diff options
Diffstat (limited to 'target/linux/generic-2.4/patches/628-netfilter_raw.patch')
-rw-r--r-- | target/linux/generic-2.4/patches/628-netfilter_raw.patch | 36 |
1 files changed, 18 insertions, 18 deletions
diff --git a/target/linux/generic-2.4/patches/628-netfilter_raw.patch b/target/linux/generic-2.4/patches/628-netfilter_raw.patch index 419fb01e58..de54a352d8 100644 --- a/target/linux/generic-2.4/patches/628-netfilter_raw.patch +++ b/target/linux/generic-2.4/patches/628-netfilter_raw.patch @@ -1,6 +1,6 @@ --- a/Documentation/Configure.help +++ b/Documentation/Configure.help -@@ -3057,6 +3057,34 @@ +@@ -3057,6 +3057,34 @@ CONFIG_IP_NF_FILTER If you want to compile it as a module, say M here and read <file:Documentation/modules.txt>. If unsure, say `N'. @@ -37,7 +37,7 @@ The REJECT target allows a filtering rule to specify that an ICMP --- a/include/linux/netfilter_ipv4/ip_conntrack.h +++ b/include/linux/netfilter_ipv4/ip_conntrack.h -@@ -286,6 +286,9 @@ +@@ -286,6 +286,9 @@ extern void ip_ct_refresh_acct(struct ip /* Call me when a conntrack is destroyed. */ extern void (*ip_conntrack_destroyed)(struct ip_conntrack *conntrack); @@ -81,7 +81,7 @@ NF_IP_PRI_NAT_DST = -100, --- a/net/ipv4/netfilter/Config.in +++ b/net/ipv4/netfilter/Config.in -@@ -153,6 +153,15 @@ +@@ -153,6 +153,15 @@ if [ "$CONFIG_IP_NF_IPTABLES" != "n" ]; dep_tristate ' TTL target support' CONFIG_IP_NF_TARGET_TTL $CONFIG_IP_NF_IPTABLES dep_tristate ' ULOG target support' CONFIG_IP_NF_TARGET_ULOG $CONFIG_IP_NF_IPTABLES dep_tristate ' TCPMSS target support' CONFIG_IP_NF_TARGET_TCPMSS $CONFIG_IP_NF_IPTABLES @@ -99,7 +99,7 @@ tristate 'ARP tables support' CONFIG_IP_NF_ARPTABLES --- a/net/ipv4/netfilter/ip_conntrack_core.c +++ b/net/ipv4/netfilter/ip_conntrack_core.c -@@ -64,6 +64,7 @@ +@@ -64,6 +64,7 @@ int ip_conntrack_max = 0; static atomic_t ip_conntrack_count = ATOMIC_INIT(0); struct list_head *ip_conntrack_hash; static kmem_cache_t *ip_conntrack_cachep; @@ -107,7 +107,7 @@ static LIST_HEAD(unconfirmed); extern struct ip_conntrack_protocol ip_conntrack_generic_protocol; -@@ -834,6 +835,15 @@ +@@ -834,6 +835,15 @@ unsigned int ip_conntrack_in(unsigned in int set_reply; int ret; @@ -123,7 +123,7 @@ /* FIXME: Do this right please. --RR */ (*pskb)->nfcache |= NFC_UNKNOWN; -@@ -1489,6 +1499,18 @@ +@@ -1489,6 +1499,18 @@ int __init ip_conntrack_init(void) /* For use by ipt_REJECT */ ip_ct_attach = ip_conntrack_attach; @@ -144,7 +144,7 @@ err_free_hash: --- a/net/ipv4/netfilter/ip_conntrack_standalone.c +++ b/net/ipv4/netfilter/ip_conntrack_standalone.c -@@ -218,6 +218,29 @@ +@@ -218,6 +218,29 @@ static unsigned int ip_confirm(unsigned return ip_conntrack_confirm(*pskb); } @@ -174,7 +174,7 @@ static unsigned int ip_refrag(unsigned int hooknum, struct sk_buff **pskb, const struct net_device *in, -@@ -259,9 +282,15 @@ +@@ -259,9 +282,15 @@ static unsigned int ip_conntrack_local(u /* Connection tracking may drop packets, but never alters them, so make it the first hook. */ @@ -190,7 +190,7 @@ static struct