summaryrefslogtreecommitdiffstats
path: root/target
diff options
context:
space:
mode:
Diffstat (limited to 'target')
-rw-r--r--target/linux/generic-2.6/patches-2.6.22/130-netfilter-ipset.patch415
1 files changed, 143 insertions, 272 deletions
diff --git a/target/linux/generic-2.6/patches-2.6.22/130-netfilter-ipset.patch b/target/linux/generic-2.6/patches-2.6.22/130-netfilter-ipset.patch
index f52d0ea73..6c3db5b13 100644
--- a/target/linux/generic-2.6/patches-2.6.22/130-netfilter-ipset.patch
+++ b/target/linux/generic-2.6/patches-2.6.22/130-netfilter-ipset.patch
@@ -1,6 +1,7 @@
-diff -ruN linux-2.6.21.1/include/linux/netfilter_ipv4/ip_set.h linux-2.6.21.1.new/include/linux/netfilter_ipv4/ip_set.h
---- linux-2.6.21.1/include/linux/netfilter_ipv4/ip_set.h 1969-12-31 18:00:00.000000000 -0600
-+++ linux-2.6.21.1.new/include/linux/netfilter_ipv4/ip_set.h 2007-06-08 16:29:31.825808000 -0500
+Index: linux-2.6.22-rc4/include/linux/netfilter_ipv4/ip_set.h
+===================================================================
+--- /dev/null 1970-01-01 00:00:00.000000000 +0000
++++ linux-2.6.22-rc4/include/linux/netfilter_ipv4/ip_set.h 2007-06-17 01:56:58.435888424 +0200
@@ -0,0 +1,498 @@
+#ifndef _IP_SET_H
+#define _IP_SET_H
@@ -500,9 +501,10 @@ diff -ruN linux-2.6.21.1/include/linux/netfilter_ipv4/ip_set.h linux-2.6.21.1.ne
+#endif /* __KERNEL__ */
+
+#endif /*_IP_SET_H*/
-diff -ruN linux-2.6.21.1/include/linux/netfilter_ipv4/ip_set_iphash.h linux-2.6.21.1.new/include/linux/netfilter_ipv4/ip_set_iphash.h
---- linux-2.6.21.1/include/linux/netfilter_ipv4/ip_set_iphash.h 1969-12-31 18:00:00.000000000 -0600
-+++ linux-2.6.21.1.new/include/linux/netfilter_ipv4/ip_set_iphash.h 2007-06-08 16:29:31.829808250 -0500
+Index: linux-2.6.22-rc4/include/linux/netfilter_ipv4/ip_set_iphash.h
+===================================================================
+--- /dev/null 1970-01-01 00:00:00.000000000 +0000
++++ linux-2.6.22-rc4/include/linux/netfilter_ipv4/ip_set_iphash.h 2007-06-17 01:56:58.435888424 +0200
@@ -0,0 +1,30 @@
+#ifndef __IP_SET_IPHASH_H
+#define __IP_SET_IPHASH_H
@@ -534,9 +536,10 @@ diff -ruN linux-2.6.21.1/include/linux/netfilter_ipv4/ip_set_iphash.h linux-2.6.
+};
+
+#endif /* __IP_SET_IPHASH_H */
-diff -ruN linux-2.6.21.1/include/linux/netfilter_ipv4/ip_set_ipmap.h linux-2.6.21.1.new/include/linux/netfilter_ipv4/ip_set_ipmap.h
---- linux-2.6.21.1/include/linux/netfilter_ipv4/ip_set_ipmap.h 1969-12-31 18:00:00.000000000 -0600
-+++ linux-2.6.21.1.new/include/linux/netfilter_ipv4/ip_set_ipmap.h 2007-06-08 16:29:31.829808250 -0500
+Index: linux-2.6.22-rc4/include/linux/netfilter_ipv4/ip_set_ipmap.h
+===================================================================
+--- /dev/null 1970-01-01 00:00:00.000000000 +0000
++++ linux-2.6.22-rc4/include/linux/netfilter_ipv4/ip_set_ipmap.h 2007-06-17 01:56:58.436888272 +0200
@@ -0,0 +1,56 @@
+#ifndef __IP_SET_IPMAP_H
+#define __IP_SET_IPMAP_H
@@ -594,9 +597,10 @@ diff -ruN linux-2.6.21.1/include/linux/netfilter_ipv4/ip_set_ipmap.h linux-2.6.2
+}
+
+#endif /* __IP_SET_IPMAP_H */
-diff -ruN linux-2.6.21.1/include/linux/netfilter_ipv4/ip_set_ipporthash.h linux-2.6.21.1.new/include/linux/netfilter_ipv4/ip_set_ipporthash.h
---- linux-2.6.21.1/include/linux/netfilter_ipv4/ip_set_ipporthash.h 1969-12-31 18:00:00.000000000 -0600
-+++ linux-2.6.21.1.new/include/linux/netfilter_ipv4/ip_set_ipporthash.h 2007-06-08 16:29:31.829808250 -0500
+Index: linux-2.6.22-rc4/include/linux/netfilter_ipv4/ip_set_ipporthash.h
+===================================================================
+--- /dev/null 1970-01-01 00:00:00.000000000 +0000
++++ linux-2.6.22-rc4/include/linux/netfilter_ipv4/ip_set_ipporthash.h 2007-06-17 01:56:58.436888272 +0200
@@ -0,0 +1,34 @@
+#ifndef __IP_SET_IPPORTHASH_H
+#define __IP_SET_IPPORTHASH_H
@@ -632,9 +636,10 @@ diff -ruN linux-2.6.21.1/include/linux/netfilter_ipv4/ip_set_ipporthash.h linux-
+};
+
+#endif /* __IP_SET_IPPORTHASH_H */
-diff -ruN linux-2.6.21.1/include/linux/netfilter_ipv4/ip_set_iptree.h linux-2.6.21.1.new/include/linux/netfilter_ipv4/ip_set_iptree.h
---- linux-2.6.21.1/include/linux/netfilter_ipv4/ip_set_iptree.h 1969-12-31 18:00:00.000000000 -0600
-+++ linux-2.6.21.1.new/include/linux/netfilter_ipv4/ip_set_iptree.h 2007-06-08 16:29:31.829808250 -0500
+Index: linux-2.6.22-rc4/include/linux/netfilter_ipv4/ip_set_iptree.h
+===================================================================
+--- /dev/null 1970-01-01 00:00:00.000000000 +0000
++++ linux-2.6.22-rc4/include/linux/netfilter_ipv4/ip_set_iptree.h 2007-06-17 01:56:58.436888272 +0200
@@ -0,0 +1,40 @@
+#ifndef __IP_SET_IPTREE_H
+#define __IP_SET_IPTREE_H
@@ -676,161 +681,10 @@ diff -ruN linux-2.6.21.1/include/linux/netfilter_ipv4/ip_set_iptree.h linux-2.6.
