Changeset 196


Ignore:
Timestamp:
12/26/06 13:50:02 (7 years ago)
Author:
root
Message:

New ebtables patch, making ip conntrack a module instead of in-kernel.

Location:
floppyfw-3.0
Files:
4 edited

Legend:

Unmodified
Added
Removed
  • floppyfw-3.0/Makefile

    r182 r196  
    127127# This works the same way as NIC_MODULES. 
    128128# If you want options to the module, put them in a () after the module. 
    129 IPTABLES_MODULES=arp_tables arptable_filter iptable_mangle ipt_DSCP ipt_ECN ipt_LOG ipt_MARK ipt_REDIRECT ipt_TCPMSS ipt_TOS ipt_ULOG ipt_conntrack ipt_connlimit ipt_dscp ipt_ecn ipt_helper ipt_length ipt_limit ipt_mac ipt_mark ipt_physdev ipt_pkttype ipt_tcpmss ipt_tos ipt_ttl ipt_unclean ip_conntrack_ftp ip_nat_ftp ip_conntrack_irc(ports=6666,6667,6668,7000) ip_nat_irc sch_htb ip_conntrack_h323 ip_conntrack_rtsp ip_conntrack_pptp ip_conntrack_quake3 ipt_iprange ipt_multiport 
     129IPTABLES_MODULES=ip_conntrack arp_tables arptable_filter iptable_mangle ipt_DSCP ipt_ECN ipt_LOG ipt_MARK ipt_REDIRECT ipt_TCPMSS ipt_TOS ipt_ULOG ipt_conntrack ipt_connlimit ipt_dscp ipt_ecn ipt_helper ipt_length ipt_limit ipt_mac ipt_mark ipt_physdev ipt_pkttype ipt_tcpmss ipt_tos ipt_ttl ipt_unclean ip_conntrack_ftp ip_nat_ftp ip_conntrack_irc(ports=6666,6667,6668,7000) ip_nat_irc sch_htb ip_conntrack_h323 ip_conntrack_mms ip_nat_mms ip_conntrack_rtsp ip_conntrack_pptp ip_conntrack_quake3 ipt_iprange ipt_multiport 
    130130 
    131131#ipt_MIRROR  
  • floppyfw-3.0/configs/config-kernel

    r122 r196  
    209209#   IP: Netfilter Configuration 
    210210# 
    211 CONFIG_IP_NF_CONNTRACK=y 
     211CONFIG_IP_NF_CONNTRACK=m 
    212212CONFIG_IP_NF_FTP=m 
    213213CONFIG_IP_NF_CT_PROTO_GRE=m 
     
    220220CONFIG_IP_NF_RTSP=m 
    221221CONFIG_IP_NF_QUAKE3=m 
    222 CONFIG_IP_NF_MMS=y 
     222CONFIG_IP_NF_MMS=m 
    223223CONFIG_IP_NF_CUSEEME=m 
    224224CONFIG_IP_NF_QUEUE=m 
     
    256256CONFIG_IP_NF_MATCH_TCPMSS=m 
    257257CONFIG_IP_NF_MATCH_HELPER=m 
    258 CONFIG_IP_NF_MATCH_STATE=y 
     258CONFIG_IP_NF_MATCH_STATE=m 
    259259CONFIG_IP_NF_MATCH_CONNLIMIT=m 
    260260CONFIG_IP_NF_MATCH_CONNTRACK=m 
     
    266266CONFIG_IP_NF_TARGET_MIRROR=m 
    267267CONFIG_IP_NF_TARGET_TARPIT=m 
    268 CONFIG_IP_NF_NAT=y 
     268CONFIG_IP_NF_NAT=m 
    269269CONFIG_IP_NF_NAT_NEEDED=y 
    270 CONFIG_IP_NF_TARGET_MASQUERADE=y 
     270CONFIG_IP_NF_TARGET_MASQUERADE=m 
    271271CONFIG_IP_NF_TARGET_REDIRECT=m 
    272272CONFIG_IP_NF_NAT_PPTP=m 
     
    278278CONFIG_IP_NF_NAT_IRC=m 
    279279CONFIG_IP_NF_NAT_QUAKE3=m 
    280 CONFIG_IP_NF_NAT_MMS=y 
     280CONFIG_IP_NF_NAT_MMS=m 
    281281CONFIG_IP_NF_NAT_CUSEEME=m 
    282282CONFIG_IP_NF_NAT_FTP=m 
     
    13251325# Cryptographic options 
    13261326# 
    1327 # CONFIG_CRYPTO is not set 
    1328 # CONFIG_CRYPTO_HMAC is not set 
    1329 # CONFIG_CRYPTO_NULL is not set 
    1330 # CONFIG_CRYPTO_MD4 is not set 
    1331 # CONFIG_CRYPTO_MD5 is not set 
    1332 # CONFIG_CRYPTO_SHA1 is not set 
    1333 # CONFIG_CRYPTO_SHA256 is not set 
    1334 # CONFIG_CRYPTO_SHA512 is not set 
    1335 # CONFIG_CRYPTO_WP512 is not set 
    1336 # CONFIG_CRYPTO_DES is not set 
    1337 # CONFIG_CRYPTO_BLOWFISH is not set 
    1338 # CONFIG_CRYPTO_TWOFISH is not set 
    1339 # CONFIG_CRYPTO_SERPENT is not set 
    1340 # CONFIG_CRYPTO_AES is not set 
    1341 # CONFIG_CRYPTO_CAST5 is not set 
    1342 # CONFIG_CRYPTO_CAST6 is not set 
    1343 # CONFIG_CRYPTO_TEA is not set 
    1344 # CONFIG_CRYPTO_KHAZAD is not set 
    1345 # CONFIG_CRYPTO_ANUBIS is not set 
    1346 # CONFIG_CRYPTO_ARC4 is not set 
    1347 # CONFIG_CRYPTO_DEFLATE is not set 
    1348 # CONFIG_CRYPTO_MICHAEL_MIC is not set 
    1349 # CONFIG_CRYPTO_TEST is not set 
     1327CONFIG_CRYPTO=y 
     1328CONFIG_CRYPTO_HMAC=y 
     1329CONFIG_CRYPTO_NULL=m 
     1330CONFIG_CRYPTO_MD4=m 
     1331CONFIG_CRYPTO_MD5=m 
     1332CONFIG_CRYPTO_SHA1=m 
     1333CONFIG_CRYPTO_SHA256=m 
     1334CONFIG_CRYPTO_SHA512=m 
     1335CONFIG_CRYPTO_WP512=m 
     1336CONFIG_CRYPTO_DES=m 
     1337CONFIG_CRYPTO_BLOWFISH=m 
     1338CONFIG_CRYPTO_TWOFISH=m 
     1339CONFIG_CRYPTO_SERPENT=m 
     1340CONFIG_CRYPTO_AES=m 
     1341CONFIG_CRYPTO_CAST5=m 
     1342CONFIG_CRYPTO_CAST6=m 
     1343CONFIG_CRYPTO_TEA=m 
     1344CONFIG_CRYPTO_KHAZAD=m 
     1345CONFIG_CRYPTO_ANUBIS=m 
     1346CONFIG_CRYPTO_ARC4=m 
     1347CONFIG_CRYPTO_DEFLATE=m 
     1348CONFIG_CRYPTO_MICHAEL_MIC=m 
     1349CONFIG_CRYPTO_TEST=m 
    13501350 
    13511351# 
  • floppyfw-3.0/makefiles/iptables.mk

    r47 r196  
    55############################################################# 
    66 
    7 IPTABLES_VERSION=1.3.5 
     7IPTABLES_VERSION=1.3.7 
    88 
    99IPTABLES_SOURCE_URL=http://netfilter.org/projects/iptables/files/ 
  • floppyfw-3.0/patches/kernel/011-latest-ebtables-patch.diff

    r1 r196  
    1 --- linux-2.4.29/net/bridge/br_private.h        2004-08-08 01:26:06.000000000 +0200 
    2 +++ linux-2.4.29-ebt-brnf/net/bridge/br_private.h       2005-03-14 21:24:04.000000000 +0100 
     1--- linux-2.4.31/net/bridge/br_private.h        2004-08-07 23:26:06.000000000 +0000 
     2+++ linux-2.4.31-ebt-brnf/net/bridge/br_private.h       2005-09-15 16:57:22.000000000 +0000 
    33@@ -143,8 +143,10 @@ extern void br_fdb_insert(struct net_bri 
    44 /* br_forward.c */ 
     
