-+ target[length+offset] =
++ target[length+offset] =
+ /* the kernel version of tolower mungs 'upper ascii' */
+ isascii(app_data[i])? tolower(app_data[i]) : app_data[i];
+ length++;
+}
+
+/* add the new app data to the conntrack. Return number of bytes added. */
-+static int add_data(struct ip_conntrack * master_conntrack,
++static int add_data(struct ip_conntrack * master_conntrack,
+ char * app_data, int appdatalen)
+{
+ int length;
-+
++
+ length = add_datastr(master_conntrack->layer7.app_data, master_conntrack->layer7.app_data_len, app_data, appdatalen);
+ master_conntrack->layer7.app_data_len += length;
+
+}
+
+/* Returns true on match and false otherwise. */
-+static int match(/* const */struct sk_buff *skb, const struct net_device *in,
-+ const struct net_device *out, const void *matchinfo,
-+ int offset, int *hotdrop)
++static int match(const struct sk_buff *skb_t, const struct net_device *in,
++ const struct net_device *out, const struct xt_match *match,
++ const void *matchinfo, int offset,
++ unsigned int protoff, int *hotdrop)
+{
+ struct ipt_layer7_info * info = (struct ipt_layer7_info *)matchinfo;
+ enum ip_conntrack_info master_ctinfo, ctinfo;
+ struct ip_conntrack *master_conntrack, *conntrack;
-+ unsigned char *app_data, *tmp_data;
++ unsigned char *app_data, *tmp_data;
+ unsigned int pattern_result, appdatalen;
+ regexp * comppattern;
++ struct sk_buff *skb = skb_t; /* to leave warning - FIXME */
+
+ if(!can_handle(skb)){
+ DPRINTK("layer7: This is some protocol I can't handle.\n");
+ return info->invert;
+ }
+
-+ /* Treat parent & all its children together as one connection, except
-+ for the purpose of setting conntrack->layer7.app_proto in the actual
++ /* Treat parent & all its children together as one connection, except
++ for the purpose of setting conntrack->layer7.app_proto in the actual
+ connection. This makes /proc/net/ip_conntrack more satisfying. */
+ if(!(conntrack = ip_conntrack_get((struct sk_buff *)skb, &ctinfo)) ||
+ !(master_conntrack = ip_conntrack_get((struct sk_buff *)skb, &master_ctinfo))) {
+ //DPRINTK("layer7: packet is not from a known connection, giving up.\n");
+ return info->invert;
+ }
-+
++
+ /* Try to get a master conntrack (and its master etc) for FTP, etc. */
+ while (master_ct(master_conntrack) != NULL)
+ master_conntrack = master_ct(master_conntrack);
+
+ /* if we've classified it or seen too many packets */
-+ if(!info->pkt && (TOTAL_PACKETS > num_packets ||
++ if(!info->pkt && (TOTAL_PACKETS > num_packets ||
+ master_conntrack->layer7.app_proto)) {
-+
++
+ pattern_result = match_no_append(conntrack, master_conntrack, ctinfo, master_ctinfo, info);
-+
-+ /* skb->cb[0] == seen. Avoid doing things twice if there are two l7
++
++ /* skb->cb[0] == seen. Avoid doing things twice if there are two l7
+ rules. I'm not sure that using cb for this purpose is correct, although
+ it says "put your private variables there". But it doesn't look like it
+ is being used for anything else in the skbs that make it here. How can
+ }
+
+ if(skb_is_nonlinear(skb)){
-+ if(skb_linearize(skb, GFP_ATOMIC) != 0){
-+ if (net_ratelimit())
++ if(skb_linearize(skb) != 0){
++ if (net_ratelimit())
+ printk(KERN_ERR "layer7: failed to linearize packet, bailing.\n");
+ return info->invert;
+ }
+ }
-+
++
+ /* now that the skb is linearized, it's safe to set these. */
+ app_data = skb->data + app_data_offset(skb);