+};
+
+#endif /* __IP_SET_IPTREE_H */
-diff -ruN linux-2.6.21.1/include/linux/netfilter_ipv4/ip_set_jhash.h linux-2.6.21.1.new/include/linux/netfilter_ipv4/ip_set_jhash.h
---- linux-2.6.21.1/include/linux/netfilter_ipv4/ip_set_jhash.h 1969-12-31 18:00:00.000000000 -0600
-+++ linux-2.6.21.1.new/include/linux/netfilter_ipv4/ip_set_jhash.h 2007-06-08 16:29:31.829808250 -0500
-@@ -0,0 +1,148 @@
-+#ifndef _LINUX_IPSET_JHASH_H
-+#define _LINUX_IPSET_JHASH_H
-+
-+/* This is a copy of linux/jhash.h but the types u32/u8 are changed
-+ * to __u32/__u8 so that the header file can be included into
-+ * userspace code as well. Jozsef Kadlecsik (kadlec@blackhole.kfki.hu)
-+ */
-+
-+/* jhash.h: Jenkins hash support.
-+ *
-+ * Copyright (C) 1996 Bob Jenkins (bob_jenkins@burtleburtle.net)
-+ *
-+ * http://burtleburtle.net/bob/hash/
-+ *
-+ * These are the credits from Bob's sources:
-+ *
-+ * lookup2.c, by Bob Jenkins, December 1996, Public Domain.
-+ * hash(), hash2(), hash3, and mix() are externally useful functions.
-+ * Routines to test the hash are included if SELF_TEST is defined.
-+ * You can use this free for any purpose. It has no warranty.
-+ *
-+ * Copyright (C) 2003 David S. Miller (davem@redhat.com)
-+ *
-+ * I've modified Bob's hash to be useful in the Linux kernel, and
-+ * any bugs present are surely my fault. -DaveM
-+ */
-+
-+/* NOTE: Arguments are modified. */
-+#define __jhash_mix(a, b, c) \
-+{ \
-+ a -= b; a -= c; a ^= (c>>13); \
-+ b -= c; b -= a; b ^= (a<<8); \
-+ c -= a; c -= b; c ^= (b>>13); \
-+ a -= b; a -= c; a ^= (c>>12); \
-+ b -= c; b -= a; b ^= (a<<16); \
-+ c -= a; c -= b; c ^= (b>>5); \
-+ a -= b; a -= c; a ^= (c>>3); \
-+ b -= c; b -= a; b ^= (a<<10); \
-+ c -= a; c -= b; c ^= (b>>15); \
-+}
-+
-+/* The golden ration: an arbitrary value */
-+#define JHASH_GOLDEN_RATIO 0x9e3779b9
-+
-+/* The most generic version, hashes an arbitrary sequence
-+ * of bytes. No alignment or length assumptions are made about
-+ * the input key.
-+ */
-+static inline __u32 jhash(void *key, __u32 length, __u32 initval)
-+{
-+ __u32 a, b, c, len;
-+ __u8 *k = key;
-+
-+ len = length;
-+ a = b = JHASH_GOLDEN_RATIO;
-+ c = initval;
-+
-+ while (len >= 12) {
-+ a += (k[0] +((__u32)k[1]<<8) +((__u32)k[2]<<16) +((__u32)k[3]<<24));
-+ b += (k[4] +((__u32)k[5]<<8) +((__u32)k[6]<<16) +((__u32)k[7]<<24));
-+ c += (k[8] +((__u32)k[9]<<8) +((__u32)k[10]<<16)+((__u32)k[11]<<24));
-+
-+ __jhash_mix(a,b,c);
-+
-+ k += 12;
-+ len -= 12;
-+ }
-+
-+ c += length;
-+ switch (len) {
-+ case 11: c += ((__u32)k[10]<<24);
-+ case 10: c += ((__u32)k[9]<<16);
-+ case 9 : c += ((__u32)k[8]<<8);
-+ case 8 : b += ((__u32)k[7]<<24);
-+ case 7 : b += ((__u32)k[6]<<16);
-+ case 6 : b += ((__u32)k[5]<<8);
-+ case 5 : b += k[4];
-+ case 4 : a += ((__u32)k[3]<<24);
-+ case 3 : a += ((__u32)k[2]<<16);
-+ case 2 : a += ((__u32)k[1]<<8);
-+ case 1 : a += k[0];
-+ };
-+
-+ __jhash_mix(a,b,c);
-+
-+ return c;
-+}
-+
-+/* A special optimized version that handles 1 or more of __u32s.
-+ * The length parameter here is the number of __u32s in the key.
-+ */
-+static inline __u32 jhash2(__u32 *k, __u32 length, __u32 initval)
-+{
-+ __u32 a, b, c, len;
-+
-+ a = b = JHASH_GOLDEN_RATIO;
-+ c = initval;
-+ len = length;
-+
-+ while (len >= 3) {
-+ a += k[0];
-+ b += k[1];
-+ c += k[2];
-+ __jhash_mix(a, b, c);
-+ k += 3; len -= 3;
-+ }
-+
-+ c += length * 4;
-+
-+ switch (len) {
-+ case 2 : b += k[1];
-+ case 1 : a += k[0];
-+ };
-+
-+ __jhash_mix(a,b,c);
-+
-+ return c;
-+}
-+
-+
-+/* A special ultra-optimized versions that knows they are hashing exactly
-+ * 3, 2 or 1 word(s).
-+ *
-+ * NOTE: In partilar the "c += length; __jhash_mix(a,b,c);" normally
-+ * done at the end is not done here.
