-Index: linux-2.6.23.17/net/netfilter/Kconfig
-===================================================================
---- linux-2.6.23.17.orig/net/netfilter/Kconfig
-+++ linux-2.6.23.17/net/netfilter/Kconfig
+--- a/net/netfilter/Kconfig
++++ b/net/netfilter/Kconfig
@@ -633,6 +633,27 @@ config NETFILTER_XT_MATCH_STATE
To compile it as a module, choose M here. If unsure, say N.
config NETFILTER_XT_MATCH_STATISTIC
tristate '"statistic" match support'
depends on NETFILTER_XTABLES
-Index: linux-2.6.23.17/net/netfilter/Makefile
-===================================================================
---- linux-2.6.23.17.orig/net/netfilter/Makefile
-+++ linux-2.6.23.17/net/netfilter/Makefile
+--- a/net/netfilter/Makefile
++++ b/net/netfilter/Makefile
@@ -71,6 +71,7 @@ obj-$(CONFIG_NETFILTER_XT_MATCH_QUOTA) +
obj-$(CONFIG_NETFILTER_XT_MATCH_REALM) += xt_realm.o
obj-$(CONFIG_NETFILTER_XT_MATCH_SCTP) += xt_sctp.o
obj-$(CONFIG_NETFILTER_XT_MATCH_STATISTIC) += xt_statistic.o
obj-$(CONFIG_NETFILTER_XT_MATCH_STRING) += xt_string.o
obj-$(CONFIG_NETFILTER_XT_MATCH_TCPMSS) += xt_tcpmss.o
-Index: linux-2.6.23.17/net/netfilter/xt_layer7.c
-===================================================================
--- /dev/null
-+++ linux-2.6.23.17/net/netfilter/xt_layer7.c
++++ b/net/netfilter/xt_layer7.c
@@ -0,0 +1,634 @@
+/*
+ Kernel module to match application layer (OSI layer 7) data in connections.
+
+module_init(xt_layer7_init);
+module_exit(xt_layer7_fini);
-Index: linux-2.6.23.17/net/netfilter/regexp/regexp.c
-===================================================================
--- /dev/null
-+++ linux-2.6.23.17/net/netfilter/regexp/regexp.c
++++ b/net/netfilter/regexp/regexp.c
@@ -0,0 +1,1197 @@
+/*
+ * regcomp and regexec -- regsub and regerror are elsewhere
+#endif
+
+
-Index: linux-2.6.23.17/net/netfilter/regexp/regexp.h
-===================================================================
--- /dev/null
-+++ linux-2.6.23.17/net/netfilter/regexp/regexp.h
++++ b/net/netfilter/regexp/regexp.h
@@ -0,0 +1,41 @@
+/*
+ * Definitions etc. for regexp(3) routines.
+void regerror(char *s);
+
+#endif
-Index: linux-2.6.23.17/net/netfilter/regexp/regmagic.h
-===================================================================
--- /dev/null
-+++ linux-2.6.23.17/net/netfilter/regexp/regmagic.h
++++ b/net/netfilter/regexp/regmagic.h
@@ -0,0 +1,5 @@
+/*
+ * The first byte of the regexp internal "program" is actually this magic
+ * number; the start node begins in the second byte.
+ */
+#define MAGIC 0234
-Index: linux-2.6.23.17/net/netfilter/regexp/regsub.c
-===================================================================
--- /dev/null
-+++ linux-2.6.23.17/net/netfilter/regexp/regsub.c
++++ b/net/netfilter/regexp/regsub.c
@@ -0,0 +1,95 @@
+/*
+ * regsub
+ }
+ *dst++ = '\0';
+}
-Index: linux-2.6.23.17/net/netfilter/nf_conntrack_core.c
-===================================================================
---- linux-2.6.23.17.orig/net/netfilter/nf_conntrack_core.c
-+++ linux-2.6.23.17/net/netfilter/nf_conntrack_core.c
+--- a/net/netfilter/nf_conntrack_core.c
++++ b/net/netfilter/nf_conntrack_core.c
@@ -207,6 +207,14 @@ destroy_conntrack(struct nf_conntrack *n
* too. */
nf_ct_remove_expectations(ct);
/* We overload first tuple to link into unconfirmed list. */
if (!nf_ct_is_confirmed(ct)) {
BUG_ON(hlist_unhashed(&ct->tuplehash[IP_CT_DIR_ORIGINAL].hnode));
-Index: linux-2.6.23.17/net/netfilter/nf_conntrack_standalone.c
-===================================================================
---- linux-2.6.23.17.orig/net/netfilter/nf_conntrack_standalone.c
-+++ linux-2.6.23.17/net/netfilter/nf_conntrack_standalone.c
+--- a/net/netfilter/nf_conntrack_standalone.c
++++ b/net/netfilter/nf_conntrack_standalone.c
@@ -179,7 +179,12 @@ static int ct_seq_show(struct seq_file *
return -ENOSPC;
#endif
return -ENOSPC;
return 0;
-Index: linux-2.6.23.17/include/net/netfilter/nf_conntrack.h
-===================================================================
---- linux-2.6.23.17.orig/include/net/netfilter/nf_conntrack.h
-+++ linux-2.6.23.17/include/net/netfilter/nf_conntrack.h
+--- a/include/net/netfilter/nf_conntrack.h
++++ b/include/net/netfilter/nf_conntrack.h
@@ -127,6 +127,22 @@ struct nf_conn
u_int32_t secmark;
#endif
/* Storage reserved for other modules: */
union nf_conntrack_proto proto;
-Index: linux-2.6.23.17/include/linux/netfilter/xt_layer7.h
-===================================================================
--- /dev/null
-+++ linux-2.6.23.17/include/linux/netfilter/xt_layer7.h
++++ b/include/linux/netfilter/xt_layer7.h
@@ -0,0 +1,13 @@
+#ifndef _XT_LAYER7_H
+#define _XT_LAYER7_H