    3333 extern int br_is_root_bridge(struct net_bridge *br); 
    3434 extern struct net_bridge_port *br_get_port(struct net_bridge *br, 
    35 --- linux-2.4.29/include/linux/if_bridge.h      2001-11-22 20:47:12.000000000 +0100 
    36 +++ linux-2.4.29-ebt-brnf/include/linux/if_bridge.h     2005-03-14 21:11:28.000000000 +0100 
     35--- linux-2.4.31/include/linux/if_bridge.h      2001-11-22 19:47:12.000000000 +0000 
     36+++ linux-2.4.31-ebt-brnf/include/linux/if_bridge.h     2005-09-15 16:57:23.000000000 +0000 
    3737@@ -102,7 +102,8 @@ struct net_bridge; 
    3838 struct net_bridge_port; 
     
    4545 #endif 
    4646  
    47 --- linux-2.4.29/net/core/dev.c 2004-04-14 15:05:41.000000000 +0200 
    48 +++ linux-2.4.29-ebt-brnf/net/core/dev.c        2005-03-14 00:00:29.000000000 +0100 
     47--- linux-2.4.31/net/core/dev.c 2005-04-04 01:42:20.000000000 +0000 
     48+++ linux-2.4.31-ebt-brnf/net/core/dev.c        2005-09-15 16:57:23.000000000 +0000 
    4949@@ -1426,7 +1426,7 @@ static void net_tx_action(struct softirq 
    5050  
     
    7878 #endif 
    7979  
    80 --- linux-2.4.29/net/bridge/br_input.c  2003-08-25 13:44:44.000000000 +0200 
    81 +++ linux-2.4.29-ebt-brnf/net/bridge/br_input.c 2005-03-14 00:00:29.000000000 +0100 
     80--- linux-2.4.31/net/bridge/br_input.c  2003-08-25 11:44:44.000000000 +0000 
     81+++ linux-2.4.31-ebt-brnf/net/bridge/br_input.c 2005-09-22 17:19:52.212834152 +0000 
    8282@@ -24,6 +24,9 @@ unsigned char bridge_ula[6] = { 0x01, 0x 
    8383  
     
    9999        struct net_bridge *br; 
    100100        unsigned char *dest; 
    101 @@ -112,7 +115,7 @@ err_nolock: 
     101@@ -61,6 +64,9 @@ static int br_handle_frame_finish(struct 
     102                goto err_nolock; 
     103  
     104        br = p->br; 
     105+       /* insert into forwarding database after filtering to avoid spoofing */ 
     106+       br_fdb_insert(br, p, skb->mac.ethernet->h_source, 0); 
     107+ 
     108        read_lock(&br->lock); 
     109        if (skb->dev->br_port == NULL) 
     110                goto err; 
     111@@ -112,7 +118,7 @@ err_nolock: 
    102112        return 0; 
    103113 } 
     
    108118        struct net_bridge *br; 
    109119        unsigned char *dest; 
    110 @@ -146,26 +149,35 @@ void br_handle_frame(struct sk_buff *skb 
     120@@ -136,8 +142,7 @@ void br_handle_frame(struct sk_buff *skb 
     121        if (skb->mac.ethernet->h_source[0] & 1) 
     122                goto err; 
     123  
     124-       if (p->state == BR_STATE_LEARNING || 
     125-           p->state == BR_STATE_FORWARDING) 
     126+       if (p->state == BR_STATE_LEARNING) 
     127                br_fdb_insert(br, p, skb->mac.ethernet->h_source, 0); 
     128  
     129        if (br->stp_enabled && 
     130@@ -146,26 +151,35 @@ void br_handle_frame(struct sk_buff *skb 
    111131                goto handle_special_frame; 
    112132  
     
    147167+       return 0; 
    148168 } 
    149 --- linux-2.4.29/net/bridge/br_forward.c        2003-11-28 19:26:21.000000000 +0100 
    150 +++ linux-2.4.29-ebt-brnf/net/bridge/br_forward.c       2005-03-14 00:00:29.000000000 +0100 
     169--- linux-2.4.31/net/bridge/br_stp_bpdu.c       2003-11-28 18:26:21.000000000 +0000 
     170+++ linux-2.4.31-ebt-brnf/net/bridge/br_stp_bpdu.c      2005-09-22 17:20:13.385615400 +0000 
     171@@ -142,6 +142,9 @@ int br_stp_handle_bpdu(struct sk_buff *s 
     172  
     173        p = skb->dev->br_port; 
     174  
     175+       /* insert into forwarding database after filtering to avoid spoofing */ 
     176+       br_fdb_insert(p->br, p, skb->mac.ethernet->h_source, 0); 
     177+ 
     178        if (!p->br->stp_enabled || 
     179            !pskb_may_pull(skb, sizeof(header)+1) || 
     180            memcmp(skb->data, header, sizeof(header))) 
     181--- linux-2.4.31/net/bridge/br_forward.c        2003-11-28 18:26:21.000000000 +0000 
     182+++ linux-2.4.31-ebt-brnf/net/bridge/br_forward.c       2005-09-15 16:57:23.000000000 +0000 
    151183@@ -30,18 +30,21 @@ static inline int should_deliver(struct  
    152184        return 1; 
     
    196228  
    197229 /* called under bridge lock */ 
    198 --- linux-2.4.29/net/bridge/br.c        2004-08-08 01:26:06.000000000 +0200 
    199 +++ linux-2.4.29-ebt-brnf/net/bridge/br.c       2005-03-14 00:00:29.000000000 +0100 
     230--- linux-2.4.31/net/bridge/br.c        2004-08-07 23:26:06.000000000 +0000 
     231+++ linux-2.4.31-ebt-brnf/net/bridge/br.c       2005-09-15 16:57:23.000000000 +0000 
    200232@@ -30,6 +30,8 @@ 
    201233 #include "../atm/lec.h" 
     
    237269 module_init(br_init) 
    238270 module_exit(br_deinit) 
    239 --- linux-2.4.29/net/bridge/Makefile    2000-12-29 23:07:24.000000000 +0100 
    240 +++ linux-2.4.29-ebt-brnf/net/bridge/Makefile   2005-03-14 00:00:29.000000000 +0100 
     271--- linux-2.4.31/net/bridge/Makefile    2000-12-29 22:07:24.000000000 +0000 
     272+++ linux-2.4.31-ebt-brnf/net/bridge/Makefile   2005-09-15 16:57:23.000000000 +0000 
    241273@@ -7,10 +7,17 @@ 
    242274 # 
     
    257289  
    258290 include $(TOPDIR)/Rules.make 
    259 --- linux-2.4.29/include/linux/netfilter_bridge.h       2001-06-12 04:15:27.000000000 +0200 
    260 +++ linux-2.4.29-ebt-brnf/include/linux/netfilter_bridge.h      2005-03-14 21:24:06.000000000 +0100 
     291--- linux-2.4.31/include/linux/netfilter_bridge.h       2001-06-12 02:15:27.000000000 +0000 
     292+++ linux-2.4.31-ebt-brnf/include/linux/netfilter_bridge.h      2005-09-15 16:57:23.000000000 +0000 
    261293@@ -6,6 +6,10 @@ 
    262294  
     
    270302 /* Bridge Hooks */ 
    271303 /* After promisc drops, checksum checks. */ 
    272 @@ -18,7 +22,76 @@ 
     304@@ -18,7 +22,89 @@ 
    273305 #define NF_BR_LOCAL_OUT                3 
    274306 /* Packets about to hit the wire. */ 
     
    338370+       memcpy(skb->nf_bridge->data, skb->data - header_size, header_size); 
    339371+} 
    340   
     372+ 
    341373+struct bridge_skb_cb { 
    342374+       union { 
     
    344376+       } daddr; 
    345377+}; 
     378+ 
     379  
     380+/* This is called by the IP fragmenting code and it ensures there is 
     381+ * enough room for the encapsulating header (if there is one). */ 
     382+static inline 
     383+int nf_bridge_pad(struct sk_buff *skb) 
     384+{ 
     385+        if (skb->nf_bridge) { 
     386+                if (skb->protocol == __constant_htons(ETH_P_8021Q)) 
     387+                        return 4; 
     388+        } 
     389+        return 0; 
     390+} 
    346391+#endif /* CONFIG_NETFILTER */ 
    347392  
    348393+#endif /* __KERNEL__ */ 
    349394 #endif 
    350 --- linux-2.4.29/include/linux/netfilter_ipv4/ip_tables.h       2004-08-08 01:26:06.000000000 +0200 
    351 +++ linux-2.4.29-ebt-brnf/include/linux/netfilter_ipv4/ip_tables.h      2005-03-14 21:24:28.000000000 +0100 
     395--- linux-2.4.31/include/linux/netfilter_ipv4/ip_tables.h       2005-04-04 01:42:20.000000000 +0000 
     396+++ linux-2.4.31-ebt-brnf/include/linux/netfilter_ipv4/ip_tables.h      2005-09-15 16:57:23.000000000 +0000 
    352397@@ -159,7 +159,7 @@ struct ipt_entry 
    353398 #define IPT_CONTINUE 0xFFFFFFFF 
     