-+ */
-+static inline __u32 jhash_3words(__u32 a, __u32 b, __u32 c, __u32 initval)
-+{
-+ a += JHASH_GOLDEN_RATIO;
-+ b += JHASH_GOLDEN_RATIO;
-+ c += initval;
-+
-+ __jhash_mix(a, b, c);
-+
-+ return c;
-+}
-+
-+static inline __u32 jhash_2words(__u32 a, __u32 b, __u32 initval)
-+{
-+ return jhash_3words(a, b, 0, initval);
-+}
-+
-+static inline __u32 jhash_1word(__u32 a, __u32 initval)
-+{
-+ return jhash_3words(a, 0, 0, initval);
-+}
-+
-+#endif /* _LINUX_IPSET_JHASH_H */
-diff -ruN linux-2.6.21.1/include/linux/netfilter_ipv4/ip_set_macipmap.h linux-2.6.21.1.new/include/linux/netfilter_ipv4/ip_set_macipmap.h
---- linux-2.6.21.1/include/linux/netfilter_ipv4/ip_set_macipmap.h 1969-12-31 18:00:00.000000000 -0600
-+++ linux-2.6.21.1.new/include/linux/netfilter_ipv4/ip_set_macipmap.h 2007-06-08 16:29:31.829808250 -0500
+Index: linux-2.6.22-rc4/include/linux/netfilter_ipv4/ip_set_macipmap.h
+===================================================================
+--- /dev/null 1970-01-01 00:00:00.000000000 +0000
++++ linux-2.6.22-rc4/include/linux/netfilter_ipv4/ip_set_macipmap.h 2007-06-17 01:56:58.437888120 +0200
@@ -0,0 +1,38 @@
+#ifndef __IP_SET_MACIPMAP_H
+#define __IP_SET_MACIPMAP_H
@@ -870,9 +724,10 @@ diff -ruN linux-2.6.21.1/include/linux/netfilter_ipv4/ip_set_macipmap.h linux-2.
+};
+
+#endif /* __IP_SET_MACIPMAP_H */
-diff -ruN linux-2.6.21.1/include/linux/netfilter_ipv4/ip_set_malloc.h linux-2.6.21.1.new/include/linux/netfilter_ipv4/ip_set_malloc.h
---- linux-2.6.21.1/include/linux/netfilter_ipv4/ip_set_malloc.h 1969-12-31 18:00:00.000000000 -0600
-+++ linux-2.6.21.1.new/include/linux/netfilter_ipv4/ip_set_malloc.h 2007-06-08 16:29:31.829808250 -0500
+Index: linux-2.6.22-rc4/include/linux/netfilter_ipv4/ip_set_malloc.h
+===================================================================
+--- /dev/null 1970-01-01 00:00:00.000000000 +0000
++++ linux-2.6.22-rc4/include/linux/netfilter_ipv4/ip_set_malloc.h 2007-06-17 01:56:58.437888120 +0200
@@ -0,0 +1,116 @@
+#ifndef _IP_SET_MALLOC_H
+#define _IP_SET_MALLOC_H
@@ -990,9 +845,10 @@ diff -ruN linux-2.6.21.1/include/linux/netfilter_ipv4/ip_set_malloc.h linux-2.6.
+#endif /* __KERNEL__ */
+
+#endif /*_IP_SET_MALLOC_H*/
-diff -ruN linux-2.6.21.1/include/linux/netfilter_ipv4/ip_set_nethash.h linux-2.6.21.1.new/include/linux/netfilter_ipv4/ip_set_nethash.h
---- linux-2.6.21.1/include/linux/netfilter_ipv4/ip_set_nethash.h 1969-12-31 18:00:00.000000000 -0600
-+++ linux-2.6.21.1.new/include/linux/netfilter_ipv4/ip_set_nethash.h 2007-06-08 16:29:31.829808250 -0500
+Index: linux-2.6.22-rc4/include/linux/netfilter_ipv4/ip_set_nethash.h
+===================================================================
+--- /dev/null 1970-01-01 00:00:00.000000000 +0000
++++ linux-2.6.22-rc4/include/linux/netfilter_ipv4/ip_set_nethash.h 2007-06-17 01:56:58.437888120 +0200
@@ -0,0 +1,55 @@
+#ifndef __IP_SET_NETHASH_H
+#define __IP_SET_NETHASH_H
@@ -1049,9 +905,10 @@ diff -ruN linux-2.6.21.1/include/linux/netfilter_ipv4/ip_set_nethash.h linux-2.6
+}
+
+#endif /* __IP_SET_NETHASH_H */
-diff -ruN linux-2.6.21.1/include/linux/netfilter_ipv4/ip_set_portmap.h linux-2.6.21.1.new/include/linux/netfilter_ipv4/ip_set_portmap.h
---- linux-2.6.21.1/include/linux/netfilter_ipv4/ip_set_portmap.h 1969-12-31 18:00:00.000000000 -0600
-+++ linux-2.6.21.1.new/include/linux/netfilter_ipv4/ip_set_portmap.h 2007-06-08 16:29:31.829808250 -0500
+Index: linux-2.6.22-rc4/include/linux/netfilter_ipv4/ip_set_portmap.h
+===================================================================
+--- /dev/null 1970-01-01 00:00:00.000000000 +0000
++++ linux-2.6.22-rc4/include/linux/netfilter_ipv4/ip_set_portmap.h 2007-06-17 01:56:58.437888120 +0200
@@ -0,0 +1,25 @@
+#ifndef __IP_SET_PORTMAP_H
+#define __IP_SET_PORTMAP_H
@@ -1078,9 +935,10 @@ diff -ruN linux-2.6.21.1/include/linux/netfilter_ipv4/ip_set_portmap.h linux-2.6
+};
+
+#endif /* __IP_SET_PORTMAP_H */
-diff -ruN linux-2.6.21.1/include/linux/netfilter_ipv4/ipt_set.h linux-2.6.21.1.new/include/linux/netfilter_ipv4/ipt_set.h