+ appdatalen = skb->tail - app_data;
+ printk(KERN_ERR "layer7: out of memory in match, bailing.\n");
+ return info->invert;
+ }
-+
++
+ tmp_data[0] = '\0';
+ add_datastr(tmp_data, 0, app_data, appdatalen);
+ pattern_result = ((comppattern && regexec(comppattern, tmp_data)) ? 1 : 0);
+ kfree(tmp_data);
+ tmp_data = NULL;
-+
++
+ return (pattern_result ^ info->invert);
+ }
-+
++
+ /* On the first packet of a connection, allocate space for app data */
+ write_lock(&ct_lock);
+ if(TOTAL_PACKETS == 1 && !skb->cb[0] && !master_conntrack->layer7.app_data) {
+ master_conntrack->layer7.app_data = kmalloc(maxdatalen, GFP_ATOMIC);
-+ if(!master_conntrack->layer7.app_data){
-+ if (net_ratelimit())
++ if(!master_conntrack->layer7.app_data){
++ if (net_ratelimit())
+ printk(KERN_ERR "layer7: out of memory in match, bailing.\n");
+ write_unlock(&ct_lock);
+ return info->invert;
+ }
+ write_unlock(&ct_lock);
+
-+ /* Can be here, but unallocated, if numpackets is increased near
++ /* Can be here, but unallocated, if numpackets is increased near
+ the beginning of a connection */
+ if(master_conntrack->layer7.app_data == NULL)
+ return (info->invert); /* unmatched */
+ write_lock(&ct_lock);
+ master_conntrack->layer7.app_proto = kmalloc(strlen(info->protocol)+1, GFP_ATOMIC);
+ if(!master_conntrack->layer7.app_proto){
-+ if (net_ratelimit())
++ if (net_ratelimit())
+ printk(KERN_ERR "layer7: out of memory in match, bailing.\n");
+ write_unlock(&ct_lock);
+ return (pattern_result ^ info->invert);
+ return (pattern_result ^ info->invert);
+}
+
-+static int checkentry(const char *tablename, const struct ipt_ip *ip,
-+ void *matchinfo, unsigned int matchsize, unsigned int hook_mask)
-+{
-+ if (matchsize != IPT_ALIGN(sizeof(struct ipt_layer7_info)))
-+ return 0;
-+ return 1;
-+}
-+
-+static struct ipt_match layer7_match = {
-+ .name = "layer7",
-+ .match = &match,
-+ .checkentry = &checkentry,
-+ .me = THIS_MODULE
++static struct ipt_match layer7_match = {
++ .name = "layer7",
++ .match = &match,
++ .matchsize = sizeof(struct ipt_layer7_info),
++ .me = THIS_MODULE
+};
+
+/* taken from drivers/video/modedb.c */
+}
+
+/* write out num_packets to userland. */
-+static int layer7_read_proc(char* page, char ** start, off_t off, int count,
-+ int* eof, void * data)
++static int layer7_read_proc(char* page, char ** start, off_t off, int count,
++ int* eof, void * data)
+{
-+ if(num_packets > 99 && net_ratelimit())
++ if(num_packets > 99 && net_ratelimit())
+ printk(KERN_ERR "layer7: NOT REACHED. num_packets too big\n");
-+
++
+ page[0] = num_packets/10 + '0';
+ page[1] = num_packets%10 + '0';
+ page[2] = '\n';
+ page[3] = '\0';
-+
++
+ *eof=1;
+
+ return 3;
+}
+
+/* Read in num_packets from userland */
-+static int layer7_write_proc(struct file* file, const char* buffer,
-+ unsigned long count, void *data)
++static int layer7_write_proc(struct file* file, const char* buffer,
++ unsigned long count, void *data)
+{
+ char * foo = kmalloc(count, GFP_ATOMIC);
+
+ if(!foo){
-+ if (net_ratelimit())
++ if (net_ratelimit())
+ printk(KERN_ERR "layer7: out of memory, bailing. num_packets unchanged.\n");
+ return count;
+ }
+ if(copy_from_user(foo, buffer, count)) {
+ return -EFAULT;
+ }
-+
++
+
+ num_packets = my_atoi(foo);
+ kfree (foo);
+
-+ /* This has an arbitrary limit to make the math easier. I'm lazy.
++ /* This has an arbitrary limit to make the math easier. I'm lazy.