    359404 /* TCP matching stuff */ 
    360405 struct ipt_tcp 
    361 --- linux-2.4.29/include/linux/netfilter_ipv6/ip6_tables.h      2004-08-08 01:26:06.000000000 +0200 
    362 +++ linux-2.4.29-ebt-brnf/include/linux/netfilter_ipv6/ip6_tables.h     2005-03-14 00:00:29.000000000 +0100 
    363 @@ -167,7 +167,7 @@ struct ip6t_entry 
     406--- linux-2.4.31/include/linux/netfilter_ipv6/ip6_tables.h      2005-04-04 01:42:20.000000000 +0000 
     407+++ linux-2.4.31-ebt-brnf/include/linux/netfilter_ipv6/ip6_tables.h     2005-09-15 16:57:23.000000000 +0000 
     408@@ -165,7 +165,7 @@ struct ip6t_entry 
    364409 #define IP6T_CONTINUE 0xFFFFFFFF 
    365410  
     
    370415 /* TCP matching stuff */ 
    371416 struct ip6t_tcp 
    372 --- linux-2.4.29/include/linux/netfilter_arp/arp_tables.h       2003-08-25 13:44:44.000000000 +0200 
    373 +++ linux-2.4.29-ebt-brnf/include/linux/netfilter_arp/arp_tables.h      2005-03-14 21:24:31.000000000 +0100 
     417--- linux-2.4.31/include/linux/netfilter_arp/arp_tables.h       2003-08-25 11:44:44.000000000 +0000 
     418+++ linux-2.4.31-ebt-brnf/include/linux/netfilter_arp/arp_tables.h      2005-09-15 16:57:23.000000000 +0000 
    374419@@ -154,7 +154,7 @@ struct arpt_entry 
    375420 #define ARPT_CONTINUE 0xFFFFFFFF 
     
    381426 /* The argument to ARPT_SO_GET_INFO */ 
    382427 struct arpt_getinfo 
    383 --- linux-2.4.29/net/Makefile   2004-08-08 01:26:06.000000000 +0200 
    384 +++ linux-2.4.29-ebt-brnf/net/Makefile  2005-03-14 00:00:29.000000000 +0100 
     428--- linux-2.4.31/net/Makefile   2004-08-07 23:26:06.000000000 +0000 
     429+++ linux-2.4.31-ebt-brnf/net/Makefile  2005-09-15 16:57:23.000000000 +0000 
    385430@@ -7,7 +7,8 @@ 
    386431  
     
    406451 subdir-$(CONFIG_PACKET)                += packet 
    407452 subdir-$(CONFIG_NET_SCHED)     += sched 
    408 --- linux-2.4.29/net/Config.in  2005-01-19 15:10:13.000000000 +0100 
    409 +++ linux-2.4.29-ebt-brnf/net/Config.in 2005-03-14 00:00:29.000000000 +0100 
     453--- linux-2.4.31/net/Config.in  2005-01-19 14:10:13.000000000 +0000 
     454+++ linux-2.4.31-ebt-brnf/net/Config.in 2005-09-15 16:57:23.000000000 +0000 
    410455@@ -70,6 +70,9 @@ if [ "$CONFIG_DECNET" != "n" ]; then 
    411456    source net/decnet/Config.in 
     
    418463    tristate 'CCITT X.25 Packet Layer (EXPERIMENTAL)' CONFIG_X25 
    419464    tristate 'LAPB Data Link Driver (EXPERIMENTAL)' CONFIG_LAPB 
    420 --- /dev/null   2005-03-14 20:10:29.001600248 +0100 
    421 +++ linux-2.4.29-ebt-brnf/net/bridge/netfilter/Makefile 2005-03-14 00:00:29.000000000 +0100 
     465--- /dev/null   2005-09-22 15:53:13.374707688 +0000 
     466+++ linux-2.4.31-ebt-brnf/net/bridge/netfilter/Makefile 2005-09-15 16:57:23.000000000 +0000 
    422467@@ -0,0 +1,34 @@ 
    423468+# 
     
    455500+obj-$(CONFIG_BRIDGE_EBT_SNAT) += ebt_snat.o 
    456501+include $(TOPDIR)/Rules.make 
    457 --- /dev/null   2005-03-14 20:10:29.001600248 +0100 
    458 +++ linux-2.4.29-ebt-brnf/net/bridge/netfilter/Config.in        2005-03-14 00:00:29.000000000 +0100 
     502--- /dev/null   2005-09-22 15:53:13.374707688 +0000 
     503+++ linux-2.4.31-ebt-brnf/net/bridge/netfilter/Config.in        2005-09-15 16:57:23.000000000 +0000 
    459504@@ -0,0 +1,23 @@ 
    460505+# 
     
    481526+dep_tristate '    ebt: redirect target support' CONFIG_BRIDGE_EBT_REDIRECT $CONFIG_BRIDGE_NF_EBTABLES 
    482527+dep_tristate '    ebt: mark target support' CONFIG_BRIDGE_EBT_MARK_T $CONFIG_BRIDGE_NF_EBTABLES 
    483 --- /dev/null   2005-03-14 20:10:29.001600248 +0100 
    484 +++ linux-2.4.29-ebt-brnf/net/bridge/netfilter/ebtable_filter.c 2005-03-14 00:00:29.000000000 +0100 
     528--- /dev/null   2005-09-22 15:53:13.374707688 +0000 
     529+++ linux-2.4.31-ebt-brnf/net/bridge/netfilter/ebtable_filter.c 2005-09-15 16:57:23.000000000 +0000 
    485530@@ -0,0 +1,90 @@ 
    486531+/* 
     
    574619+EXPORT_NO_SYMBOLS; 
    575620+MODULE_LICENSE("GPL"); 
    576 --- /dev/null   2005-03-14 20:10:29.001600248 +0100 
    577 +++ linux-2.4.29-ebt-brnf/net/bridge/netfilter/ebtable_nat.c    2005-03-14 00:00:29.000000000 +0100 
     621--- /dev/null   2005-09-22 15:53:13.374707688 +0000 
     622+++ linux-2.4.31-ebt-brnf/net/bridge/netfilter/ebtable_nat.c    2005-09-15 16:57:23.000000000 +0000 
    578623@@ -0,0 +1,96 @@ 
    579624+/* 
     
    673718+EXPORT_NO_SYMBOLS; 
    674719+MODULE_LICENSE("GPL"); 
    675 --- /dev/null   2005-03-14 20:10:29.001600248 +0100 
    676 +++ linux-2.4.29-ebt-brnf/net/bridge/netfilter/ebtable_broute.c 2005-03-14 00:00:29.000000000 +0100 
     720--- /dev/null   2005-09-22 15:53:13.374707688 +0000 
     721+++ linux-2.4.31-ebt-brnf/net/bridge/netfilter/ebtable_broute.c 2005-09-15 16:57:23.000000000 +0000 
    677722@@ -0,0 +1,79 @@ 
    678723+/* 
     
    755800+EXPORT_NO_SYMBOLS; 
    756801+MODULE_LICENSE("GPL"); 
    757 --- /dev/null   2005-03-14 20:10:29.001600248 +0100 
    758 +++ linux-2.4.29-ebt-brnf/net/bridge/netfilter/ebt_among.c      2005-03-14 00:00:29.000000000 +0100 
     802--- /dev/null   2005-09-22 15:53:13.374707688 +0000 
     803+++ linux-2.4.31-ebt-brnf/net/bridge/netfilter/ebt_among.c      2005-09-15 16:57:23.000000000 +0000 
    759804@@ -0,0 +1,223 @@ 
    760805+/* 
     
