X-Git-Url: https://git.rohieb.name/openwrt.git/blobdiff_plain/16ed52752f2daffd50fe53121598c5170b1201f1..d96351afb4211866a1656242cf6d08d68f5661eb:/target/linux/generic-2.6/patches-2.6.23/100-netfilter_layer7_2.17.patch diff --git a/target/linux/generic-2.6/patches-2.6.23/100-netfilter_layer7_2.17.patch b/target/linux/generic-2.6/patches-2.6.23/100-netfilter_layer7_2.17.patch index c49bd727d..d94fd3c0c 100644 --- a/target/linux/generic-2.6/patches-2.6.23/100-netfilter_layer7_2.17.patch +++ b/target/linux/generic-2.6/patches-2.6.23/100-netfilter_layer7_2.17.patch @@ -1,6 +1,6 @@ ---- linux-2.6.24-rc5/net/netfilter/Kconfig 2007-12-11 23:43:21.000000000 -0600 -+++ linux-2.6.24-rc5-layer7/net/netfilter/Kconfig 2007-12-11 23:35:12.000000000 -0600 -@@ -633,6 +633,27 @@ config NETFILTER_XT_MATCH_STATE +--- a/net/netfilter/Kconfig ++++ b/net/netfilter/Kconfig +@@ -633,6 +633,27 @@ To compile it as a module, choose M here. If unsure, say N. @@ -28,9 +28,9 @@ config NETFILTER_XT_MATCH_STATISTIC tristate '"statistic" match support' depends on NETFILTER_XTABLES ---- linux-2.6.24-rc5/net/netfilter/Makefile 2007-12-11 23:43:21.000000000 -0600 -+++ linux-2.6.24-rc5-layer7/net/netfilter/Makefile 2007-12-11 23:35:12.000000000 -0600 -@@ -73,6 +73,7 @@ obj-$(CONFIG_NETFILTER_XT_MATCH_QUOTA) + +--- a/net/netfilter/Makefile ++++ b/net/netfilter/Makefile +@@ -71,6 +71,7 @@ obj-$(CONFIG_NETFILTER_XT_MATCH_REALM) += xt_realm.o obj-$(CONFIG_NETFILTER_XT_MATCH_SCTP) += xt_sctp.o obj-$(CONFIG_NETFILTER_XT_MATCH_STATE) += xt_state.o @@ -38,8 +38,8 @@ obj-$(CONFIG_NETFILTER_XT_MATCH_STATISTIC) += xt_statistic.o obj-$(CONFIG_NETFILTER_XT_MATCH_STRING) += xt_string.o obj-$(CONFIG_NETFILTER_XT_MATCH_TCPMSS) += xt_tcpmss.o ---- linux-2.6.24-rc5/net/netfilter/xt_layer7.c 1969-12-31 18:00:00.000000000 -0600 -+++ linux-2.6.24-rc5-layer7/net/netfilter/xt_layer7.c 2007-12-11 23:55:46.000000000 -0600 +--- /dev/null ++++ b/net/netfilter/xt_layer7.c @@ -0,0 +1,634 @@ +/* + Kernel module to match application layer (OSI layer 7) data in connections. @@ -438,7 +438,7 @@ + return count; +} + -+static int ++static bool +match(const struct sk_buff *skbin, + const struct net_device *in, + const struct net_device *out, @@ -446,7 +446,7 @@ + const void *matchinfo, + int offset, + unsigned int protoff, -+ int *hotdrop) ++ bool *hotdrop) +{ + /* sidestep const without getting a compiler warning... */ + struct sk_buff * skb = (struct sk_buff *)skbin; @@ -590,7 +590,7 @@ + return (pattern_result ^ info->invert); +} + -+static int check(const char *tablename, ++static bool check(const char *tablename, + const void *inf, + const struct xt_match *match, + void *matchinfo, @@ -601,9 +601,9 @@ + if (nf_ct_l3proto_try_module_get(match->family) < 0) { + printk(KERN_WARNING "can't load conntrack support for " + "proto=%d\n", match->family); -+ return 0; ++ return false; + } -+ return 1; ++ return true; +} + +static void @@ -675,8 +675,8 @@ + +module_init(xt_layer7_init); +module_exit(xt_layer7_fini); ---- linux-2.6.24-rc5/net/netfilter/regexp/regexp.c 1969-12-31 18:00:00.000000000 -0600 -+++ linux-2.6.24-rc5-layer7/net/netfilter/regexp/regexp.c 