Changeset 196

Timestamp:

12/26/06 13:50:02 (5 years ago)

Author:

root

Message:

New ebtables patch, making ip conntrack a module instead of in-kernel.

Location:

floppyfw-3.0

Files:

• Makefile (modified) (1 diff)
• configs/config-kernel (modified) (6 diffs)
• makefiles/iptables.mk (modified) (1 diff)
• patches/kernel/011-latest-ebtables-patch.diff (modified) (79 diffs)

floppyfw-3.0/Makefile

@@ -127 +127 @@
 # This works the same way as NIC_MODULES.
 # If you want options to the module, put them in a () after the module.
-IPTABLES_MODULES=arp_tables arptable_filter iptable_mangle ipt_DSCP ipt_ECN ipt_LOG ipt_MARK ipt_REDIRECT ipt_TCPMSS ipt_TOS ipt_ULOG ipt_conntrack ipt_connlimit ipt_dscp ipt_ecn ipt_helper ipt_length ipt_limit ipt_mac ipt_mark ipt_physdev ipt_pkttype ipt_tcpmss ipt_tos ipt_ttl ipt_unclean ip_conntrack_ftp ip_nat_ftp ip_conntrack_irc(ports=6666,6667,6668,7000) ip_nat_irc sch_htb ip_conntrack_h323 ip_conntrack_rtsp ip_conntrack_pptp ip_conntrack_quake3 ipt_iprange ipt_multiport
+IPTABLES_MODULES=ip_conntrack arp_tables arptable_filter iptable_mangle ipt_DSCP ipt_ECN ipt_LOG ipt_MARK ipt_REDIRECT ipt_TCPMSS ipt_TOS ipt_ULOG ipt_conntrack ipt_connlimit ipt_dscp ipt_ecn ipt_helper ipt_length ipt_limit ipt_mac ipt_mark ipt_physdev ipt_pkttype ipt_tcpmss ipt_tos ipt_ttl ipt_unclean ip_conntrack_ftp ip_nat_ftp ip_conntrack_irc(ports=6666,6667,6668,7000) ip_nat_irc sch_htb ip_conntrack_h323 ip_conntrack_mms ip_nat_mms ip_conntrack_rtsp ip_conntrack_pptp ip_conntrack_quake3 ipt_iprange ipt_multiport
 