    9811026+EXPORT_NO_SYMBOLS; 
    9821027+MODULE_LICENSE("GPL"); 
    983 --- /dev/null   2005-03-14 20:10:29.001600248 +0100 
    984 +++ linux-2.4.29-ebt-brnf/net/bridge/netfilter/ebt_limit.c      2005-03-14 00:00:29.000000000 +0100 
     1028--- /dev/null   2005-09-22 15:53:13.374707688 +0000 
     1029+++ linux-2.4.31-ebt-brnf/net/bridge/netfilter/ebt_limit.c      2005-09-15 16:57:23.000000000 +0000 
    9851030@@ -0,0 +1,101 @@ 
    9861031+/* 
     
    10851130+EXPORT_NO_SYMBOLS; 
    10861131+MODULE_LICENSE("GPL"); 
    1087 --- /dev/null   2005-03-14 20:10:29.001600248 +0100 
    1088 +++ linux-2.4.29-ebt-brnf/net/bridge/netfilter/ebt_arpreply.c   2005-03-14 00:00:30.000000000 +0100 
     1132--- /dev/null   2005-09-22 15:53:13.374707688 +0000 
     1133+++ linux-2.4.31-ebt-brnf/net/bridge/netfilter/ebt_arpreply.c   2005-09-15 16:57:23.000000000 +0000 
    10891134@@ -0,0 +1,86 @@ 
    10901135+/* 
     
    11741219+EXPORT_NO_SYMBOLS; 
    11751220+MODULE_LICENSE("GPL"); 
    1176 --- /dev/null   2005-03-14 20:10:29.001600248 +0100 
    1177 +++ linux-2.4.29-ebt-brnf/net/bridge/netfilter/ebt_802_3.c      2005-03-14 00:00:30.000000000 +0100 
     1221--- /dev/null   2005-09-22 15:53:13.374707688 +0000 
     1222+++ linux-2.4.31-ebt-brnf/net/bridge/netfilter/ebt_802_3.c      2005-09-15 16:57:23.000000000 +0000 
    11781223@@ -0,0 +1,74 @@ 
    11791224+/* 
     
    12511296+EXPORT_NO_SYMBOLS; 
    12521297+MODULE_LICENSE("GPL"); 
    1253 --- /dev/null   2005-03-14 20:10:29.001600248 +0100 
    1254 +++ linux-2.4.29-ebt-brnf/net/bridge/netfilter/ebt_mark.c       2005-03-14 00:00:30.000000000 +0100 
     1298--- /dev/null   2005-09-22 15:53:13.374707688 +0000 
     1299+++ linux-2.4.31-ebt-brnf/net/bridge/netfilter/ebt_mark.c       2005-09-15 16:57:23.000000000 +0000 
    12551300@@ -0,0 +1,66 @@ 
    12561301+/* 
     
    13201365+EXPORT_NO_SYMBOLS; 
    13211366+MODULE_LICENSE("GPL"); 
    1322 --- /dev/null   2005-03-14 20:10:29.001600248 +0100 
    1323 +++ linux-2.4.29-ebt-brnf/net/bridge/netfilter/ebt_mark_m.c     2005-03-14 00:00:30.000000000 +0100 
     1367--- /dev/null   2005-09-22 15:53:13.374707688 +0000 
     1368+++ linux-2.4.31-ebt-brnf/net/bridge/netfilter/ebt_mark_m.c     2005-09-15 16:57:23.000000000 +0000 
    13241369@@ -0,0 +1,61 @@ 
    13251370+/* 
     
    13841429+EXPORT_NO_SYMBOLS; 
    13851430+MODULE_LICENSE("GPL"); 
    1386 --- /dev/null   2005-03-14 20:10:29.001600248 +0100 
    1387 +++ linux-2.4.29-ebt-brnf/net/bridge/netfilter/ebt_pkttype.c    2005-03-14 00:00:30.000000000 +0100 
     1431--- /dev/null   2005-09-22 15:53:13.374707688 +0000 
     1432+++ linux-2.4.31-ebt-brnf/net/bridge/netfilter/ebt_pkttype.c    2005-09-15 16:57:23.000000000 +0000 
    13881433@@ -0,0 +1,60 @@ 
    13891434+/* 
     
    14471492+EXPORT_NO_SYMBOLS; 
    14481493+MODULE_LICENSE("GPL"); 
    1449 --- /dev/null   2005-03-14 20:10:29.001600248 +0100 
    1450 +++ linux-2.4.29-ebt-brnf/net/bridge/netfilter/ebt_stp.c        2005-03-14 00:00:30.000000000 +0100 
     1494--- /dev/null   2005-09-22 15:53:13.374707688 +0000 
     1495+++ linux-2.4.31-ebt-brnf/net/bridge/netfilter/ebt_stp.c        2005-09-15 16:57:23.000000000 +0000 
    14511496@@ -0,0 +1,191 @@ 
    14521497+/* 
     
    16411686+EXPORT_NO_SYMBOLS; 
    16421687+MODULE_LICENSE("GPL"); 
    1643 --- /dev/null   2005-03-14 20:10:29.001600248 +0100 
    1644 +++ linux-2.4.29-ebt-brnf/net/bridge/netfilter/ebt_redirect.c   2005-03-14 00:00:30.000000000 +0100 
     1688--- /dev/null   2005-09-22 15:53:13.374707688 +0000 
     1689+++ linux-2.4.31-ebt-brnf/net/bridge/netfilter/ebt_redirect.c   2005-09-15 16:57:23.000000000 +0000 
    16451690@@ -0,0 +1,71 @@ 
    16461691+/* 
     
    17151760+EXPORT_NO_SYMBOLS; 
    17161761+MODULE_LICENSE("GPL"); 
    1717 --- /dev/null   2005-03-14 20:10:29.001600248 +0100 
    1718 +++ linux-2.4.29-ebt-brnf/net/bridge/netfilter/ebt_arp.c        2005-03-14 00:00:30.000000000 +0100 
     1762--- /dev/null   2005-09-22 15:53:13.374707688 +0000 
     1763+++ linux-2.4.31-ebt-brnf/net/bridge/netfilter/ebt_arp.c        2005-09-15 16:57:23.000000000 +0000 
    17191764@@ -0,0 +1,149 @@ 
    17201765+/* 
     
    18671912+EXPORT_NO_SYMBOLS; 
    18681913+MODULE_LICENSE("GPL"); 
    1869 --- /dev/null   2005-03-14 20:10:29.001600248 +0100 
    1870 +++ linux-2.4.29-ebt-brnf/net/bridge/netfilter/ebt_ip.c 2005-03-14 00:00:30.000000000 +0100 
     1914--- /dev/null   2005-09-22 15:53:13.374707688 +0000 
     1915+++ linux-2.4.31-ebt-brnf/net/bridge/netfilter/ebt_ip.c 2005-09-15 16:57:23.000000000 +0000 
    18711916@@ -0,0 +1,121 @@ 
    18721917+/* 
     
    19912036+EXPORT_NO_SYMBOLS; 
    19922037+MODULE_LICENSE("GPL"); 
    1993 --- /dev/null   2005-03-14 20:10:29.001600248 +0100 
    1994 +++ linux-2.4.29-ebt-brnf/net/bridge/netfilter/ebt_vlan.c       2005-03-14 00:00:30.000000000 +0100 
     2038--- /dev/null   2005-09-22 15:53:13.374707688 +0000 
     2039+++ linux-2.4.31-ebt-brnf/net/bridge/netfilter/ebt_vlan.c       2005-09-15 16:57:23.000000000 +0000 
    19952040@@ -0,0 +1,259 @@ 
    19962041+/* 
     
    22532298+ 
    22542299+EXPORT_NO_SYMBOLS; 
    2255 --- /dev/null   2005-03-14 20:10:29.001600248 +0100 
    2256 +++ linux-2.4.29-ebt-brnf/net/bridge/netfilter/ebt_log.c        2005-03-14 00:00:30.000000000 +0100 
     2300--- /dev/null   2005-09-22 15:53:13.374707688 +0000 
     2301+++ linux-2.4.31-ebt-brnf/net/bridge/netfilter/ebt_log.c        2005-09-15 16:57:23.000000000 +0000 
    22572302@@ -0,0 +1,153 @@ 
    22582303+/* 
     
    24092454+EXPORT_NO_SYMBOLS; 
    24102455+MODULE_LICENSE("GPL"); 
    2411 --- /dev/null   2005-03-14 20:10:29.001600248 +0100 
    2412 +++ linux-2.4.29-ebt-brnf/net/bridge/netfilter/ebt_ulog.c       2005-03-14 00:00:30.000000000 +0100 
     2456--- /dev/null   2005-09-22 15:53:13.374707688 +0000 
     2457+++ linux-2.4.31-ebt-brnf/net/bridge/netfilter/ebt_ulog.c       2005-09-15 16:57:23.000000000 +0000 
    24132458@@ -0,0 +1,281 @@ 
    24142459+/* 
     