---- linux-2.6.21.1/include/linux/netfilter_ipv4/ipt_set.h 1969-12-31 18:00:00.000000000 -0600
-+++ linux-2.6.21.1.new/include/linux/netfilter_ipv4/ipt_set.h 2007-06-08 16:29:31.829808250 -0500
+Index: linux-2.6.22-rc4/include/linux/netfilter_ipv4/ipt_set.h
+===================================================================
+--- /dev/null 1970-01-01 00:00:00.000000000 +0000
++++ linux-2.6.22-rc4/include/linux/netfilter_ipv4/ipt_set.h 2007-06-17 01:56:58.437888120 +0200
@@ -0,0 +1,21 @@
+#ifndef _IPT_SET_H
+#define _IPT_SET_H
@@ -1103,9 +961,10 @@ diff -ruN linux-2.6.21.1/include/linux/netfilter_ipv4/ipt_set.h linux-2.6.21.1.n
+};
+
+#endif /*_IPT_SET_H*/
-diff -ruN linux-2.6.21.1/net/ipv4/netfilter/ip_set.c linux-2.6.21.1.new/net/ipv4/netfilter/ip_set.c
---- linux-2.6.21.1/net/ipv4/netfilter/ip_set.c 1969-12-31 18:00:00.000000000 -0600
-+++ linux-2.6.21.1.new/net/ipv4/netfilter/ip_set.c 2007-06-08 16:29:31.829808250 -0500
+Index: linux-2.6.22-rc4/net/ipv4/netfilter/ip_set.c
+===================================================================
+--- /dev/null 1970-01-01 00:00:00.000000000 +0000
++++ linux-2.6.22-rc4/net/ipv4/netfilter/ip_set.c 2007-06-17 01:56:58.439887816 +0200
@@ -0,0 +1,2001 @@
+/* Copyright (C) 2000-2002 Joakim Axelsson <gozem@linux.nu>
+ * Patrick Schaaf <bof@bof.de>
@@ -3108,9 +2967,10 @@ diff -ruN linux-2.6.21.1/net/ipv4/netfilter/ip_set.c linux-2.6.21.1.new/net/ipv4
+
+module_init(init);
+module_exit(fini);
-diff -ruN linux-2.6.21.1/net/ipv4/netfilter/ip_set_iphash.c linux-2.6.21.1.new/net/ipv4/netfilter/ip_set_iphash.c
---- linux-2.6.21.1/net/ipv4/netfilter/ip_set_iphash.c 1969-12-31 18:00:00.000000000 -0600
-+++ linux-2.6.21.1.new/net/ipv4/netfilter/ip_set_iphash.c 2007-06-08 16:29:31.829808250 -0500
+Index: linux-2.6.22-rc4/net/ipv4/netfilter/ip_set_iphash.c
+===================================================================
+--- /dev/null 1970-01-01 00:00:00.000000000 +0000
++++ linux-2.6.22-rc4/net/ipv4/netfilter/ip_set_iphash.c 2007-06-17 01:57:56.984987608 +0200
@@ -0,0 +1,413 @@
+/* Copyright (C) 2003-2004 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
+ *
@@ -3132,12 +2992,12 @@ diff -ruN linux-2.6.21.1/net/ipv4/netfilter/ip_set_iphash.c linux-2.6.21.1.new/n
+#include <linux/spinlock.h>
+#include <linux/vmalloc.h>
+#include <linux/random.h>
++#include <linux/jhash.h>
+
+#include <net/ip.h>
+
+#include <linux/netfilter_ipv4/ip_set_malloc.h>
+#include <linux/netfilter_ipv4/ip_set_iphash.h>
-+#include <linux/netfilter_ipv4/ip_set_jhash.h>
+
+static int limit = MAX_RANGE;
+
@@ -3202,8 +3062,8 @@ diff -ruN linux-2.6.21.1/net/ipv4/netfilter/ip_set_iphash.c linux-2.6.21.1.new/n
+{
+ return __testip(set,
+ ntohl(flags[index] & IPSET_SRC
-+ ? skb->nh.iph->saddr
-+ : skb->nh.iph->daddr),
++ ? ip_hdr(skb)->saddr
++ : ip_hdr(skb)->daddr),
+ hash_ip);
+}
+
@@ -3259,8 +3119,8 @@ diff -ruN linux-2.6.21.1/net/ipv4/netfilter/ip_set_iphash.c linux-2.6.21.1.new/n
+{
+ return __addip((struct ip_set_iphash *) set->data,
+ ntohl(flags[index] & IPSET_SRC
-+ ? skb->nh.iph->saddr
-+ : skb->nh.iph->daddr),
++ ? ip_hdr(skb)->saddr
++ : ip_hdr(skb)->daddr),
+ hash_ip);
+}
+
@@ -3382,8 +3242,8 @@ diff -ruN linux-2.6.21.1/net/ipv4/netfilter/ip_set_iphash.c linux-2.6.21.1.new/n
+{
+ return __delip(set,
+ ntohl(flags[index] & IPSET_SRC
-+ ? skb->nh.iph->saddr
-+ : skb->nh.iph->daddr),
++ ? ip_hdr(skb)->saddr
++ : ip_hdr(skb)->daddr),
+ hash_ip);
+}
+
@@ -3525,9 +3385,10 @@ diff -ruN linux-2.6.21.1/net/ipv4/netfilter/ip_set_iphash.c linux-2.6.21.1.new/n
+
+module_init(init);
+module_exit(fini);
-diff -ruN linux-2.6.21.1/net/ipv4/netfilter/ip_set_ipmap.c linux-2.6.21.1.new/net/ipv4/netfilter/ip_set_ipmap.c
---- linux-2.6.21.1/net/ipv4/netfilter/ip_set_ipmap.c 1969-12-31 18:00:00.000000000 -0600
-+++ linux-2.6.21.1.new/net/ipv4/netfilter/ip_set_ipmap.c 2007-06-08 16:29:31.833808500 -0500
+Index: linux-2.6.22-rc4/net/ipv4/netfilter/ip_set_ipmap.c
+===================================================================
