-Index: linux-2.6.23/net/netfilter/Kconfig
-===================================================================
---- linux-2.6.23.orig/net/netfilter/Kconfig
-+++ linux-2.6.23/net/netfilter/Kconfig
-@@ -401,6 +401,23 @@ config NETFILTER_XT_TARGET_CONNSECMARK
+--- a/net/netfilter/Kconfig
++++ b/net/netfilter/Kconfig
+@@ -437,6 +437,23 @@ config NETFILTER_XT_TARGET_CONNSECMARK
To compile it as a module, choose M here. If unsure, say N.
config NETFILTER_XT_TARGET_TCPMSS
tristate '"TCPMSS" target support'
depends on NETFILTER_XTABLES && (IPV6 || IPV6=n)
-Index: linux-2.6.23/net/netfilter/Makefile
-===================================================================
---- linux-2.6.23.orig/net/netfilter/Makefile
-+++ linux-2.6.23/net/netfilter/Makefile
-@@ -49,6 +49,7 @@ obj-$(CONFIG_NETFILTER_XT_TARGET_NFLOG)
+--- a/net/netfilter/Makefile
++++ b/net/netfilter/Makefile
+@@ -47,6 +47,7 @@ obj-$(CONFIG_NETFILTER_XT_TARGET_NFQUEUE
obj-$(CONFIG_NETFILTER_XT_TARGET_NOTRACK) += xt_NOTRACK.o
- obj-$(CONFIG_NETFILTER_XT_TARGET_TRACE) += xt_TRACE.o
+ obj-$(CONFIG_NETFILTER_XT_TARGET_RATEEST) += xt_RATEEST.o
obj-$(CONFIG_NETFILTER_XT_TARGET_SECMARK) += xt_SECMARK.o
+obj-$(CONFIG_NETFILTER_XT_TARGET_TARPIT) += xt_TARPIT.o
obj-$(CONFIG_NETFILTER_XT_TARGET_TCPMSS) += xt_TCPMSS.o
- obj-$(CONFIG_NETFILTER_XT_TARGET_CONNSECMARK) += xt_CONNSECMARK.o
-
-Index: linux-2.6.23/net/netfilter/xt_TARPIT.c
-===================================================================
+ obj-$(CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP) += xt_TCPOPTSTRIP.o
+ obj-$(CONFIG_NETFILTER_XT_TARGET_TRACE) += xt_TRACE.o
--- /dev/null
-+++ linux-2.6.23/net/netfilter/xt_TARPIT.c
++++ b/net/netfilter/xt_TARPIT.c
@@ -0,0 +1,279 @@
+/*
+ * Kernel module to capture and hold incoming TCP connections using
+ fl.nl_u.ip4_u.tos = RT_TOS(niph->tos) | RTO_CONN;
+ fl.oif = 0;
+
-+ if (ip_route_output_key(&nrt, &fl))
++ if (ip_route_output_key(&init_net, &nrt, &fl))
+ goto free_nskb;
+
+ dst_release(nskb->dst);
+ if (iph->frag_off & htons(IP_OFFSET))
+ return NF_DROP;
+
-+ tarpit_tcp(skb, rt, hooknum == NF_IP_LOCAL_IN);
++ tarpit_tcp(skb, rt, hooknum == NF_INET_LOCAL_IN);
+ return NF_DROP;
+}
+
+{
+ bool invalid;
+
-+ if (strcmp(tablename, "raw") == 0 && hook_mask == NF_IP_PRE_ROUTING)
++ if (strcmp(tablename, "raw") == 0 && hook_mask == NF_INET_PRE_ROUTING)
+ return true;
+ if (strcmp(tablename, "filter") != 0)
+ return false;
-+ invalid = hook_mask & ~((1 << NF_IP_LOCAL_IN) | (1 << NF_IP_FORWARD));
++ invalid = hook_mask & ~((1 << NF_INET_LOCAL_IN) | (1 << NF_INET_FORWARD));
+ return !invalid;
+}
+