    26932738+MODULE_DESCRIPTION("ebtables userspace logging module for bridged Ethernet" 
    26942739+                   " frames"); 
    2695 --- /dev/null   2005-03-14 20:10:29.001600248 +0100 
    2696 +++ linux-2.4.29-ebt-brnf/net/bridge/netfilter/ebt_snat.c       2005-03-14 00:00:30.000000000 +0100 
     2740--- /dev/null   2005-09-22 15:53:13.374707688 +0000 
     2741+++ linux-2.4.31-ebt-brnf/net/bridge/netfilter/ebt_snat.c       2005-09-15 16:57:23.000000000 +0000 
    26972742@@ -0,0 +1,64 @@ 
    26982743+/* 
     
    27602805+EXPORT_NO_SYMBOLS; 
    27612806+MODULE_LICENSE("GPL"); 
    2762 --- /dev/null   2005-03-14 20:10:29.001600248 +0100 
    2763 +++ linux-2.4.29-ebt-brnf/net/bridge/netfilter/ebt_dnat.c       2005-03-14 00:00:30.000000000 +0100 
     2807--- /dev/null   2005-09-22 15:53:13.374707688 +0000 
     2808+++ linux-2.4.31-ebt-brnf/net/bridge/netfilter/ebt_dnat.c       2005-09-15 16:57:23.000000000 +0000 
    27642809@@ -0,0 +1,65 @@ 
    27652810+/* 
     
    28282873+EXPORT_NO_SYMBOLS; 
    28292874+MODULE_LICENSE("GPL"); 
    2830 --- /dev/null   2005-03-14 20:10:29.001600248 +0100 
    2831 +++ linux-2.4.29-ebt-brnf/net/bridge/netfilter/ebtables.c       2005-03-14 21:04:05.155913576 +0100 
     2875--- /dev/null   2005-09-22 15:53:13.374707688 +0000 
     2876+++ linux-2.4.31-ebt-brnf/net/bridge/netfilter/ebtables.c       2005-09-15 16:57:23.000000000 +0000 
    28322877@@ -0,0 +1,1497 @@ 
    28332878+/* 
     
    43284373+module_exit(fini); 
    43294374+MODULE_LICENSE("GPL"); 
    4330 --- /dev/null   2005-03-14 20:10:29.001600248 +0100 
    4331 +++ linux-2.4.29-ebt-brnf/include/linux/netfilter_bridge/ebtables.h     2005-03-14 21:24:12.000000000 +0100 
     4375--- /dev/null   2005-09-22 15:53:13.374707688 +0000 
     4376+++ linux-2.4.31-ebt-brnf/include/linux/netfilter_bridge/ebtables.h     2005-09-15 16:57:23.000000000 +0000 
    43324377@@ -0,0 +1,361 @@ 
    43334378+/* 
     
    46924737+ 
    46934738+#endif 
    4694 --- /dev/null   2005-03-14 20:10:29.001600248 +0100 
    4695 +++ linux-2.4.29-ebt-brnf/include/linux/netfilter_bridge/ebt_among.h    2005-03-14 00:00:30.000000000 +0100 
     4739--- /dev/null   2005-09-22 15:53:13.374707688 +0000 
     4740+++ linux-2.4.31-ebt-brnf/include/linux/netfilter_bridge/ebt_among.h    2005-09-15 16:57:23.000000000 +0000 
    46964741@@ -0,0 +1,65 @@ 
    46974742+#ifndef __LINUX_BRIDGE_EBT_AMONG_H 
     
    47604805+ 
    47614806+#endif 
    4762 --- /dev/null   2005-03-14 20:10:29.001600248 +0100 
    4763 +++ linux-2.4.29-ebt-brnf/include/linux/netfilter_bridge/ebt_limit.h    2005-03-14 00:00:30.000000000 +0100 
     4807--- /dev/null   2005-09-22 15:53:13.374707688 +0000 
     4808+++ linux-2.4.31-ebt-brnf/include/linux/netfilter_bridge/ebt_limit.h    2005-09-15 16:57:23.000000000 +0000 
    47644809@@ -0,0 +1,23 @@ 
    47654810+#ifndef __LINUX_BRIDGE_EBT_LIMIT_H 
     
    47864831+ 
    47874832+#endif 
    4788 --- /dev/null   2005-03-14 20:10:29.001600248 +0100 
    4789 +++ linux-2.4.29-ebt-brnf/include/linux/netfilter_bridge/ebt_arpreply.h 2005-03-14 00:00:30.000000000 +0100 
     4833--- /dev/null   2005-09-22 15:53:13.374707688 +0000 
     4834+++ linux-2.4.31-ebt-brnf/include/linux/netfilter_bridge/ebt_arpreply.h 2005-09-15 16:57:23.000000000 +0000 
    47904835@@ -0,0 +1,11 @@ 
    47914836+#ifndef __LINUX_BRIDGE_EBT_ARPREPLY_H 
     
    48004845+ 
    48014846+#endif 
    4802 --- /dev/null   2005-03-14 20:10:29.001600248 +0100 
    4803 +++ linux-2.4.29-ebt-brnf/include/linux/netfilter_bridge/ebt_802_3.h    2005-03-14 00:00:30.000000000 +0100 
     4847--- /dev/null   2005-09-22 15:53:13.374707688 +0000 
     4848+++ linux-2.4.31-ebt-brnf/include/linux/netfilter_bridge/ebt_802_3.h    2005-09-15 16:57:23.000000000 +0000 
    48044849@@ -0,0 +1,60 @@ 
    48054850+#ifndef __LINUX_BRIDGE_EBT_802_3_H 
     
    48634908+ 
    48644909+#endif 
    4865 --- /dev/null   2005-03-14 20:10:29.001600248 +0100 
    4866 +++ linux-2.4.29-ebt-brnf/include/linux/netfilter_bridge/ebt_arp.h      2005-03-14 00:00:30.000000000 +0100 
     4910--- /dev/null   2005-09-22 15:53:13.374707688 +0000 
     4911+++ linux-2.4.31-ebt-brnf/include/linux/netfilter_bridge/ebt_arp.h      2005-09-15 16:57:23.000000000 +0000 
    48674912@@ -0,0 +1,32 @@ 
    48684913+#ifndef __LINUX_BRIDGE_EBT_ARP_H 
     
    48984943+ 
    48994944+#endif 
    4900 --- /dev/null   2005-03-14 20:10:29.001600248 +0100 
    4901 +++ linux-2.4.29-ebt-brnf/include/linux/netfilter_bridge/ebt_ip.h       2005-03-14 00:00:30.000000000 +0100 
     4945--- /dev/null   2005-09-22 15:53:13.374707688 +0000 
     4946+++ linux-2.4.31-ebt-brnf/include/linux/netfilter_bridge/ebt_ip.h       2005-09-15 16:57:23.000000000 +0000 
    49024947@@ -0,0 +1,43 @@ 
    49034948+/* 
     
    49444989+ 
    49454990+#endif 
    4946 --- /dev/null   2005-03-14 20:10:29.001600248 +0100 
    4947 +++ linux-2.4.29-ebt-brnf/include/linux/netfilter_bridge/ebt_pkttype.h  2005-03-14 00:00:30.000000000 +0100 
     4991--- /dev/null   2005-09-22 15:53:13.374707688 +0000 
     4992+++ linux-2.4.31-ebt-brnf/include/linux/netfilter_bridge/ebt_pkttype.h  2005-09-15 16:57:23.000000000 +0000 
    49484993@@ -0,0 +1,11 @@ 
    49494994+#ifndef __LINUX_BRIDGE_EBT_PKTTYPE_H 
     
    49585003+ 
    49595004+#endif 
    4960 --- /dev/null   2005-03-14 20:10:29.001600248 +0100 
    4961 +++ linux-2.4.29-ebt-brnf/include/linux/netfilter_bridge/ebt_stp.h      2005-03-14 00:00:30.000000000 +0100 
     5005--- /dev/null   2005-09-22 15:53:13.374707688 +0000 
     5006+++ linux-2.4.31-ebt-brnf/include/linux/netfilter_bridge/ebt_stp.h      2005-09-15 16:57:23.000000000 +0000 
    49625007@@ -0,0 +1,46 @@ 
    49635008+#ifndef __LINUX_BRIDGE_EBT_STP_H 
     