+--- /dev/null 1970-01-01 00:00:00.000000000 +0000
++++ linux-2.6.22-rc4/net/ipv4/netfilter/ip_set_ipmap.c 2007-06-17 01:57:56.985987456 +0200
@@ -0,0 +1,327 @@
+/* Copyright (C) 2000-2002 Joakim Axelsson <gozem@linux.nu>
+ * Patrick Schaaf <bof@bof.de>
@@ -3549,7 +3410,7 @@ diff -ruN linux-2.6.21.1/net/ipv4/netfilter/ip_set_ipmap.c linux-2.6.21.1.new/ne
+#include <asm/uaccess.h>
+#include <asm/bitops.h>
+#include <linux/spinlock.h>
-+
++#include <linux/skbuff.h>
+#include <linux/netfilter_ipv4/ip_set_ipmap.h>
+
+static inline ip_set_ip_t
@@ -3599,13 +3460,13 @@ diff -ruN linux-2.6.21.1/net/ipv4/netfilter/ip_set_ipmap.c linux-2.6.21.1.new/ne
+
+ DP("flag: %s src: %u.%u.%u.%u dst: %u.%u.%u.%u",
+ flags[index] & IPSET_SRC ? "SRC" : "DST",
-+ NIPQUAD(skb->nh.iph->saddr),
-+ NIPQUAD(skb->nh.iph->daddr));
++ NIPQUAD(ip_hdr(skb)->saddr),
++ NIPQUAD(ip_hdr(skb)->daddr));
+
+ res = __testip(set,
+ ntohl(flags[index] & IPSET_SRC
-+ ? skb->nh.iph->saddr
-+ : skb->nh.iph->daddr),
++ ? ip_hdr(skb)->saddr
++ : ip_hdr(skb)->daddr),
+ hash_ip);
+ return (res < 0 ? 0 : res);
+}
@@ -3652,8 +3513,8 @@ diff -ruN linux-2.6.21.1/net/ipv4/netfilter/ip_set_ipmap.c linux-2.6.21.1.new/ne
+{
+ return __addip(set,
+ ntohl(flags[index] & IPSET_SRC
-+ ? skb->nh.iph->saddr
-+ : skb->nh.iph->daddr),
++ ? ip_hdr(skb)->saddr
++ : ip_hdr(skb)->daddr),
+ hash_ip);
+}
+
@@ -3698,8 +3559,8 @@ diff -ruN linux-2.6.21.1/net/ipv4/netfilter/ip_set_ipmap.c linux-2.6.21.1.new/ne
+{
+ return __delip(set,
+ ntohl(flags[index] & IPSET_SRC
-+ ? skb->nh.iph->saddr
-+ : skb->nh.iph->daddr),
++ ? ip_hdr(skb)->saddr
++ : ip_hdr(skb)->daddr),
+ hash_ip);
+}
+
@@ -3856,9 +3717,10 @@ diff -ruN linux-2.6.21.1/net/ipv4/netfilter/ip_set_ipmap.c linux-2.6.21.1.new/ne
+
+module_init(init);
+module_exit(fini);
-diff -ruN linux-2.6.21.1/net/ipv4/netfilter/ip_set_ipporthash.c linux-2.6.21.1.new/net/ipv4/netfilter/ip_set_ipporthash.c
---- linux-2.6.21.1/net/ipv4/netfilter/ip_set_ipporthash.c 1969-12-31 18:00:00.000000000 -0600
-+++ linux-2.6.21.1.new/net/ipv4/netfilter/ip_set_ipporthash.c 2007-06-08 16:29:31.833808500 -0500
+Index: linux-2.6.22-rc4/net/ipv4/netfilter/ip_set_ipporthash.c
+===================================================================
+--- /dev/null 1970-01-01 00:00:00.000000000 +0000
++++ linux-2.6.22-rc4/net/ipv4/netfilter/ip_set_ipporthash.c 2007-06-17 01:57:56.985987456 +0200
@@ -0,0 +1,535 @@
+/* Copyright (C) 2003-2004 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
+ *
@@ -3882,12 +3744,12 @@ diff -ruN linux-2.6.21.1/net/ipv4/netfilter/ip_set_ipporthash.c linux-2.6.21.1.n
+#include <linux/spinlock.h>
+#include <linux/vmalloc.h>
+#include <linux/random.h>
++#include <linux/jhash.h>
+
+#include <net/ip.h>
+
+#include <linux/netfilter_ipv4/ip_set_malloc.h>
+#include <linux/netfilter_ipv4/ip_set_ipporthash.h>
-+#include <linux/netfilter_ipv4/ip_set_jhash.h>
+
+static int limit = MAX_RANGE;
+
@@ -4395,9 +4257,10 @@ diff -ruN linux-2.6.21.1/net/ipv4/netfilter/ip_set_ipporthash.c linux-2.6.21.1.n
+
+module_init(init);
+module_exit(fini);
-diff -ruN linux-2.6.21.1/net/ipv4/netfilter/ip_set_iptree.c linux-2.6.21.1.new/net/ipv4/netfilter/ip_set_iptree.c
---- linux-2.6.21.1/net/ipv4/netfilter/ip_set_iptree.c 1969-12-31 18:00:00.000000000 -0600
-+++ linux-2.6.21.1.new/net/ipv4/netfilter/ip_set_iptree.c 2007-06-08 16:29:31.833808500 -0500
+Index: linux-2.6.22-rc4/net/ipv4/netfilter/ip_set_iptree.c
+===================================================================
+--- /dev/null 1970-01-01 00:00:00.000000000 +0000
++++ linux-2.6.22-rc4/net/ipv4/netfilter/ip_set_iptree.c 2007-06-17 01:57:56.985987456 +0200
@@ -0,0 +1,571 @@
+/* Copyright (C) 2005 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
+ *
@@ -4508,13 +4371,13 @@ diff -ruN linux-2.6.21.1/net/ipv4/netfilter/ip_set_iptree.c linux-2.6.21.1.new/n
+
+ DP("flag: %s src: %u.%u.%u.%u dst: %u.%u.%u.%u",
+ flags[index] & IPSET_SRC ? "SRC" : "DST",
-+ NIPQUAD(skb->nh.iph->saddr),