+ But anyway, 99 is a LOT! If you want more, you're doing it wrong! */
+ if(num_packets > 99) {
+ printk(KERN_WARNING "layer7: num_packets can't be > 99.\n");
+ printk(KERN_WARNING "layer7: num_packets can't be < 1.\n");
+ num_packets = 1;
+ }
-+
++
+ return count;
+}
+
+ printk(KERN_WARNING "layer7: maxdatalen can't be < 1, using 1\n");
+ maxdatalen = 1;
+ }
-+ /* This is not a hard limit. It's just here to prevent people from
++ /* This is not a hard limit. It's just here to prevent people from
+ bringing their slow machines to a grinding halt. */
+ else if(maxdatalen > 65536) {
+ printk(KERN_WARNING "layer7: maxdatalen can't be > 65536, using 65536\n");
-+ maxdatalen = 65536;
-+ }
++ maxdatalen = 65536;
++ }
+ return ipt_register_match(&layer7_match);
+}
+
+
+module_init(init);
+module_exit(fini);
-diff -Nur linux-2.6.17/net/ipv4/netfilter/Kconfig linux-2.6.17-owrt/net/ipv4/netfilter/Kconfig
---- linux-2.6.17/net/ipv4/netfilter/Kconfig 2006-06-18 03:49:35.000000000 +0200
-+++ linux-2.6.17-owrt/net/ipv4/netfilter/Kconfig 2006-06-18 12:32:58.000000000 +0200
-@@ -314,6 +314,24 @@
+diff -urN linux-2.6.19.old/net/ipv4/netfilter/Kconfig linux-2.6.19.dev/net/ipv4/netfilter/Kconfig
+--- linux-2.6.19.old/net/ipv4/netfilter/Kconfig 2006-11-29 22:57:37.000000000 +0100
++++ linux-2.6.19.dev/net/ipv4/netfilter/Kconfig 2006-12-14 03:13:37.000000000 +0100
+@@ -329,6 +329,24 @@
destination IP' or `500pps from any given source IP' with a single
IPtables rule.
# `filter', generic and specific targets
config IP_NF_FILTER
tristate "Packet filtering"
-diff -Nur linux-2.6.17/net/ipv4/netfilter/Makefile linux-2.6.17-owrt/net/ipv4/netfilter/Makefile
---- linux-2.6.17/net/ipv4/netfilter/Makefile 2006-06-18 03:49:35.000000000 +0200
-+++ linux-2.6.17-owrt/net/ipv4/netfilter/Makefile 2006-06-18 12:29:04.000000000 +0200
-@@ -62,6 +62,8 @@
+diff -urN linux-2.6.19.old/net/ipv4/netfilter/Makefile linux-2.6.19.dev/net/ipv4/netfilter/Makefile
+--- linux-2.6.19.old/net/ipv4/netfilter/Makefile 2006-11-29 22:57:37.000000000 +0100
++++ linux-2.6.19.dev/net/ipv4/netfilter/Makefile 2006-12-14 03:13:37.000000000 +0100
+@@ -63,6 +63,8 @@
obj-$(CONFIG_IP_NF_MATCH_TTL) += ipt_ttl.o
obj-$(CONFIG_IP_NF_MATCH_ADDRTYPE) += ipt_addrtype.o
# targets
obj-$(CONFIG_IP_NF_TARGET_REJECT) += ipt_REJECT.o
obj-$(CONFIG_IP_NF_TARGET_TOS) += ipt_TOS.o
-diff -Nur linux-2.6.17/net/ipv4/netfilter/regexp/regexp.c linux-2.6.17-owrt/net/ipv4/netfilter/regexp/regexp.c
---- linux-2.6.17/net/ipv4/netfilter/regexp/regexp.c 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.17-owrt/net/ipv4/netfilter/regexp/regexp.c 2006-06-18 12:29:04.000000000 +0200
+diff -urN linux-2.6.19.old/net/ipv4/netfilter/regexp/regexp.c linux-2.6.19.dev/net/ipv4/netfilter/regexp/regexp.c
+--- linux-2.6.19.old/net/ipv4/netfilter/regexp/regexp.c 1970-01-01 01:00:00.000000000 +0100
++++ linux-2.6.19.dev/net/ipv4/netfilter/regexp/regexp.c 2006-12-14 03:13:37.000000000 +0100
@@ -0,0 +1,1195 @@
+/*
+ * regcomp and regexec -- regsub and regerror are elsewhere
+ *
+ * This code was modified by Ethan Sommer to work within the kernel
+ * (it now uses kmalloc etc..)
-+ *
++ *
+ * Modified slightly by Matthew Strait to use more modern C.
