---- linux-2.6.24-rc5/net/netfilter/Kconfig 2007-12-11 23:43:21.000000000 -0600
-+++ linux-2.6.24-rc5-layer7/net/netfilter/Kconfig 2007-12-11 23:35:12.000000000 -0600
+--- a/net/netfilter/Kconfig
++++ b/net/netfilter/Kconfig
@@ -633,6 +633,27 @@ config NETFILTER_XT_MATCH_STATE
To compile it as a module, choose M here. If unsure, say N.
config NETFILTER_XT_MATCH_STATISTIC
tristate '"statistic" match support'
depends on NETFILTER_XTABLES
---- linux-2.6.24-rc5/net/netfilter/Makefile 2007-12-11 23:43:21.000000000 -0600
-+++ linux-2.6.24-rc5-layer7/net/netfilter/Makefile 2007-12-11 23:35:12.000000000 -0600
+--- a/net/netfilter/Makefile
++++ b/net/netfilter/Makefile
@@ -73,6 +73,7 @@ obj-$(CONFIG_NETFILTER_XT_MATCH_QUOTA) +
obj-$(CONFIG_NETFILTER_XT_MATCH_REALM) += xt_realm.o
obj-$(CONFIG_NETFILTER_XT_MATCH_SCTP) += xt_sctp.o
obj-$(CONFIG_NETFILTER_XT_MATCH_STATISTIC) += xt_statistic.o
obj-$(CONFIG_NETFILTER_XT_MATCH_STRING) += xt_string.o
obj-$(CONFIG_NETFILTER_XT_MATCH_TCPMSS) += xt_tcpmss.o
---- linux-2.6.24-rc5/net/netfilter/xt_layer7.c 1969-12-31 18:00:00.000000000 -0600
-+++ linux-2.6.24-rc5-layer7/net/netfilter/xt_layer7.c 2007-12-11 23:55:46.000000000 -0600
+--- /dev/null
++++ b/net/netfilter/xt_layer7.c
@@ -0,0 +1,634 @@
+/*
+ Kernel module to match application layer (OSI layer 7) data in connections.
+ return count;
+}
+
-+static int
++static bool
+match(const struct sk_buff *skbin,
+ const struct net_device *in,
+ const struct net_device *out,
+ const void *matchinfo,
+ int offset,
+ unsigned int protoff,
-+ int *hotdrop)
++ bool *hotdrop)
+{
+ /* sidestep const without getting a compiler warning... */
+ struct sk_buff * skb = (struct sk_buff *)skbin;
+ return (pattern_result ^ info->invert);
+}
+
-+static int check(const char *tablename,
++static bool check(const char *tablename,
+ const void *inf,
+ const struct xt_match *match,
+ void *matchinfo,
+ if (nf_ct_l3proto_try_module_get(match->family) < 0) {
+ printk(KERN_WARNING "can't load conntrack support for "
+ "proto=%d\n", match->family);
-+ return 0;
++ return false;
+ }
-+ return 1;
++ return true;
+}
+
+static void
+
+module_init(xt_layer7_init);
+module_exit(xt_layer7_fini);
---- linux-2.6.24-rc5/net/netfilter/regexp/regexp.c 1969-12-31 18:00:00.000000000 -0600
-+++ linux-2.6.24-rc5-layer7/net/netfilter/regexp/regexp.c 2007-12-11 23:35:12.000000000 -0600
+--- /dev/null
++++ b/net/netfilter/regexp/regexp.c
@@ -0,0 +1,1197 @@
+/*
+ * regcomp and regexec -- regsub and regerror are elsewhere
+#endif
+
+
---- linux-2.6.24-rc5/net/netfilter/regexp/regexp.h 1969-12-31 18:00:00.000000000 -0600
-+++ linux-2.6.24-rc5-layer7/net/netfilter/regexp/regexp.h 2007-12-11 23:35:12.000000000 -0600
+--- /dev/null
++++ b/net/netfilter/regexp/regexp.h
@@ -0,0 +1,41 @@
+/*
+ * Definitions etc. for regexp(3) routines.
+void regerror(char *s);
+
+#endif
---- linux-2.6.24-rc5/net/netfilter/regexp/regmagic.h 1969-12-31 18:00:00.000000000 -0600
-+++ linux-2.6.24-rc5-layer7/net/netfilter/regexp/regmagic.h 2007-12-11 23:35:12.000000000 -0600
+--- /dev/null
++++ b/net/netfilter/regexp/regmagic.h
@@ -0,0 +1,5 @@
+/*
+ * The first byte of the regexp internal "program" is actually this magic
+ * number; the start node begins in the second byte.
+ */
+#define MAGIC 0234
---- linux-2.6.24-rc5/net/netfilter/regexp/regsub.c 1969-12-31 18:00:00.000000000 -0600
-+++ linux-2.6.24-rc5-layer7/net/netfilter/regexp/regsub.c 2007-12-11 23:35:12.000000000 -0600
+--- /dev/null
++++ b/net/netfilter/regexp/regsub.c
@@ -0,0 +1,95 @@
+/*
+ * regsub
+ }
+ *dst++ = '\0';
+}
---- linux-2.6.24-rc5/net/netfilter/nf_conntrack_core.c 2007-12-11 23:43:21.000000000 -0600
-+++ linux-2.6.24-rc5-layer7/net/netfilter/nf_conntrack_core.c 2007-12-11 23:35:12.000000000 -0600
+--- a/net/netfilter/nf_conntrack_core.c
++++ b/net/netfilter/nf_conntrack_core.c
@@ -206,6 +206,14 @@ destroy_conntrack(struct nf_conntrack *n
* too. */
nf_ct_remove_expectations(ct);
/* We overload first tuple to link into unconfirmed list. */
if (!nf_ct_is_confirmed(ct)) {
BUG_ON(hlist_unhashed(&ct->tuplehash[IP_CT_DIR_ORIGINAL].hnode));
---- linux-2.6.24-rc5/net/netfilter/nf_conntrack_standalone.c 2007-12-11 23:43:22.000000000 -0600
-+++ linux-2.6.24-rc5-layer7/net/netfilter/nf_conntrack_standalone.c 2007-12-11 23:35:12.000000000 -0600
+--- a/net/netfilter/nf_conntrack_standalone.c
++++ b/net/netfilter/nf_conntrack_standalone.c
@@ -180,7 +180,12 @@ static int ct_seq_show(struct seq_file *
return -ENOSPC;
#endif
return -ENOSPC;
return 0;
---- linux-2.6.24-rc5/include/net/netfilter/nf_conntrack.h 2007-12-11 23:43:16.000000000 -0600
-+++ linux-2.6.24-rc5-layer7/include/net/netfilter/nf_conntrack.h 2007-12-11 23:35:12.000000000 -0600
+--- a/include/net/netfilter/nf_conntrack.h
++++ b/include/net/netfilter/nf_conntrack.h
@@ -124,6 +124,22 @@ struct nf_conn
u_int32_t secmark;
#endif
/* Storage reserved for other modules: */
union nf_conntrack_proto proto;
---- linux-2.6.24-rc5/include/linux/netfilter/xt_layer7.h 1969-12-31 18:00:00.000000000 -0600
-+++ linux-2.6.24-rc5-layer7/include/linux/netfilter/xt_layer7.h 2007-12-11 23:35:12.000000000 -0600
+--- /dev/null
++++ b/include/linux/netfilter/xt_layer7.h
@@ -0,0 +1,13 @@
+#ifndef _XT_LAYER7_H
+#define _XT_LAYER7_H
projects / openwrt / svn-archive / archive.git / blobdiff