-+ NIPQUAD(skb->nh.iph->daddr));
++ NIPQUAD(ip_hdr(skb)->saddr),
++ NIPQUAD(ip_hdr(skb)->daddr));
+
+ res = __testip(set,
+ ntohl(flags[index] & IPSET_SRC
-+ ? skb->nh.iph->saddr
-+ : skb->nh.iph->daddr),
++ ? ip_hdr(skb)->saddr
++ : ip_hdr(skb)->daddr),
+ hash_ip);
+ return (res < 0 ? 0 : res);
+}
@@ -4602,8 +4465,8 @@ diff -ruN linux-2.6.21.1/net/ipv4/netfilter/ip_set_iptree.c linux-2.6.21.1.new/n
+
+ return __addip(set,
+ ntohl(flags[index] & IPSET_SRC
-+ ? skb->nh.iph->saddr
-+ : skb->nh.iph->daddr),
++ ? ip_hdr(skb)->saddr
++ : ip_hdr(skb)->daddr),
+ map->timeout,
+ hash_ip,
+ GFP_ATOMIC);
@@ -4667,8 +4530,8 @@ diff -ruN linux-2.6.21.1/net/ipv4/netfilter/ip_set_iptree.c linux-2.6.21.1.new/n
+{
+ return __delip(set,
+ ntohl(flags[index] & IPSET_SRC
-+ ? skb->nh.iph->saddr
-+ : skb->nh.iph->daddr),
++ ? ip_hdr(skb)->saddr
++ : ip_hdr(skb)->daddr),
+ hash_ip);
+}
+
@@ -4970,9 +4833,10 @@ diff -ruN linux-2.6.21.1/net/ipv4/netfilter/ip_set_iptree.c linux-2.6.21.1.new/n
+
+module_init(init);
+module_exit(fini);
-diff -ruN linux-2.6.21.1/net/ipv4/netfilter/ip_set_macipmap.c linux-2.6.21.1.new/net/ipv4/netfilter/ip_set_macipmap.c
---- linux-2.6.21.1/net/ipv4/netfilter/ip_set_macipmap.c 1969-12-31 18:00:00.000000000 -0600
-+++ linux-2.6.21.1.new/net/ipv4/netfilter/ip_set_macipmap.c 2007-06-08 16:29:31.833808500 -0500
+Index: linux-2.6.22-rc4/net/ipv4/netfilter/ip_set_macipmap.c
+===================================================================
+--- /dev/null 1970-01-01 00:00:00.000000000 +0000
++++ linux-2.6.22-rc4/net/ipv4/netfilter/ip_set_macipmap.c 2007-06-17 01:57:56.985987456 +0200
@@ -0,0 +1,353 @@
+/* Copyright (C) 2000-2002 Joakim Axelsson <gozem@linux.nu>
+ * Patrick Schaaf <bof@bof.de>
@@ -5045,12 +4909,12 @@ diff -ruN linux-2.6.21.1/net/ipv4/netfilter/ip_set_macipmap.c linux-2.6.21.1.new
+ ip_set_ip_t ip;
+
+ ip = ntohl(flags[index] & IPSET_SRC
-+ ? skb->nh.iph->saddr
-+ : skb->nh.iph->daddr);
++ ? ip_hdr(skb)->saddr
++ : ip_hdr(skb)->daddr);
+ DP("flag: %s src: %u.%u.%u.%u dst: %u.%u.%u.%u",
+ flags[index] & IPSET_SRC ? "SRC" : "DST",
-+ NIPQUAD(skb->nh.iph->saddr),
-+ NIPQUAD(skb->nh.iph->daddr));
++ NIPQUAD(ip_hdr(skb)->saddr),
++ NIPQUAD(ip_hdr(skb)->daddr));
+
+ if (ip < map->first_ip || ip > map->last_ip)
+ return 0;
@@ -5062,8 +4926,8 @@ diff -ruN linux-2.6.21.1/net/ipv4/netfilter/ip_set_macipmap.c linux-2.6.21.1.new
+ (void *) &table[ip - map->first_ip].flags)) {
+ /* Is mac pointer valid?
+ * If so, compare... */
-+ return (skb->mac.raw >= skb->head
-+ && (skb->mac.raw + ETH_HLEN) <= skb->data
++ return (skb_mac_header(skb) >= skb->head
++ && (skb_mac_header(skb) + ETH_HLEN) <= skb->data
+ && (memcmp(eth_hdr(skb)->h_source,
+ &table[ip - map->first_ip].ethernet,
+ ETH_ALEN) == 0));
@@ -5120,11 +4984,11 @@ diff -ruN linux-2.6.21.1/net/ipv4/netfilter/ip_set_macipmap.c linux-2.6.21.1.new
+ ip_set_ip_t ip;
+
+ ip = ntohl(flags[index] & IPSET_SRC
-+ ? skb->nh.iph->saddr
-+ : skb->nh.iph->daddr);
++ ? ip_hdr(skb)->saddr
++ : ip_hdr(skb)->daddr);
+
-+ if (!(skb->mac.raw >= skb->head
-+ && (skb->mac.raw + ETH_HLEN) <= skb->data))
++ if (!(skb_mac_header(skb) >= skb->head
++ && (skb_mac_header(skb) + ETH_HLEN) <= skb->data))
+ return -EINVAL;
+
+ return __addip(set, ip, eth_hdr(skb)->h_source, hash_ip);
@@ -5174,8 +5038,8 @@ diff -ruN linux-2.6.21.1/net/ipv4/netfilter/ip_set_macipmap.c linux-2.6.21.1.new
+{
+ return __delip(set,
+ ntohl(flags[index] & IPSET_SRC
-+ ? skb->nh.iph->saddr
-+ : skb->nh.iph->daddr),
++ ? ip_hdr(skb)->saddr
++ : ip_hdr(skb)->daddr),
+ hash_ip);
+}
+
@@ -5327,9 +5191,10 @@ diff -ruN linux-2.6.21.1/net/ipv4/netfilter/ip_set_macipmap.c linux-2.6.21.1.new
+
+module_init(init);
+module_exit(fini);
-diff -ruN linux-2.6.21.1/net/ipv4/netfilter/ip_set_nethash.c linux-2.6.21.1.new/net/ipv4/netfilter/ip_set_nethash.c
---- linux-2.6.21.1/net/ipv4/netfilter/ip_set_nethash.c 1969-12-31 18:00:00.000000000 -0600
-+++ linux-2.6.21.1.new/net/ipv4/netfilter/ip_set_nethash.c 2007-06-08 16:29:31.833808500 -0500