+ */
+
+ }
+
+ /* Make a closing node, and hook it on the end. */
-+ ender = regnode((paren) ? CLOSE+parno : END);
++ ender = regnode((paren) ? CLOSE+parno : END);
+ regtail(ret, ender);
+
+ /* Hook the tails of the branches to the closing node. */
+/*
+ - regnext - dig the "next" pointer out of a node
+ */
-+static char*
++static char*
+regnext(char *p)
+{
+ register int offset;
+ next = regnext(s);
+ if (next == NULL) /* Next ptr. */
+ printf("(0)");
-+ else
++ else
+ printf("(%d)", (s-r->program)+(next-s));
+ s += 3;
+ if (op == ANYOF || op == ANYBUT || op == EXACTLY) {
+#endif
+
+
-diff -Nur linux-2.6.17/net/ipv4/netfilter/regexp/regexp.h linux-2.6.17-owrt/net/ipv4/netfilter/regexp/regexp.h
---- linux-2.6.17/net/ipv4/netfilter/regexp/regexp.h 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.17-owrt/net/ipv4/netfilter/regexp/regexp.h 2006-06-18 12:29:04.000000000 +0200
+diff -urN linux-2.6.19.old/net/ipv4/netfilter/regexp/regexp.h linux-2.6.19.dev/net/ipv4/netfilter/regexp/regexp.h
+--- linux-2.6.19.old/net/ipv4/netfilter/regexp/regexp.h 1970-01-01 01:00:00.000000000 +0100
++++ linux-2.6.19.dev/net/ipv4/netfilter/regexp/regexp.h 2006-12-14 03:13:37.000000000 +0100
@@ -0,0 +1,41 @@
+/*
+ * Definitions etc. for regexp(3) routines.
+#define REGEXP_H
+
+
-+/*
-+http://www.opensource.apple.com/darwinsource/10.3/expect-1/expect/expect.h ,
++/*
++http://www.opensource.apple.com/darwinsource/10.3/expect-1/expect/expect.h ,
+which contains a version of this library, says:
+
+ *
+void regerror(char *s);
+
+#endif
-diff -Nur linux-2.6.17/net/ipv4/netfilter/regexp/regmagic.h linux-2.6.17-owrt/net/ipv4/netfilter/regexp/regmagic.h
---- linux-2.6.17/net/ipv4/netfilter/regexp/regmagic.h 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.17-owrt/net/ipv4/netfilter/regexp/regmagic.h 2006-06-18 12:29:04.000000000 +0200
+diff -urN linux-2.6.19.old/net/ipv4/netfilter/regexp/regmagic.h linux-2.6.19.dev/net/ipv4/netfilter/regexp/regmagic.h
+--- linux-2.6.19.old/net/ipv4/netfilter/regexp/regmagic.h 1970-01-01 01:00:00.000000000 +0100
++++ linux-2.6.19.dev/net/ipv4/netfilter/regexp/regmagic.h 2006-12-14 03:13:37.000000000 +0100
@@ -0,0 +1,5 @@
+/*
+ * The first byte of the regexp internal "program" is actually this magic
+ * number; the start node begins in the second byte.
+ */
+#define MAGIC 0234
-diff -Nur linux-2.6.17/net/ipv4/netfilter/regexp/regsub.c linux-2.6.17-owrt/net/ipv4/netfilter/regexp/regsub.c
---- linux-2.6.17/net/ipv4/netfilter/regexp/regsub.c 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.17-owrt/net/ipv4/netfilter/regexp/regsub.c 2006-06-18 12:29:04.000000000 +0200
+diff -urN linux-2.6.19.old/net/ipv4/netfilter/regexp/regsub.c linux-2.6.19.dev/net/ipv4/netfilter/regexp/regsub.c
+--- linux-2.6.19.old/net/ipv4/netfilter/regexp/regsub.c 1970-01-01 01:00:00.000000000 +0100
++++ linux-2.6.19.dev/net/ipv4/netfilter/regexp/regsub.c 2006-12-14 03:13:37.000000000 +0100
@@ -0,0 +1,95 @@
+/*
+ * regsub
+ register char c;
+ register int no;
+ register int len;
-+
++
+ /* Not necessary and gcc doesn't like it -MLS */
+ /*extern char *strncpy();*/
+
projects / openwrt / staging / mkresin.git / blobdiff