-Index: linux-2.6.24/include/linux/netfilter/oot_conntrack.h
-===================================================================
+--- a/include/linux/netfilter/Kbuild
++++ b/include/linux/netfilter/Kbuild
+@@ -3,6 +3,7 @@ header-y += nf_conntrack_tuple_common.h
+ header-y += nfnetlink_conntrack.h
+ header-y += nfnetlink_log.h
+ header-y += nfnetlink_queue.h
++header-y += xt_CHAOS.h
+ header-y += xt_CLASSIFY.h
+ header-y += xt_CONNMARK.h
+ header-y += xt_CONNSECMARK.h
--- /dev/null
-+++ linux-2.6.24/include/linux/netfilter/oot_conntrack.h
++++ b/include/linux/netfilter/oot_conntrack.h
@@ -0,0 +1,5 @@
+#if defined(CONFIG_IP_NF_CONNTRACK) || defined(CONFIG_IP_NF_CONNTRACK_MODULE)
+# include <linux/netfilter_ipv4/ip_conntrack.h>
+#else /* linux-2.6.20+ */
+# include <net/netfilter/nf_nat_rule.h>
+#endif
-Index: linux-2.6.24/include/linux/netfilter/oot_trans.h
-===================================================================
--- /dev/null
-+++ linux-2.6.24/include/linux/netfilter/oot_trans.h
++++ b/include/linux/netfilter/oot_trans.h
@@ -0,0 +1,14 @@
+/* Out of tree workarounds */
+#include <linux/version.h>
+# define tcp_v4_check(tcph, tcph_sz, s, d, csp) \
+ tcp_v4_check((tcph_sz), (s), (d), (csp))
+#endif
-Index: linux-2.6.24/include/linux/netfilter/xt_CHAOS.h
-===================================================================
--- /dev/null
-+++ linux-2.6.24/include/linux/netfilter/xt_CHAOS.h
++++ b/include/linux/netfilter/xt_CHAOS.h
@@ -0,0 +1,14 @@
+#ifndef _LINUX_NETFILTER_XT_CHAOS_H
+#define _LINUX_NETFILTER_XT_CHAOS_H 1
+};
+
+#endif /* _LINUX_NETFILTER_XT_CHAOS_H */
-Index: linux-2.6.24/include/linux/netfilter/xt_portscan.h
-===================================================================
--- /dev/null
-+++ linux-2.6.24/include/linux/netfilter/xt_portscan.h
++++ b/include/linux/netfilter/xt_portscan.h
@@ -0,0 +1,8 @@
+#ifndef _LINUX_NETFILTER_XT_PORTSCAN_H
+#define _LINUX_NETFILTER_XT_PORTSCAN_H 1
+};
+
+#endif /* _LINUX_NETFILTER_XT_PORTSCAN_H */
-Index: linux-2.6.24/net/netfilter/find_match.c
-===================================================================
--- /dev/null
-+++ linux-2.6.24/net/netfilter/find_match.c
++++ b/net/netfilter/find_match.c
@@ -0,0 +1,39 @@
+/*
+ xt_request_find_match
+
+/* In case it goes into mainline, let this out-of-tree package compile */
+#define xt_request_find_match xt_request_find_match_lo
-Index: linux-2.6.24/net/netfilter/Kconfig
-===================================================================
---- linux-2.6.24.orig/net/netfilter/Kconfig
-+++ linux-2.6.24/net/netfilter/Kconfig
-@@ -265,6 +265,14 @@ config NETFILTER_XTABLES
+--- a/net/netfilter/Kconfig
++++ b/net/netfilter/Kconfig
+@@ -276,6 +276,14 @@ config NETFILTER_XTABLES
# alphabetically ordered list of targets
config NETFILTER_XT_TARGET_CLASSIFY
tristate '"CLASSIFY" target support'
depends on NETFILTER_XTABLES
-@@ -292,6 +300,14 @@ config NETFILTER_XT_TARGET_CONNMARK
+@@ -305,6 +313,14 @@ config NETFILTER_XT_TARGET_CONNMARK
<file:Documentation/kbuild/modules.txt>. The module will be called
ipt_CONNMARK.ko. If unsure, say `N'.
+ To compile it as a module, choose M here. If unsure, say N.
+
config NETFILTER_XT_TARGET_DSCP
- tristate '"DSCP" target support'
+ tristate '"DSCP" and "TOS" target support'
depends on NETFILTER_XTABLES
-@@ -556,6 +572,14 @@ config NETFILTER_XT_MATCH_POLICY
+@@ -640,6 +656,14 @@ config NETFILTER_XT_MATCH_POLICY
To compile it as a module, choose M here. If unsure, say N.
+ To compile it as a module, choose M here. If unsure, say N.