2007-12-11 23:35:12.000000000 -0600 +--- /dev/null ++++ b/net/netfilter/regexp/regexp.c @@ -0,0 +1,1197 @@ +/* + * regcomp and regexec -- regsub and regerror are elsewhere @@ -1875,8 +1875,8 @@ +#endif + + ---- linux-2.6.24-rc5/net/netfilter/regexp/regexp.h 1969-12-31 18:00:00.000000000 -0600 -+++ linux-2.6.24-rc5-layer7/net/netfilter/regexp/regexp.h 2007-12-11 23:35:12.000000000 -0600 +--- /dev/null ++++ b/net/netfilter/regexp/regexp.h @@ -0,0 +1,41 @@ +/* + * Definitions etc. for regexp(3) routines. @@ -1919,16 +1919,16 @@ +void regerror(char *s); + +#endif ---- linux-2.6.24-rc5/net/netfilter/regexp/regmagic.h 1969-12-31 18:00:00.000000000 -0600 -+++ linux-2.6.24-rc5-layer7/net/netfilter/regexp/regmagic.h 2007-12-11 23:35:12.000000000 -0600 +--- /dev/null ++++ b/net/netfilter/regexp/regmagic.h @@ -0,0 +1,5 @@ +/* + * The first byte of the regexp internal "program" is actually this magic + * number; the start node begins in the second byte. + */ +#define MAGIC 0234 ---- linux-2.6.24-rc5/net/netfilter/regexp/regsub.c 1969-12-31 18:00:00.000000000 -0600 -+++ linux-2.6.24-rc5-layer7/net/netfilter/regexp/regsub.c 2007-12-11 23:35:12.000000000 -0600 +--- /dev/null ++++ b/net/netfilter/regexp/regsub.c @@ -0,0 +1,95 @@ +/* + * regsub @@ -2025,9 +2025,9 @@ + } + *dst++ = '\0'; +} ---- linux-2.6.24-rc5/net/netfilter/nf_conntrack_core.c 2007-12-11 23:43:21.000000000 -0600 -+++ linux-2.6.24-rc5-layer7/net/netfilter/nf_conntrack_core.c 2007-12-11 23:35:12.000000000 -0600 -@@ -206,6 +206,14 @@ destroy_conntrack(struct nf_conntrack *n +--- a/net/netfilter/nf_conntrack_core.c ++++ b/net/netfilter/nf_conntrack_core.c +@@ -207,6 +207,14 @@ * too. */ nf_ct_remove_expectations(ct); @@ -2042,9 +2042,9 @@ /* We overload first tuple to link into unconfirmed list. */ if (!nf_ct_is_confirmed(ct)) { BUG_ON(hlist_unhashed(&ct->tuplehash[IP_CT_DIR_ORIGINAL].hnode)); ---- linux-2.6.24-rc5/net/netfilter/nf_conntrack_standalone.c 2007-12-11 23:43:22.000000000 -0600 -+++ linux-2.6.24-rc5-layer7/net/netfilter/nf_conntrack_standalone.c 2007-12-11 23:35:12.000000000 -0600 -@@ -180,7 +180,12 @@ static int ct_seq_show(struct seq_file * +--- a/net/netfilter/nf_conntrack_standalone.c ++++ b/net/netfilter/nf_conntrack_standalone.c +@@ -179,7 +179,12 @@ return -ENOSPC; #endif @@ -2058,9 +2058,9 @@ return -ENOSPC; return 0; ---- linux-2.6.24-rc5/include/net/netfilter/nf_conntrack.h 2007-12-11 23:43:16.000000000 -0600 -+++ linux-2.6.24-rc5-layer7/include/net/netfilter/nf_conntrack.h 2007-12-11 23:35:12.000000000 -0600 -@@ -124,6 +124,22 @@ struct nf_conn +--- a/include/net/netfilter/nf_conntrack.h ++++ b/include/net/netfilter/nf_conntrack.h +@@ -127,6 +127,22 @@ u_int32_t secmark; #endif @@ -2083,8 +2083,8 @@ /* Storage reserved for other modules: */ union nf_conntrack_proto proto; ---- linux-2.6.24-rc5/include/linux/netfilter/xt_layer7.h 1969-12-31 18:00:00.000000000 -0600 -+++ linux-2.6.24-rc5-layer7/include/linux/netfilter/xt_layer7.h 2007-12-11 23:35:12.000000000 -0600 +--- /dev/null ++++ b/include/linux/netfilter/xt_layer7.h @@ -0,0 +1,13 @@ +#ifndef _XT_LAYER7_H +#define _XT_LAYER7_H