    50075052+ 
    50085053+#endif 
    5009 --- /dev/null   2005-03-14 20:10:29.001600248 +0100 
    5010 +++ linux-2.4.29-ebt-brnf/include/linux/netfilter_bridge/ebt_vlan.h     2005-03-14 00:00:30.000000000 +0100 
     5054--- /dev/null   2005-09-22 15:53:13.374707688 +0000 
     5055+++ linux-2.4.31-ebt-brnf/include/linux/netfilter_bridge/ebt_vlan.h     2005-09-15 16:57:23.000000000 +0000 
    50115056@@ -0,0 +1,20 @@ 
    50125057+#ifndef __LINUX_BRIDGE_EBT_VLAN_H 
     
    50305075+ 
    50315076+#endif 
    5032 --- /dev/null   2005-03-14 20:10:29.001600248 +0100 
    5033 +++ linux-2.4.29-ebt-brnf/include/linux/netfilter_bridge/ebt_log.h      2005-03-14 00:00:30.000000000 +0100 
     5077--- /dev/null   2005-09-22 15:53:13.374707688 +0000 
     5078+++ linux-2.4.31-ebt-brnf/include/linux/netfilter_bridge/ebt_log.h      2005-09-15 16:57:23.000000000 +0000 
    50345079@@ -0,0 +1,17 @@ 
    50355080+#ifndef __LINUX_BRIDGE_EBT_LOG_H 
     
    50505095+ 
    50515096+#endif 
    5052 --- /dev/null   2005-03-14 20:10:29.001600248 +0100 
    5053 +++ linux-2.4.29-ebt-brnf/include/linux/netfilter_bridge/ebt_ulog.h     2005-03-14 00:00:30.000000000 +0100 
     5097--- /dev/null   2005-09-22 15:53:13.374707688 +0000 
     5098+++ linux-2.4.31-ebt-brnf/include/linux/netfilter_bridge/ebt_ulog.h     2005-09-15 16:57:23.000000000 +0000 
    50545099@@ -0,0 +1,33 @@ 
    50555100+#ifndef _EBT_ULOG_H 
     
    50865131+ 
    50875132+#endif /* _EBT_ULOG_H */ 
    5088 --- /dev/null   2005-03-14 20:10:29.001600248 +0100 
    5089 +++ linux-2.4.29-ebt-brnf/include/linux/netfilter_bridge/ebt_nat.h      2005-03-14 00:00:30.000000000 +0100 
     5133--- /dev/null   2005-09-22 15:53:13.374707688 +0000 
     5134+++ linux-2.4.31-ebt-brnf/include/linux/netfilter_bridge/ebt_nat.h      2005-09-15 16:57:23.000000000 +0000 
    50905135@@ -0,0 +1,13 @@ 
    50915136+#ifndef __LINUX_BRIDGE_EBT_NAT_H 
     
    51025147+ 
    51035148+#endif 
    5104 --- /dev/null   2005-03-14 20:10:29.001600248 +0100 
    5105 +++ linux-2.4.29-ebt-brnf/include/linux/netfilter_bridge/ebt_redirect.h 2005-03-14 00:00:30.000000000 +0100 
     5149--- /dev/null   2005-09-22 15:53:13.374707688 +0000 
     5150+++ linux-2.4.31-ebt-brnf/include/linux/netfilter_bridge/ebt_redirect.h 2005-09-15 16:57:23.000000000 +0000 
    51065151@@ -0,0 +1,11 @@ 
    51075152+#ifndef __LINUX_BRIDGE_EBT_REDIRECT_H 
     
    51165161+ 
    51175162+#endif 
    5118 --- /dev/null   2005-03-14 20:10:29.001600248 +0100 
    5119 +++ linux-2.4.29-ebt-brnf/include/linux/netfilter_bridge/ebt_mark_m.h   2005-03-14 00:00:30.000000000 +0100 
     5163--- /dev/null   2005-09-22 15:53:13.374707688 +0000 
     5164+++ linux-2.4.31-ebt-brnf/include/linux/netfilter_bridge/ebt_mark_m.h   2005-09-15 16:57:23.000000000 +0000 
    51205165@@ -0,0 +1,15 @@ 
    51215166+#ifndef __LINUX_BRIDGE_EBT_MARK_M_H 
     
    51345179+ 
    51355180+#endif 
    5136 --- /dev/null   2005-03-14 20:10:29.001600248 +0100 
    5137 +++ linux-2.4.29-ebt-brnf/include/linux/netfilter_bridge/ebt_mark_t.h   2005-03-14 00:00:30.000000000 +0100 
     5181--- /dev/null   2005-09-22 15:53:13.374707688 +0000 
     5182+++ linux-2.4.31-ebt-brnf/include/linux/netfilter_bridge/ebt_mark_t.h   2005-09-15 16:57:23.000000000 +0000 
    51385183@@ -0,0 +1,12 @@ 
    51395184+#ifndef __LINUX_BRIDGE_EBT_MARK_T_H 
     
    51495194+ 
    51505195+#endif 
    5151 --- linux-2.4.29/include/linux/netfilter.h      2005-01-19 15:10:12.000000000 +0100 
    5152 +++ linux-2.4.29-ebt-brnf/include/linux/netfilter.h     2005-03-14 21:11:36.000000000 +0100 
     5196--- linux-2.4.31/include/linux/netfilter.h      2005-01-19 14:10:12.000000000 +0000 
     5197+++ linux-2.4.31-ebt-brnf/include/linux/netfilter.h     2005-09-15 16:57:23.000000000 +0000 
    51535198@@ -17,7 +17,8 @@ 
    51545199 #define NF_STOLEN 2 
     
    52035248 /* Call setsockopt() */ 
    52045249 int nf_setsockopt(struct sock *sk, int pf, int optval, char *opt,  
    5205 --- linux-2.4.29/include/linux/netfilter_ipv4.h 2002-02-25 20:38:13.000000000 +0100 
    5206 +++ linux-2.4.29-ebt-brnf/include/linux/netfilter_ipv4.h        2005-03-14 21:11:36.000000000 +0100 
     5250--- linux-2.4.31/include/linux/netfilter_ipv4.h 2002-02-25 19:38:13.000000000 +0000 
     5251+++ linux-2.4.31-ebt-brnf/include/linux/netfilter_ipv4.h        2005-09-15 16:57:23.000000000 +0000 
    52075252@@ -52,8 +52,10 @@ 
    52085253 enum nf_ip_hook_priorities { 
     
    52165261        NF_IP_PRI_NAT_SRC = 100, 
    52175262        NF_IP_PRI_LAST = INT_MAX, 
    5218 --- linux-2.4.29/include/linux/netfilter_ipv6.h 2001-01-02 01:17:54.000000000 +0100 
    5219 +++ linux-2.4.29-ebt-brnf/include/linux/netfilter_ipv6.h        2005-03-14 21:24:11.000000000 +0100 
     5263--- linux-2.4.31/include/linux/netfilter_ipv6.h 2001-01-02 00:17:54.000000000 +0000 
     5264+++ linux-2.4.31-ebt-brnf/include/linux/netfilter_ipv6.h        2005-09-15 16:57:23.000000000 +0000 
    52205265@@ -57,8 +57,10 @@ 
    52215266 enum nf_ip6_hook_priorities { 
     
    52295274        NF_IP6_PRI_NAT_SRC = 100, 
    52305275        NF_IP6_PRI_LAST = INT_MAX, 
    5231 --- linux-2.4.29/include/linux/skbuff.h 2004-08-08 01:26:06.000000000 +0200 
    5232 +++ linux-2.4.29-ebt-brnf/include/linux/skbuff.h        2005-03-14 21:07:31.000000000 +0100 
     5276--- linux-2.4.31/include/linux/skbuff.h 2005-04-04 01:42:20.000000000 +0000 
     5277+++ linux-2.4.31-ebt-brnf/include/linux/skbuff.h        2005-09-15 16:57:23.000000000 +0000 
    52335278@@ -92,6 +92,20 @@ struct nf_conntrack { 
    52345279 struct nf_ct_info { 
     
    52625307  
    52635308 #if defined(CONFIG_HIPPI) 
    5264 @@ -1175,6 +1192,20 @@ nf_reset(struct sk_buff *skb) 
     5309@@ -1171,6 +1188,20 @@ nf_reset(struct sk_buff *skb) 
    52655310        skb->nf_debug = 0; 
    52665311 #endif 
     