 #ipt_MIRROR 

floppyfw-3.0/configs/config-kernel

@@ -209 +209 @@
 #   IP: Netfilter Configuration
 #
-CONFIG_IP_NF_CONNTRACK=y
+CONFIG_IP_NF_CONNTRACK=m
 CONFIG_IP_NF_FTP=m
 CONFIG_IP_NF_CT_PROTO_GRE=m
@@ -220 +220 @@
 CONFIG_IP_NF_RTSP=m
 CONFIG_IP_NF_QUAKE3=m
-CONFIG_IP_NF_MMS=y
+CONFIG_IP_NF_MMS=m
 CONFIG_IP_NF_CUSEEME=m
 CONFIG_IP_NF_QUEUE=m
@@ -256 +256 @@
 CONFIG_IP_NF_MATCH_TCPMSS=m
 CONFIG_IP_NF_MATCH_HELPER=m
-CONFIG_IP_NF_MATCH_STATE=y
+CONFIG_IP_NF_MATCH_STATE=m
 CONFIG_IP_NF_MATCH_CONNLIMIT=m
 CONFIG_IP_NF_MATCH_CONNTRACK=m
@@ -266 +266 @@
 CONFIG_IP_NF_TARGET_MIRROR=m
 CONFIG_IP_NF_TARGET_TARPIT=m
-CONFIG_IP_NF_NAT=y
+CONFIG_IP_NF_NAT=m
 CONFIG_IP_NF_NAT_NEEDED=y
-CONFIG_IP_NF_TARGET_MASQUERADE=y
+CONFIG_IP_NF_TARGET_MASQUERADE=m
 CONFIG_IP_NF_TARGET_REDIRECT=m
 CONFIG_IP_NF_NAT_PPTP=m
@@ -278 +278 @@
 CONFIG_IP_NF_NAT_IRC=m
 CONFIG_IP_NF_NAT_QUAKE3=m
-CONFIG_IP_NF_NAT_MMS=y
+CONFIG_IP_NF_NAT_MMS=m
 CONFIG_IP_NF_NAT_CUSEEME=m
 CONFIG_IP_NF_NAT_FTP=m
@@ -1325 +1325 @@
 # Cryptographic options
 #
-# CONFIG_CRYPTO is not set
-# CONFIG_CRYPTO_HMAC is not set
-# CONFIG_CRYPTO_NULL is not set
-# CONFIG_CRYPTO_MD4 is not set
-# CONFIG_CRYPTO_MD5 is not set
-# CONFIG_CRYPTO_SHA1 is not set
-# CONFIG_CRYPTO_SHA256 is not set
-# CONFIG_CRYPTO_SHA512 is not set
-# CONFIG_CRYPTO_WP512 is not set
-# CONFIG_CRYPTO_DES is not set
-# CONFIG_CRYPTO_BLOWFISH is not set
-# CONFIG_CRYPTO_TWOFISH is not set
-# CONFIG_CRYPTO_SERPENT is not set
-# CONFIG_CRYPTO_AES is not set
-# CONFIG_CRYPTO_CAST5 is not set
-# CONFIG_CRYPTO_CAST6 is not set
-# CONFIG_CRYPTO_TEA is not set
-# CONFIG_CRYPTO_KHAZAD is not set
-# CONFIG_CRYPTO_ANUBIS is not set
-# CONFIG_CRYPTO_ARC4 is not set
-# CONFIG_CRYPTO_DEFLATE is not set
-# CONFIG_CRYPTO_MICHAEL_MIC is not set
-# CONFIG_CRYPTO_TEST is not set
+CONFIG_CRYPTO=y
+CONFIG_CRYPTO_HMAC=y
+CONFIG_CRYPTO_NULL=m
+CONFIG_CRYPTO_MD4=m
+CONFIG_CRYPTO_MD5=m
+CONFIG_CRYPTO_SHA1=m
+CONFIG_CRYPTO_SHA256=m
+CONFIG_CRYPTO_SHA512=m
+CONFIG_CRYPTO_WP512=m
+CONFIG_CRYPTO_DES=m
+CONFIG_CRYPTO_BLOWFISH=m
+CONFIG_CRYPTO_TWOFISH=m
+CONFIG_CRYPTO_SERPENT=m
+CONFIG_CRYPTO_AES=m
+CONFIG_CRYPTO_CAST5=m
+CONFIG_CRYPTO_CAST6=m
+CONFIG_CRYPTO_TEA=m
+CONFIG_CRYPTO_KHAZAD=m
+CONFIG_CRYPTO_ANUBIS=m
+CONFIG_CRYPTO_ARC4=m
+CONFIG_CRYPTO_DEFLATE=m
+CONFIG_CRYPTO_MICHAEL_MIC=m
+CONFIG_CRYPTO_TEST=m
 
 #

floppyfw-3.0/makefiles/iptables.mk

@@ -5 +5 @@
 #############################################################
 
-IPTABLES_VERSION=1.3.5
+IPTABLES_VERSION=1.3.7
 
 IPTABLES_SOURCE_URL=http://netfilter.org/projects/iptables/files/

floppyfw-3.0/patches/kernel/011-latest-ebtables-patch.diff

@@ -1 @@
---- linux-2.4.29/net/bridge/br_private.h        2004-08-08 01:26:06.000000000 +0200
-+++ linux-2.4.29-ebt-brnf/net/bridge/br_private.h       2005-03-14 21:24:04.000000000 +0100
+--- linux-2.4.31/net/bridge/br_private.h        2004-08-07 23:26:06.000000000 +0000
++++ linux-2.4.31-ebt-brnf/net/bridge/br_private.h       2005-09-15 16:57:22.000000000 +0000
 @@ -143,8 +143,10 @@ extern void br_fdb_insert(struct net_bri
  /* br_forward.c */
@@ -33 +33 @@
  extern int br_is_root_bridge(struct net_bridge *br);
  extern struct net_bridge_port *br_get_port(struct net_bridge *br,
---- linux-2.4.29/include/linux/if_bridge.h      2001-11-22 20:47:12.000000000 +0100
-+++ linux-2.4.29-ebt-brnf/include/linux/if_bridge.h     2005-03-14 21:11:28.000000000 +0100
+--- linux-2.4.31/include/linux/if_bridge.h      2001-11-22 19:47:12.000000000 +0000
++++ linux-2.4.31-ebt-brnf/include/linux/if_bridge.h     2005-09-15 16:57:23.000000000 +0000
 @@ -102,7 +102,8 @@ struct net_bridge;
  struct net_bridge_port;
@@ -45 +45 @@
  #endif
  