nf_hook_ops ip_conntrack_local_out_ops = { { NULL, NULL }, ip_conntrack_local, PF_INET, NF_IP_LOCAL_OUT, NF_IP_PRI_CONNTRACK }; -@@ -382,10 +411,20 @@ +@@ -382,10 +411,20 @@ static int init_or_cleanup(int init) if (!proc) goto cleanup_init; proc->owner = THIS_MODULE; @@ -212,7 +212,7 @@ } ret = nf_register_hook(&ip_conntrack_local_out_ops); if (ret < 0) { -@@ -423,6 +462,10 @@ +@@ -423,6 +462,10 @@ static int init_or_cleanup(int init) nf_unregister_hook(&ip_conntrack_local_out_ops); cleanup_inops: nf_unregister_hook(&ip_conntrack_in_ops); @@ -223,7 +223,7 @@ cleanup_proc: proc_net_remove("ip_conntrack"); cleanup_init: -@@ -512,5 +555,6 @@ +@@ -512,5 +555,6 @@ EXPORT_SYMBOL(ip_conntrack_htable_size); EXPORT_SYMBOL(ip_conntrack_expect_list); EXPORT_SYMBOL(ip_conntrack_lock); EXPORT_SYMBOL(ip_conntrack_hash); @@ -232,7 +232,7 @@ EXPORT_SYMBOL_GPL(ip_conntrack_put); --- a/net/ipv4/netfilter/ip_nat_core.c +++ b/net/ipv4/netfilter/ip_nat_core.c -@@ -1023,6 +1023,10 @@ +@@ -1023,6 +1023,10 @@ int __init ip_nat_init(void) /* FIXME: Man, this is a hack. <SIGH> */ IP_NF_ASSERT(ip_conntrack_destroyed == NULL); ip_conntrack_destroyed = &ip_nat_cleanup_conntrack; @@ -397,7 +397,7 @@ +MODULE_LICENSE("GPL"); --- a/net/ipv4/netfilter/ipt_conntrack.c +++ b/net/ipv4/netfilter/ipt_conntrack.c -@@ -27,11 +27,13 @@ +@@ -27,11 +27,13 @@ match(const struct sk_buff *skb, #define FWINV(bool,invflg) ((bool) ^ !!(sinfo->invflags & invflg)) @@ -496,7 +496,7 @@ +MODULE_LICENSE("GPL"); --- a/net/ipv4/netfilter/ipt_state.c +++ b/net/ipv4/netfilter/ipt_state.c -@@ -21,7 +21,9 @@ +@@ -21,7 +21,9 @@ match(const struct sk_buff *skb, enum ip_conntrack_info ctinfo; unsigned int statebit; @@ -509,7 +509,7 @@ statebit = IPT_STATE_BIT(ctinfo); --- a/net/ipv4/netfilter/Makefile +++ b/net/ipv4/netfilter/Makefile -@@ -77,6 +77,7 @@ +@@ -77,6 +77,7 @@ obj-$(CONFIG_IP_NF_IPTABLES) += ip_table obj-$(CONFIG_IP_NF_FILTER) += iptable_filter.o obj-$(CONFIG_IP_NF_MANGLE) += iptable_mangle.o obj-$(CONFIG_IP_NF_NAT) += iptable_nat.o @@ -517,7 +517,7 @@ # matches obj-$(CONFIG_IP_NF_MATCH_HELPER) += ipt_helper.o -@@ -131,6 +132,7 @@ +@@ -131,6 +132,7 @@ obj-$(CONFIG_IP_NF_TARGET_CONNMARK) += i obj-$(CONFIG_IP_NF_TARGET_TTL) += ipt_TTL.o obj-$(CONFIG_IP_NF_TARGET_ULOG) += ipt_ULOG.o obj-$(CONFIG_IP_NF_TARGET_TCPMSS) += ipt_TCPMSS.o @@ -527,7 +527,7 @@ obj-$(CONFIG_IP_NF_ARPTABLES) += arp_tables.o --- a/net/ipv6/netfilter/Config.in +++ b/net/ipv6/netfilter/Config.in -@@ -79,6 +79,10 @@ +@@ -79,6 +79,10 @@ if [ "$CONFIG_IP6_NF_IPTABLES" != "n" ]; dep_tristate ' IMQ target support' CONFIG_IP6_NF_TARGET_IMQ $CONFIG_IP6_NF_MANGLE fi #dep_tristate ' LOG target support' CONFIG_IP6_NF_TARGET_LOG $CONFIG_IP6_NF_IPTABLES @@ -697,7 +697,7 @@ +MODULE_LICENSE("GPL"); --- a/net/ipv6/netfilter/Makefile +++ b/net/ipv6/netfilter/Makefile -@@ -32,6 +32,7 @@ +@@ -32,6 +32,7 @@ obj-$(CONFIG_IP6_NF_TARGET_MARK) += ip6t obj-$(CONFIG_IP6_NF_TARGET_IMQ) += ip6t_IMQ.o obj-$(CONFIG_IP6_NF_QUEUE) += ip6_queue.o obj-$(CONFIG_IP6_NF_TARGET_LOG) += ip6t_LOG.o |