    52835328 static inline void nf_reset(struct sk_buff *skb) {} 
    52845329 #endif /* CONFIG_NETFILTER */ 
    5285 --- linux-2.4.29/net/core/netfilter.c   2005-01-19 15:10:13.000000000 +0100 
    5286 +++ linux-2.4.29-ebt-brnf/net/core/netfilter.c  2005-03-14 21:21:41.825275416 +0100 
     5330--- linux-2.4.31/net/core/netfilter.c   2005-01-19 14:10:13.000000000 +0000 
     5331+++ linux-2.4.31-ebt-brnf/net/core/netfilter.c  2005-09-15 16:57:23.000000000 +0000 
    52875332@@ -342,32 +342,29 @@ static unsigned int nf_iterate(struct li 
    52885333                               const struct net_device *indev, 
     
    54725517  
    54735518        switch (verdict) { 
    5474 --- linux-2.4.29/net/core/skbuff.c      2003-08-25 13:44:44.000000000 +0200 
    5475 +++ linux-2.4.29-ebt-brnf/net/core/skbuff.c     2005-03-14 00:00:30.000000000 +0100 
     5519--- linux-2.4.31/net/core/skbuff.c      2003-08-25 11:44:44.000000000 +0000 
     5520+++ linux-2.4.31-ebt-brnf/net/core/skbuff.c     2005-09-15 16:57:23.000000000 +0000 
    54765521@@ -246,6 +246,9 @@ static inline void skb_headerinit(void * 
    54775522 #ifdef CONFIG_NETFILTER_DEBUG 
     
    55385583        copy_skb_header(n, skb); 
    55395584        return n; 
    5540 --- linux-2.4.29/net/ipv4/netfilter/ip_tables.c 2005-01-19 15:10:13.000000000 +0100 
    5541 +++ linux-2.4.29-ebt-brnf/net/ipv4/netfilter/ip_tables.c        2005-03-14 00:00:30.000000000 +0100 
    5542 @@ -118,12 +118,19 @@ static LIST_HEAD(ipt_tables); 
     5585--- linux-2.4.31/net/ipv4/netfilter/ip_tables.c 2005-04-04 01:42:20.000000000 +0000 
     5586+++ linux-2.4.31-ebt-brnf/net/ipv4/netfilter/ip_tables.c        2005-09-15 16:57:23.000000000 +0000 
     5587@@ -120,12 +120,19 @@ static LIST_HEAD(ipt_tables); 
    55435588 static inline int 
    55445589 ip_packet_match(const struct iphdr *ip, 
     
    55605605 #define FWINV(bool,invflg) ((bool) ^ !!(ipinfo->invflags & invflg)) 
    55615606  
    5562 @@ -153,7 +160,15 @@ ip_packet_match(const struct iphdr *ip, 
     5607@@ -155,7 +162,15 @@ ip_packet_match(const struct iphdr *ip, 
    55635608                        & ((const unsigned long *)ipinfo->iniface_mask)[i]; 
    55645609        } 
     
    55775622                        indev, ipinfo->iniface, 
    55785623                        ipinfo->invflags&IPT_INV_VIA_IN ?" (INV)":""); 
    5579 @@ -166,7 +181,15 @@ ip_packet_match(const struct iphdr *ip, 
     5624@@ -168,7 +183,15 @@ ip_packet_match(const struct iphdr *ip, 
    55805625                        & ((const unsigned long *)ipinfo->outiface_mask)[i]; 
    55815626        } 
     
    55945639                        outdev, ipinfo->outiface, 
    55955640                        ipinfo->invflags&IPT_INV_VIA_OUT ?" (INV)":""); 
    5596 @@ -265,6 +288,9 @@ ipt_do_table(struct sk_buff **pskb, 
     5641@@ -267,6 +290,9 @@ ipt_do_table(struct sk_buff **pskb, 
    55975642        /* Initializing verdict to NF_DROP keeps gcc happy. */ 
    55985643        unsigned int verdict = NF_DROP; 
     
    56045649        struct ipt_entry *e, *back; 
    56055650  
    5606 @@ -274,6 +300,13 @@ ipt_do_table(struct sk_buff **pskb, 
     5651@@ -276,6 +302,13 @@ ipt_do_table(struct sk_buff **pskb, 
    56075652        datalen = (*pskb)->len - ip->ihl * 4; 
    56085653        indev = in ? in->name : nulldevname; 
     
    56185663         * if it was a normal packet.  All other fragments are treated 
    56195664         * normally, except that they will NEVER match rules that ask 
    5620 @@ -309,7 +342,15 @@ ipt_do_table(struct sk_buff **pskb, 
     5665@@ -311,7 +344,15 @@ ipt_do_table(struct sk_buff **pskb, 
    56215666                IP_NF_ASSERT(e); 
    56225667                IP_NF_ASSERT(back); 
     
    56355680  
    56365681                        if (IPT_MATCH_ITERATE(e, do_match, 
    5637 --- linux-2.4.29/net/ipv4/ip_output.c   2005-01-19 15:10:13.000000000 +0100 
    5638 +++ linux-2.4.29-ebt-brnf/net/ipv4/ip_output.c  2005-03-14 00:00:30.000000000 +0100 
    5639 @@ -890,6 +890,10 @@ int ip_fragment(struct sk_buff *skb, int 
     5682--- linux-2.4.31/net/ipv4/ip_output.c   2005-01-19 14:10:13.000000000 +0000 
     5683+++ linux-2.4.31-ebt-brnf/net/ipv4/ip_output.c  2005-09-15 16:57:23.000000000 +0000 
     5684@@ -77,6 +77,7 @@ 
     5685 #include <linux/netfilter_ipv4.h> 
     5686 #include <linux/mroute.h> 
     5687 #include <linux/netlink.h> 
     5688+#include <linux/netfilter_bridge.h> 
     5689  
     5690 /* 
     5691  *      Shall we try to damage output packets if routing dev changes? 
     5692@@ -769,7 +770,8 @@ int ip_fragment(struct sk_buff *skb, int 
     5693        int not_last_frag; 
     5694        struct rtable *rt = (struct rtable*)skb->dst; 
     5695        int err = 0; 
     5696- 
     5697+        unsigned int ll_rs = 0; 
     5698+        
     5699        dev = rt->u.dst.dev; 
     5700  
     5701        /* 
     5702@@ -785,6 +787,10 @@ int ip_fragment(struct sk_buff *skb, int 
     5703        hlen = iph->ihl * 4; 
     5704        left = skb->len - hlen;         /* Space per frame */ 
     5705        mtu = rt->u.dst.pmtu - hlen;    /* Size of data space */ 
     5706+#ifdef CONFIG_NETFILTER 
     5707+       ll_rs = nf_bridge_pad(skb); 
     5708+       mtu -= ll_rs; 
     5709+#endif 
     5710        ptr = raw + hlen;               /* Where to start from */ 
     5711  
     5712        /* 
     5713@@ -812,7 +818,7 @@ int ip_fragment(struct sk_buff *skb, int 
     5714                 *      Allocate buffer. 
     5715                 */ 
     5716  
     5717-               if ((skb2 = alloc_skb(len+hlen+dev->hard_header_len+15,GFP_ATOMIC)) == NULL) { 
     5718+               if ((skb2 = alloc_skb(len+hlen+dev->hard_header_len+15+ll_rs,GFP_ATOMIC)) == NULL) { 
     5719                        NETDEBUG(printk(KERN_INFO "IP: frag: no memory for new fragment!\n")); 
     5720                        err = -ENOMEM; 
     5721                        goto fail; 
     5722@@ -824,7 +830,7 @@ int ip_fragment(struct sk_buff *skb, int 
     5723  
     5724                skb2->pkt_type = skb->pkt_type; 
     5725                skb2->priority = skb->priority; 
     5726-               skb_reserve(skb2, (dev->hard_header_len+15)&~15); 
     5727+               skb_reserve(skb2, (dev->hard_header_len+15+ll_rs)&~15); 
     5728                skb_put(skb2, len + hlen); 
     5729                skb2->nh.raw = skb2->data; 
     5730                skb2->h.raw = skb2->data + hlen; 
     5731@@ -890,6 +896,10 @@ int ip_fragment(struct sk_buff *skb, int 
    56405732                /* Connection association is same as pre-frag packet */ 
    56415733                skb2->nfct = skb->nfct; 
     