---- linux-2.4.29/net/core/dev.c 2004-04-14 15:05:41.000000000 +0200
-+++ linux-2.4.29-ebt-brnf/net/core/dev.c        2005-03-14 00:00:29.000000000 +0100
+--- linux-2.4.31/net/core/dev.c 2005-04-04 01:42:20.000000000 +0000
++++ linux-2.4.31-ebt-brnf/net/core/dev.c        2005-09-15 16:57:23.000000000 +0000
 @@ -1426,7 +1426,7 @@ static void net_tx_action(struct softirq
  
@@ -78 +78 @@
  #endif
  
---- linux-2.4.29/net/bridge/br_input.c  2003-08-25 13:44:44.000000000 +0200
-+++ linux-2.4.29-ebt-brnf/net/bridge/br_input.c 2005-03-14 00:00:29.000000000 +0100
+--- linux-2.4.31/net/bridge/br_input.c  2003-08-25 11:44:44.000000000 +0000
++++ linux-2.4.31-ebt-brnf/net/bridge/br_input.c 2005-09-22 17:19:52.212834152 +0000
 @@ -24,6 +24,9 @@ unsigned char bridge_ula[6] = { 0x01, 0x
  
@@ -99 +99 @@
         struct net_bridge *br;
         unsigned char *dest;
-@@ -112,7 +115,7 @@ err_nolock:
+@@ -61,6 +64,9 @@ static int br_handle_frame_finish(struct
+                goto err_nolock;
+ 
+        br = p->br;
++       /* insert into forwarding database after filtering to avoid spoofing */
++       br_fdb_insert(br, p, skb->mac.ethernet->h_source, 0);
++
+        read_lock(&br->lock);
+        if (skb->dev->br_port == NULL)
+                goto err;
+@@ -112,7 +118,7 @@ err_nolock:
         return 0;
  }
@@ -108 +118 @@
         struct net_bridge *br;
         unsigned char *dest;
-@@ -146,26 +149,35 @@ void br_handle_frame(struct sk_buff *skb
+@@ -136,8 +142,7 @@ void br_handle_frame(struct sk_buff *skb
+        if (skb->mac.ethernet->h_source[0] & 1)
+                goto err;
+ 
+-       if (p->state == BR_STATE_LEARNING ||
+-           p->state == BR_STATE_FORWARDING)
++       if (p->state == BR_STATE_LEARNING)
+                br_fdb_insert(br, p, skb->mac.ethernet->h_source, 0);
+ 
+        if (br->stp_enabled &&
+@@ -146,26 +151,35 @@ void br_handle_frame(struct sk_buff *skb
                 goto handle_special_frame;
  
@@ -147 +167 @@
 +       return 0;
  }
---- linux-2.4.29/net/bridge/br_forward.c        2003-11-28 19:26:21.000000000 +0100
-+++ linux-2.4.29-ebt-brnf/net/bridge/br_forward.c       2005-03-14 00:00:29.000000000 +0100
+--- linux-2.4.31/net/bridge/br_stp_bpdu.c       2003-11-28 18:26:21.000000000 +0000
++++ linux-2.4.31-ebt-brnf/net/bridge/br_stp_bpdu.c      2005-09-22 17:20:13.385615400 +0000
+@@ -142,6 +142,9 @@ int br_stp_handle_bpdu(struct sk_buff *s
+ 
+        p = skb->dev->br_port;
+ 
++       /* insert into forwarding database after filtering to avoid spoofing */
++       br_fdb_insert(p->br, p, skb->mac.ethernet->h_source, 0);
++
+        if (!p->br->stp_enabled ||
+            !pskb_may_pull(skb, sizeof(header)+1) ||
+            memcmp(skb->data, header, sizeof(header)))
+--- linux-2.4.31/net/bridge/br_forward.c        2003-11-28 18:26:21.000000000 +0000
++++ linux-2.4.31-ebt-brnf/net/bridge/br_forward.c       2005-09-15 16:57:23.000000000 +0000
 @@ -30,18 +30,21 @@ static inline int should_deliver(struct 
         return 1;
@@ -196 +228 @@
  