+Index: linux-2.6.22-rc4/net/ipv4/netfilter/ip_set_nethash.c
+===================================================================
+--- /dev/null 1970-01-01 00:00:00.000000000 +0000
++++ linux-2.6.22-rc4/net/ipv4/netfilter/ip_set_nethash.c 2007-06-17 01:57:56.985987456 +0200
@@ -0,0 +1,481 @@
+/* Copyright (C) 2003-2004 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
+ *
@@ -5351,12 +5216,12 @@ diff -ruN linux-2.6.21.1/net/ipv4/netfilter/ip_set_nethash.c linux-2.6.21.1.new/
+#include <linux/spinlock.h>
+#include <linux/vmalloc.h>
+#include <linux/random.h>
++#include <linux/jhash.h>
+
+#include <net/ip.h>
+
+#include <linux/netfilter_ipv4/ip_set_malloc.h>
+#include <linux/netfilter_ipv4/ip_set_nethash.h>
-+#include <linux/netfilter_ipv4/ip_set_jhash.h>
+
+static int limit = MAX_RANGE;
+
@@ -5444,8 +5309,8 @@ diff -ruN linux-2.6.21.1/net/ipv4/netfilter/ip_set_nethash.c linux-2.6.21.1.new/
+{
+ return __testip(set,
+ ntohl(flags[index] & IPSET_SRC
-+ ? skb->nh.iph->saddr
-+ : skb->nh.iph->daddr),
++ ? ip_hdr(skb)->saddr
++ : ip_hdr(skb)->daddr),
+ hash_ip);
+}
+
@@ -5537,8 +5402,8 @@ diff -ruN linux-2.6.21.1/net/ipv4/netfilter/ip_set_nethash.c linux-2.6.21.1.new/
+ struct ip_set_nethash *map = (struct ip_set_nethash *) set->data;
+ int ret = -ERANGE;
+ ip_set_ip_t ip = ntohl(flags[index] & IPSET_SRC
-+ ? skb->nh.iph->saddr
-+ : skb->nh.iph->daddr);
++ ? ip_hdr(skb)->saddr
++ : ip_hdr(skb)->daddr);
+
+ if (map->cidr[0])
+ ret = __addip(map, ip, map->cidr[0], hash_ip);
@@ -5666,8 +5531,8 @@ diff -ruN linux-2.6.21.1/net/ipv4/netfilter/ip_set_nethash.c linux-2.6.21.1.new/
+ struct ip_set_nethash *map = (struct ip_set_nethash *) set->data;
+ int ret = -ERANGE;
+ ip_set_ip_t ip = ntohl(flags[index] & IPSET_SRC
-+ ? skb->nh.iph->saddr
-+ : skb->nh.iph->daddr);
++ ? ip_hdr(skb)->saddr
++ : ip_hdr(skb)->daddr);
+
+ if (map->cidr[0])
+ ret = __delip(map, ip, map->cidr[0], hash_ip);
@@ -5812,9 +5677,10 @@ diff -ruN linux-2.6.21.1/net/ipv4/netfilter/ip_set_nethash.c linux-2.6.21.1.new/
+
+module_init(init);
+module_exit(fini);
-diff -ruN linux-2.6.21.1/net/ipv4/netfilter/ip_set_portmap.c linux-2.6.21.1.new/net/ipv4/netfilter/ip_set_portmap.c
---- linux-2.6.21.1/net/ipv4/netfilter/ip_set_portmap.c 1969-12-31 18:00:00.000000000 -0600
-+++ linux-2.6.21.1.new/net/ipv4/netfilter/ip_set_portmap.c 2007-06-08 16:29:31.833808500 -0500
+Index: linux-2.6.22-rc4/net/ipv4/netfilter/ip_set_portmap.c
+===================================================================
+--- /dev/null 1970-01-01 00:00:00.000000000 +0000
++++ linux-2.6.22-rc4/net/ipv4/netfilter/ip_set_portmap.c 2007-06-17 01:57:56.985987456 +0200
@@ -0,0 +1,334 @@
+/* Copyright (C) 2003-2004 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
+ *
@@ -5845,7 +5711,7 @@ diff -ruN linux-2.6.21.1/net/ipv4/netfilter/ip_set_portmap.c linux-2.6.21.1.new/
+static inline ip_set_ip_t
+get_port(const struct sk_buff *skb, u_int32_t flags)
+{
-+ struct iphdr *iph = skb->nh.iph;
++ struct iphdr *iph = ip_hdr(skb);
+ u_int16_t offset = ntohs(iph->frag_off) & IP_OFFSET;
+
+ switch (iph->protocol) {
@@ -5856,7 +5722,7 @@ diff -ruN linux-2.6.21.1/net/ipv4/netfilter/ip_set_portmap.c linux-2.6.21.1.new/
+ if (offset)
+ return INVALID_PORT;
+
-+ if (skb_copy_bits(skb, skb->nh.iph->ihl*4, &tcph, sizeof(tcph)) < 0)
++ if (skb_copy_bits(skb, ip_hdr(skb)->ihl*4, &tcph, sizeof(tcph)) < 0)
+ /* No choice either */
+ return INVALID_PORT;
+
@@ -5869,7 +5735,7 @@ diff -ruN linux-2.6.21.1/net/ipv4/netfilter/ip_set_portmap.c linux-2.6.21.1.new/
+ if (offset)
+ return INVALID_PORT;
+
-+ if (skb_copy_bits(skb, skb->nh.iph->ihl*4, &udph, sizeof(udph)) < 0)
++ if (skb_copy_bits(skb, ip_hdr(skb)->ihl*4, &udph, sizeof(udph)) < 0)
+ /* No choice either */
+ return INVALID_PORT;
+
@@ -6150,9 +6016,10 @@ diff -ruN linux-2.6.21.1/net/ipv4/netfilter/ip_set_portmap.c linux-2.6.21.1.new/
+
+module_init(init);
+module_exit(fini);
-diff -ruN linux-2.6.21.1/net/ipv4/netfilter/ipt_set.c linux-2.6.21.1.new/net/ipv4/netfilter/ipt_set.c