+
config NETFILTER_XT_MATCH_MULTIPORT
- tristate "Multiple port match support"
+ tristate '"multiport" Multiple port match support'
depends on NETFILTER_XTABLES
-Index: linux-2.6.24/net/netfilter/Makefile
-===================================================================
---- linux-2.6.24.orig/net/netfilter/Makefile
-+++ linux-2.6.24/net/netfilter/Makefile
-@@ -49,6 +49,8 @@ obj-$(CONFIG_NETFILTER_XT_TARGET_NOTRACK
- obj-$(CONFIG_NETFILTER_XT_TARGET_SECMARK) += xt_SECMARK.o
+--- a/net/netfilter/Makefile
++++ b/net/netfilter/Makefile
+@@ -50,6 +50,8 @@ obj-$(CONFIG_NETFILTER_XT_TARGET_SECMARK
obj-$(CONFIG_NETFILTER_XT_TARGET_TCPMSS) += xt_TCPMSS.o
+ obj-$(CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP) += xt_TCPOPTSTRIP.o
obj-$(CONFIG_NETFILTER_XT_TARGET_TRACE) += xt_TRACE.o
+obj-$(CONFIG_NETFILTER_XT_TARGET_CHAOS) += xt_CHAOS.o
+obj-$(CONFIG_NETFILTER_XT_TARGET_DELUDE) += xt_DELUDE.o
# matches
obj-$(CONFIG_NETFILTER_XT_MATCH_COMMENT) += xt_comment.o
-@@ -79,3 +81,4 @@ obj-$(CONFIG_NETFILTER_XT_MATCH_STRING)
+@@ -83,3 +85,4 @@ obj-$(CONFIG_NETFILTER_XT_MATCH_STRING)
obj-$(CONFIG_NETFILTER_XT_MATCH_TCPMSS) += xt_tcpmss.o
obj-$(CONFIG_NETFILTER_XT_MATCH_TIME) += xt_time.o
obj-$(CONFIG_NETFILTER_XT_MATCH_U32) += xt_u32.o
+obj-$(CONFIG_NETFILTER_XT_MATCH_PORTSCAN) += xt_portscan.o
-Index: linux-2.6.24/net/netfilter/xt_CHAOS.c
-===================================================================
--- /dev/null
-+++ linux-2.6.24/net/netfilter/xt_CHAOS.c
++++ b/net/netfilter/xt_CHAOS.c
@@ -0,0 +1,200 @@
+/*
+ * CHAOS target for netfilter
+
+ /* TARPIT/DELUDE may not be called from the OUTPUT chain */
+ if (iph->protocol == IPPROTO_TCP &&
-+ info->variant != XTCHAOS_NORMAL && hooknum != NF_IP_LOCAL_OUT)
++ info->variant != XTCHAOS_NORMAL && hooknum != NF_INET_LOCAL_OUT)
+ xt_chaos_total(info, skb, in, out, hooknum);
+
+ return NF_DROP;
+ .name = "CHAOS",
+ .family = AF_INET,
+ .table = "filter",
-+ .hooks = (1 << NF_IP_LOCAL_IN) | (1 << NF_IP_FORWARD) |
-+ (1 << NF_IP_LOCAL_OUT),
++ .hooks = (1 << NF_INET_LOCAL_IN) | (1 << NF_INET_FORWARD) |
++ (1 << NF_INET_LOCAL_OUT),
+ .checkentry = chaos_tg_check,
+ .target = chaos_tg,
+ .targetsize = sizeof(struct xt_chaos_target_info),
+MODULE_DESCRIPTION("netfilter \"CHAOS\" target");
+MODULE_LICENSE("GPL");
+MODULE_ALIAS("ipt_CHAOS");
-Index: linux-2.6.24/net/netfilter/xt_DELUDE.c
-===================================================================
--- /dev/null
-+++ linux-2.6.24/net/netfilter/xt_DELUDE.c
++++ b/net/netfilter/xt_DELUDE.c
@@ -0,0 +1,197 @@
+/*
+ * DELUDE target
+
+ addr_type = RTN_UNSPEC;
+#ifdef CONFIG_BRIDGE_NETFILTER
-+ if (hook != NF_IP_FORWARD || (nskb->nf_bridge != NULL &&
++ if (hook != NF_INET_FORWARD || (nskb->nf_bridge != NULL &&
+ nskb->nf_bridge->mask & BRNF_BRIDGED))
+#else
-+ if (hook != NF_IP_FORWARD)
++ if (hook != NF_INET_FORWARD)
+#endif
+ addr_type = RTN_LOCAL;
+
+
+ nf_ct_attach(nskb, oldskb);
+
-+ NF_HOOK(PF_INET, NF_IP_LOCAL_OUT, nskb, NULL, nskb->dst->dev,
++ NF_HOOK(PF_INET, NF_INET_LOCAL_OUT, nskb, NULL, nskb->dst->dev,
+ dst_output);
+ return;
+
+ .name = "DELUDE",
+ .family = AF_INET,
+ .table = "filter",
-+ .hooks = (1 << NF_IP_LOCAL_IN) | (1 << NF_IP_FORWARD),
++ .hooks = (1 << NF_INET_LOCAL_IN) | (1 << NF_INET_FORWARD),
+ .target = delude_tg,
+ .proto = IPPROTO_TCP,
+ .me = THIS_MODULE,
+MODULE_DESCRIPTION("netfilter \"DELUDE\" target");
+MODULE_LICENSE("GPL");
+MODULE_ALIAS("ipt_DELUDE");
-Index: linux-2.6.24/net/netfilter/xt_portscan.c
-===================================================================
--- /dev/null
-+++ linux-2.6.24/net/netfilter/xt_portscan.c
++++ b/net/netfilter/xt_portscan.c
@@ -0,0 +1,269 @@
+/*
+ * portscan match for netfilter
+MODULE_DESCRIPTION("netfilter \"portscan\" match");
+MODULE_LICENSE("GPL");
+MODULE_ALIAS("ipt_portscan");
-Index: linux-2.6.24/drivers/char/random.c
-===================================================================
---- linux-2.6.24.orig/drivers/char/random.c
-+++ linux-2.6.24/drivers/char/random.c
-@@ -1564,6 +1564,8 @@ __u32 secure_tcp_sequence_number(__be32
+--- a/drivers/char/random.c
++++ b/drivers/char/random.c
+@@ -1563,6 +1563,8 @@ __u32 secure_tcp_sequence_number(__be32
return seq;
}
projects / openwrt.git / blobdiff