  /* called under bridge lock */
---- linux-2.4.29/net/bridge/br.c        2004-08-08 01:26:06.000000000 +0200
-+++ linux-2.4.29-ebt-brnf/net/bridge/br.c       2005-03-14 00:00:29.000000000 +0100
+--- linux-2.4.31/net/bridge/br.c        2004-08-07 23:26:06.000000000 +0000
++++ linux-2.4.31-ebt-brnf/net/bridge/br.c       2005-09-15 16:57:23.000000000 +0000
 @@ -30,6 +30,8 @@
  #include "../atm/lec.h"
@@ -237 +269 @@
  module_init(br_init)
  module_exit(br_deinit)
---- linux-2.4.29/net/bridge/Makefile    2000-12-29 23:07:24.000000000 +0100
-+++ linux-2.4.29-ebt-brnf/net/bridge/Makefile   2005-03-14 00:00:29.000000000 +0100
+--- linux-2.4.31/net/bridge/Makefile    2000-12-29 22:07:24.000000000 +0000
++++ linux-2.4.31-ebt-brnf/net/bridge/Makefile   2005-09-15 16:57:23.000000000 +0000
 @@ -7,10 +7,17 @@
  #
@@ -257 +289 @@
  
  include $(TOPDIR)/Rules.make
---- linux-2.4.29/include/linux/netfilter_bridge.h       2001-06-12 04:15:27.000000000 +0200
-+++ linux-2.4.29-ebt-brnf/include/linux/netfilter_bridge.h      2005-03-14 21:24:06.000000000 +0100
+--- linux-2.4.31/include/linux/netfilter_bridge.h       2001-06-12 02:15:27.000000000 +0000
++++ linux-2.4.31-ebt-brnf/include/linux/netfilter_bridge.h      2005-09-15 16:57:23.000000000 +0000
 @@ -6,6 +6,10 @@
  
@@ -270 +302 @@
  /* Bridge Hooks */
  /* After promisc drops, checksum checks. */
-@@ -18,7 +22,76 @@
+@@ -18,7 +22,89 @@
  #define NF_BR_LOCAL_OUT                3
  /* Packets about to hit the wire. */
@@ -338 +370 @@
 +       memcpy(skb->nf_bridge->data, skb->data - header_size, header_size);
 +}
- 
++
 +struct bridge_skb_cb {
 +       union {
@@ -344 +376 @@
 +       } daddr;
 +};
++
+ 
++/* This is called by the IP fragmenting code and it ensures there is
++ * enough room for the encapsulating header (if there is one). */
++static inline
++int nf_bridge_pad(struct sk_buff *skb)
++{
++        if (skb->nf_bridge) {
++                if (skb->protocol == __constant_htons(ETH_P_8021Q))
++                        return 4;
++        }
++        return 0;
++}
 +#endif /* CONFIG_NETFILTER */
  
 +#endif /* __KERNEL__ */
  #endif
---- linux-2.4.29/include/linux/netfilter_ipv4/ip_tables.h       2004-08-08 01:26:06.000000000 +0200
-+++ linux-2.4.29-ebt-brnf/include/linux/netfilter_ipv4/ip_tables.h      2005-03-14 21:24:28.000000000 +0100
+--- linux-2.4.31/include/linux/netfilter_ipv4/ip_tables.h       2005-04-04 01:42:20.000000000 +0000
++++ linux-2.4.31-ebt-brnf/include/linux/netfilter_ipv4/ip_tables.h      2005-09-15 16:57:23.000000000 +0000
 @@ -159,7 +159,7 @@ struct ipt_entry
  #define IPT_CONTINUE 0xFFFFFFFF
@@ -359 +404 @@
  /* TCP matching stuff */
  struct ipt_tcp
---- linux-2.4.29/include/linux/netfilter_ipv6/ip6_tables.h      2004-08-08 01:26:06.000000000 +0200
-+++ linux-2.4.29-ebt-brnf/include/linux/netfilter_ipv6/ip6_tables.h     2005-03-14 00:00:29.000000000 +0100
-@@ -167,7 +167,7 @@ struct ip6t_entry
+--- linux-2.4.31/include/linux/netfilter_ipv6/ip6_tables.h      2005-04-04 01:42:20.000000000 +0000
++++ linux-2.4.31-ebt-brnf/include/linux/netfilter_ipv6/ip6_tables.h     2005-09-15 16:57:23.000000000 +0000
+@@ -165,7 +165,7 @@ struct ip6t_entry
  #define IP6T_CONTINUE 0xFFFFFFFF
  