---- linux-2.6.21.1/net/ipv4/netfilter/ipt_set.c 1969-12-31 18:00:00.000000000 -0600
-+++ linux-2.6.21.1.new/net/ipv4/netfilter/ipt_set.c 2007-06-08 16:29:31.833808500 -0500
+Index: linux-2.6.22-rc4/net/ipv4/netfilter/ipt_set.c
+===================================================================
+--- /dev/null 1970-01-01 00:00:00.000000000 +0000
++++ linux-2.6.22-rc4/net/ipv4/netfilter/ipt_set.c 2007-06-17 01:56:58.443887208 +0200
@@ -0,0 +1,150 @@
+/* Copyright (C) 2000-2002 Joakim Axelsson <gozem@linux.nu>
+ * Patrick Schaaf <bof@bof.de>
@@ -6304,10 +6171,11 @@ diff -ruN linux-2.6.21.1/net/ipv4/netfilter/ipt_set.c linux-2.6.21.1.new/net/ipv
+
+module_init(ipt_ipset_init);
+module_exit(ipt_ipset_fini);
-diff -ruN linux-2.6.21.1/net/ipv4/netfilter/ipt_SET.c linux-2.6.21.1.new/net/ipv4/netfilter/ipt_SET.c
---- linux-2.6.21.1/net/ipv4/netfilter/ipt_SET.c 1969-12-31 18:00:00.000000000 -0600
-+++ linux-2.6.21.1.new/net/ipv4/netfilter/ipt_SET.c 2007-06-08 16:29:31.833808500 -0500
-@@ -0,0 +1,168 @@
+Index: linux-2.6.22-rc4/net/ipv4/netfilter/ipt_SET.c
+===================================================================
+--- /dev/null 1970-01-01 00:00:00.000000000 +0000
++++ linux-2.6.22-rc4/net/ipv4/netfilter/ipt_SET.c 2007-06-17 01:57:56.985987456 +0200
+@@ -0,0 +1,169 @@
+/* Copyright (C) 2000-2002 Joakim Axelsson <gozem@linux.nu>
+ * Patrick Schaaf <bof@bof.de>
+ * Martin Josefsson <gandalf@wlug.westbo.se>
@@ -6329,10 +6197,11 @@ diff -ruN linux-2.6.21.1/net/ipv4/netfilter/ipt_SET.c linux-2.6.21.1.new/net/ipv
+#include <linux/if.h>
+#include <linux/inetdevice.h>
+#include <linux/version.h>
++#include <linux/skbuff.h>
+#include <net/protocol.h>
+#include <net/checksum.h>
+#include <linux/netfilter_ipv4.h>
-+#include <linux/netfilter_ipv4/ip_nat_rule.h>
++#include <linux/netfilter_ipv4/ip_tables.h>
+#include <linux/netfilter_ipv4/ipt_set.h>
+
+static unsigned int
@@ -6476,10 +6345,11 @@ diff -ruN linux-2.6.21.1/net/ipv4/netfilter/ipt_SET.c linux-2.6.21.1.new/net/ipv
+
+module_init(ipt_SET_init);
+module_exit(ipt_SET_fini);
-diff -ruN linux-2.6.21.1/net/ipv4/netfilter/Kconfig linux-2.6.21.1.new/net/ipv4/netfilter/Kconfig
---- linux-2.6.21.1/net/ipv4/netfilter/Kconfig 2007-04-27 16:49:26.000000000 -0500
-+++ linux-2.6.21.1.new/net/ipv4/netfilter/Kconfig 2007-06-08 16:29:31.833808500 -0500
-@@ -657,5 +657,114 @@
+Index: linux-2.6.22-rc4/net/ipv4/netfilter/Kconfig
+===================================================================
+--- linux-2.6.22-rc4.orig/net/ipv4/netfilter/Kconfig 2007-06-17 01:56:52.055858336 +0200
++++ linux-2.6.22-rc4/net/ipv4/netfilter/Kconfig 2007-06-17 01:56:58.443887208 +0200
+@@ -426,5 +426,114 @@
Allows altering the ARP packet payload: source and destination
hardware and network addresses.
@@ -6594,18 +6464,19 @@ diff -ruN linux-2.6.21.1/net/ipv4/netfilter/Kconfig linux-2.6.21.1.new/net/ipv4/
+
endmenu
-diff -ruN linux-2.6.21.1/net/ipv4/netfilter/Makefile linux-2.6.21.1.new/net/ipv4/netfilter/Makefile
---- linux-2.6.21.1/net/ipv4/netfilter/Makefile 2007-04-27 16:49:26.000000000 -0500
-+++ linux-2.6.21.1.new/net/ipv4/netfilter/Makefile 2007-06-08 16:29:31.837808750 -0500
-@@ -90,6 +90,7 @@
+Index: linux-2.6.22-rc4/net/ipv4/netfilter/Makefile
+===================================================================
+--- linux-2.6.22-rc4.orig/net/ipv4/netfilter/Makefile 2007-06-17 01:56:52.065856816 +0200
++++ linux-2.6.22-rc4/net/ipv4/netfilter/Makefile 2007-06-17 01:56:58.444887056 +0200
+@@ -48,6 +48,7 @@
obj-$(CONFIG_IP_NF_MATCH_ECN) += ipt_ecn.o
obj-$(CONFIG_IP_NF_MATCH_AH) += ipt_ah.o
obj-$(CONFIG_IP_NF_MATCH_TTL) += ipt_ttl.o
+obj-$(CONFIG_IP_NF_MATCH_SET) += ipt_set.o
obj-$(CONFIG_IP_NF_MATCH_ADDRTYPE) += ipt_addrtype.o
-
- # targets
-@@ -105,6 +106,17 @@
+ obj-$(CONFIG_IP_NF_MATCH_IPP2P) += ipt_ipp2p.o
+ obj-$(CONFIG_IP_NF_MATCH_LAYER7) += ipt_layer7.o
+@@ -64,6 +65,17 @@
obj-$(CONFIG_IP_NF_TARGET_ULOG) += ipt_ULOG.o
obj-$(CONFIG_IP_NF_TARGET_CLUSTERIP) += ipt_CLUSTERIP.o
obj-$(CONFIG_IP_NF_TARGET_TTL) += ipt_TTL.o