X-Git-Url: https://git.rohieb.name/openwrt.git/blobdiff_plain/8f3d3ea2183d32de437ba5443c9e5a2a2dcd476f..dff26e760144ed11a256aef236654349aa6f9e70:/target/linux/generic-2.6/patches-2.6.25/171-netfilter_tarpit.patch

diff --git a/target/linux/generic-2.6/patches-2.6.25/171-netfilter_tarpit.patch b/target/linux/generic-2.6/patches-2.6.25/171-netfilter_tarpit.patch
index f5f5589ff..d99150fa0 100644
--- a/target/linux/generic-2.6/patches-2.6.25/171-netfilter_tarpit.patch
+++ b/target/linux/generic-2.6/patches-2.6.25/171-netfilter_tarpit.patch
@@ -1,8 +1,6 @@
-Index: linux-2.6.23/net/netfilter/Kconfig
-===================================================================
---- linux-2.6.23.orig/net/netfilter/Kconfig
-+++ linux-2.6.23/net/netfilter/Kconfig
-@@ -401,6 +401,23 @@ config NETFILTER_XT_TARGET_CONNSECMARK
+--- a/net/netfilter/Kconfig
++++ b/net/netfilter/Kconfig
+@@ -437,6 +437,23 @@ config NETFILTER_XT_TARGET_CONNSECMARK
  
  	  To compile it as a module, choose M here.  If unsure, say N.
  
@@ -26,22 +24,18 @@ Index: linux-2.6.23/net/netfilter/Kconfig
  config NETFILTER_XT_TARGET_TCPMSS
  	tristate '"TCPMSS" target support'
  	depends on NETFILTER_XTABLES && (IPV6 || IPV6=n)
-Index: linux-2.6.23/net/netfilter/Makefile
-===================================================================
---- linux-2.6.23.orig/net/netfilter/Makefile
-+++ linux-2.6.23/net/netfilter/Makefile
-@@ -49,6 +49,7 @@ obj-$(CONFIG_NETFILTER_XT_TARGET_NFLOG) 
+--- a/net/netfilter/Makefile
++++ b/net/netfilter/Makefile
+@@ -47,6 +47,7 @@ obj-$(CONFIG_NETFILTER_XT_TARGET_NFQUEUE
  obj-$(CONFIG_NETFILTER_XT_TARGET_NOTRACK) += xt_NOTRACK.o
- obj-$(CONFIG_NETFILTER_XT_TARGET_TRACE) += xt_TRACE.o
+ obj-$(CONFIG_NETFILTER_XT_TARGET_RATEEST) += xt_RATEEST.o
  obj-$(CONFIG_NETFILTER_XT_TARGET_SECMARK) += xt_SECMARK.o
 +obj-$(CONFIG_NETFILTER_XT_TARGET_TARPIT) += xt_TARPIT.o
  obj-$(CONFIG_NETFILTER_XT_TARGET_TCPMSS) += xt_TCPMSS.o
- obj-$(CONFIG_NETFILTER_XT_TARGET_CONNSECMARK) += xt_CONNSECMARK.o
- 
-Index: linux-2.6.23/net/netfilter/xt_TARPIT.c
-===================================================================
+ obj-$(CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP) += xt_TCPOPTSTRIP.o
+ obj-$(CONFIG_NETFILTER_XT_TARGET_TRACE) += xt_TRACE.o
 --- /dev/null
-+++ linux-2.6.23/net/netfilter/xt_TARPIT.c
++++ b/net/netfilter/xt_TARPIT.c
 @@ -0,0 +1,279 @@
 +/*
 + * Kernel module to capture and hold incoming TCP connections using
@@ -218,7 +212,7 @@ Index: linux-2.6.23/net/netfilter/xt_TARPIT.c
 +	fl.nl_u.ip4_u.tos = RT_TOS(niph->tos) | RTO_CONN;
 +	fl.oif = 0;
 +
-+	if (ip_route_output_key(&nrt, &fl))
++	if (ip_route_output_key(&init_net, &nrt, &fl))
 +		goto free_nskb;
 +
 +	dst_release(nskb->dst);
@@ -279,7 +273,7 @@ Index: linux-2.6.23/net/netfilter/xt_TARPIT.c
 +	if (iph->frag_off & htons(IP_OFFSET))
 +		return NF_DROP;
 +
-+	tarpit_tcp(skb, rt, hooknum == NF_IP_LOCAL_IN);
++	tarpit_tcp(skb, rt, hooknum == NF_INET_LOCAL_IN);
 +	return NF_DROP;
 +}
 +
@@ -289,11 +283,11 @@ Index: linux-2.6.23/net/netfilter/xt_TARPIT.c
 +{
 +	bool invalid;
 +
-+	if (strcmp(tablename, "raw") == 0 && hook_mask == NF_IP_PRE_ROUTING)
++	if (strcmp(tablename, "raw") == 0 && hook_mask == NF_INET_PRE_ROUTING)
 +		return true;
 +	if (strcmp(tablename, "filter") != 0)
 +		return false;
-+	invalid = hook_mask & ~((1 << NF_IP_LOCAL_IN) | (1 << NF_IP_FORWARD));
++	invalid = hook_mask & ~((1 << NF_INET_LOCAL_IN) | (1 << NF_INET_FORWARD));
 +	return !invalid;
 +}
 +