    56485740                skb2->nf_debug = skb->nf_debug; 
    56495741 #endif 
    5650 --- linux-2.4.29/net/ipv4/netfilter/ipt_LOG.c   2003-11-28 19:26:21.000000000 +0100 
    5651 +++ linux-2.4.29-ebt-brnf/net/ipv4/netfilter/ipt_LOG.c  2005-03-14 00:00:30.000000000 +0100 
    5652 @@ -316,6 +316,18 @@ ipt_log_target(struct sk_buff **pskb, 
     5742--- linux-2.4.31/net/ipv4/netfilter/ipt_LOG.c   2005-04-04 01:42:20.000000000 +0000 
     5743+++ linux-2.4.31-ebt-brnf/net/ipv4/netfilter/ipt_LOG.c  2005-09-15 16:57:23.000000000 +0000 
     5744@@ -317,6 +317,18 @@ ipt_log_target(struct sk_buff **pskb, 
    56535745               loginfo->prefix, 
    56545746               in ? in->name : "", 
     
    56695761                /* MAC logging for input chain only. */ 
    56705762                printk("MAC="); 
    5671 --- linux-2.4.29/net/ipv4/netfilter/Makefile    2003-08-25 13:44:44.000000000 +0200 
    5672 +++ linux-2.4.29-ebt-brnf/net/ipv4/netfilter/Makefile   2005-03-14 00:00:30.000000000 +0100 
     5763--- linux-2.4.31/net/ipv4/netfilter/Makefile    2003-08-25 11:44:44.000000000 +0000 
     5764+++ linux-2.4.31-ebt-brnf/net/ipv4/netfilter/Makefile   2005-09-15 16:57:23.000000000 +0000 
    56735765@@ -87,6 +87,8 @@ obj-$(CONFIG_IP_NF_MATCH_CONNTRACK) += i 
    56745766 obj-$(CONFIG_IP_NF_MATCH_UNCLEAN) += ipt_unclean.o 
     
    56805772 obj-$(CONFIG_IP_NF_TARGET_REJECT) += ipt_REJECT.o 
    56815773 obj-$(CONFIG_IP_NF_TARGET_MIRROR) += ipt_MIRROR.o 
    5682 --- linux-2.4.29/net/ipv4/netfilter/Config.in   2005-01-19 15:10:13.000000000 +0100 
    5683 +++ linux-2.4.29-ebt-brnf/net/ipv4/netfilter/Config.in  2005-03-14 00:00:30.000000000 +0100 
     5774--- linux-2.4.31/net/ipv4/netfilter/Config.in   2005-01-19 14:10:13.000000000 +0000 
     5775+++ linux-2.4.31-ebt-brnf/net/ipv4/netfilter/Config.in  2005-09-15 16:57:23.000000000 +0000 
    56845776@@ -44,6 +44,9 @@ if [ "$CONFIG_IP_NF_IPTABLES" != "n" ];  
    56855777     dep_tristate '  Unclean match support (EXPERIMENTAL)' CONFIG_IP_NF_MATCH_UNCLEAN $CONFIG_IP_NF_IPTABLES 
     
    56925784   dep_tristate '  Packet filtering' CONFIG_IP_NF_FILTER $CONFIG_IP_NF_IPTABLES  
    56935785   if [ "$CONFIG_IP_NF_FILTER" != "n" ]; then 
    5694 --- /dev/null   2005-03-14 20:10:29.001600248 +0100 
    5695 +++ linux-2.4.29-ebt-brnf/net/bridge/br_netfilter.c     2005-03-14 00:00:30.000000000 +0100 
    5696 @@ -0,0 +1,1101 @@ 
     5786--- /dev/null   2005-09-22 15:53:13.374707688 +0000 
     5787+++ linux-2.4.31-ebt-brnf/net/bridge/br_netfilter.c     2005-09-15 17:00:24.000000000 +0000 
     5788@@ -0,0 +1,1102 @@ 
    56975789+/* 
    56985790+ *     Handle firewalling 
     
    59256017+ 
    59266018+                       if (!ip_route_output(&rt, iph->daddr, 0, iph->tos, 0)) { 
    5927 +                               /* Bridged-and-DNAT'ed traffic doesn't 
    5928 +                                * require ip_forwarding. 
    5929 +                                */ 
    5930 +                               if (((struct dst_entry *)rt)->dev == dev) { 
     6019+                               /* - Bridged-and-DNAT'ed traffic doesn't 
     6020+                                *   require ip_forwarding. 
     6021+                                * - Deal with redirected traffic. */ 
     6022+                               if (((struct dst_entry *)rt)->dev == dev || 
     6023+                                   rt->rt_type == RTN_LOCAL) { 
    59316024+                                       skb->dst = (struct dst_entry *)rt; 
    59326025+                                       goto bridged_dnat; 
     
    67966889+ 
    67976890+} 
    6798 --- /dev/null   2005-03-14 20:10:29.001600248 +0100 
    6799 +++ linux-2.4.29-ebt-brnf/net/ipv4/netfilter/ipt_physdev.c      2005-03-14 00:00:30.000000000 +0100 
     6891--- /dev/null   2005-09-22 15:53:13.374707688 +0000 
     6892+++ linux-2.4.31-ebt-brnf/net/ipv4/netfilter/ipt_physdev.c      2005-09-15 16:57:23.000000000 +0000 
    68006893@@ -0,0 +1,127 @@ 
    68016894+/* Kernel module to match the bridge port in and 
     
    69267019+MODULE_LICENSE("GPL"); 
    69277020+EXPORT_NO_SYMBOLS; 
    6928 --- /dev/null   2005-03-14 20:10:29.001600248 +0100 
    6929 +++ linux-2.4.29-ebt-brnf/include/linux/netfilter_ipv4/ipt_physdev.h    2005-03-14 21:24:30.000000000 +0100 
     7021--- /dev/null   2005-09-22 15:53:13.374707688 +0000 
     7022+++ linux-2.4.31-ebt-brnf/include/linux/netfilter_ipv4/ipt_physdev.h    2005-09-15 16:57:23.000000000 +0000 
    69307023@@ -0,0 +1,24 @@ 
    69317024+#ifndef _IPT_PHYSDEV_H 
     
    69537046+ 
    69547047+#endif /*_IPT_PHYSDEV_H*/ 
    6955 --- linux-2.4.29/net/8021q/vlan_dev.c   2005-01-19 15:10:13.000000000 +0100 
    6956 +++ linux-2.4.29-ebt-brnf/net/8021q/vlan_dev.c  2005-03-14 00:00:30.000000000 +0100 
     7048--- linux-2.4.31/net/8021q/vlan_dev.c   2005-01-19 14:10:13.000000000 +0000 
     7049+++ linux-2.4.31-ebt-brnf/net/8021q/vlan_dev.c  2005-09-15 16:57:23.000000000 +0000 
    69577050@@ -488,6 +488,10 @@ int vlan_dev_hard_start_xmit(struct sk_b 
    69587051        stats->tx_packets++; /* for statics only */ 
     
    69667059        dev_queue_xmit(skb); 
    69677060  
    6968 --- linux-2.4.29/include/linux/sysctl.h 2005-01-19 15:10:13.000000000 +0100 
    6969 +++ linux-2.4.29-ebt-brnf/include/linux/sysctl.h        2005-03-14 21:07:18.000000000 +0100 
    6970 @@ -608,6 +608,15 @@ enum { 
     7061--- linux-2.4.31/include/linux/sysctl.h 2005-04-04 01:42:20.000000000 +0000 
     7062+++ linux-2.4.31-ebt-brnf/include/linux/sysctl.h        2005-09-15 16:57:23.000000000 +0000 
     7063@@ -609,6 +609,15 @@ enum { 
    69717064        NET_DECNET_CONF_DEV_STATE = 7 
    69727065 }; 
     
    69847077  
    69857078 /* CTL_FS names: */ 
    6986 --- linux-2.4.29/net/ipv4/netfilter/ipt_REJECT.c        2005-01-19 15:10:13.000000000 +0100 
    6987 +++ linux-2.4.29-ebt-brnf/net/ipv4/netfilter/ipt_REJECT.c       2005-03-14 00:00:30.000000000 +0100 
     7079--- linux-2.4.31/net/ipv4/netfilter/ipt_REJECT.c        2005-01-19 14:10:13.000000000 +0000 
     7080+++ linux-2.4.31-ebt-brnf/net/ipv4/netfilter/ipt_REJECT.c       2005-09-15 16:57:23.000000000 +0000 
    69887081@@ -15,6 +15,9 @@ 
    69897082 #include <net/route.h> 
Note: See TracChangeset for help on using the changeset viewer.