@@ -370 +415 @@
  /* TCP matching stuff */
  struct ip6t_tcp
---- linux-2.4.29/include/linux/netfilter_arp/arp_tables.h       2003-08-25 13:44:44.000000000 +0200
-+++ linux-2.4.29-ebt-brnf/include/linux/netfilter_arp/arp_tables.h      2005-03-14 21:24:31.000000000 +0100
+--- linux-2.4.31/include/linux/netfilter_arp/arp_tables.h       2003-08-25 11:44:44.000000000 +0000
++++ linux-2.4.31-ebt-brnf/include/linux/netfilter_arp/arp_tables.h      2005-09-15 16:57:23.000000000 +0000
 @@ -154,7 +154,7 @@ struct arpt_entry
  #define ARPT_CONTINUE 0xFFFFFFFF
@@ -381 +426 @@
  /* The argument to ARPT_SO_GET_INFO */
  struct arpt_getinfo
---- linux-2.4.29/net/Makefile   2004-08-08 01:26:06.000000000 +0200
-+++ linux-2.4.29-ebt-brnf/net/Makefile  2005-03-14 00:00:29.000000000 +0100
+--- linux-2.4.31/net/Makefile   2004-08-07 23:26:06.000000000 +0000
++++ linux-2.4.31-ebt-brnf/net/Makefile  2005-09-15 16:57:23.000000000 +0000
 @@ -7,7 +7,8 @@
  
@@ -406 +451 @@
  subdir-$(CONFIG_PACKET)                += packet
  subdir-$(CONFIG_NET_SCHED)     += sched
---- linux-2.4.29/net/Config.in  2005-01-19 15:10:13.000000000 +0100
-+++ linux-2.4.29-ebt-brnf/net/Config.in 2005-03-14 00:00:29.000000000 +0100
+--- linux-2.4.31/net/Config.in  2005-01-19 14:10:13.000000000 +0000
++++ linux-2.4.31-ebt-brnf/net/Config.in 2005-09-15 16:57:23.000000000 +0000
 @@ -70,6 +70,9 @@ if [ "$CONFIG_DECNET" != "n" ]; then
     source net/decnet/Config.in
@@ -418 +463 @@
     tristate 'CCITT X.25 Packet Layer (EXPERIMENTAL)' CONFIG_X25
     tristate 'LAPB Data Link Driver (EXPERIMENTAL)' CONFIG_LAPB
---- /dev/null   2005-03-14 20:10:29.001600248 +0100
-+++ linux-2.4.29-ebt-brnf/net/bridge/netfilter/Makefile 2005-03-14 00:00:29.000000000 +0100
+--- /dev/null   2005-09-22 15:53:13.374707688 +0000
++++ linux-2.4.31-ebt-brnf/net/bridge/netfilter/Makefile 2005-09-15 16:57:23.000000000 +0000
 @@ -0,0 +1,34 @@
 +#
@@ -455 +500 @@
 +obj-$(CONFIG_BRIDGE_EBT_SNAT) += ebt_snat.o
 +include $(TOPDIR)/Rules.make
---- /dev/null   2005-03-14 20:10:29.001600248 +0100
-+++ linux-2.4.29-ebt-brnf/net/bridge/netfilter/Config.in        2005-03-14 00:00:29.000000000 +0100
+--- /dev/null   2005-09-22 15:53:13.374707688 +0000
++++ linux-2.4.31-ebt-brnf/net/bridge/netfilter/Config.in        2005-09-15 16:57:23.000000000 +0000
 @@ -0,0 +1,23 @@
 +#
@@ -481 +526 @@
 +dep_tristate '    ebt: redirect target support' CONFIG_BRIDGE_EBT_REDIRECT $CONFIG_BRIDGE_NF_EBTABLES
 +dep_tristate '    ebt: mark target support' CONFIG_BRIDGE_EBT_MARK_T $CONFIG_BRIDGE_NF_EBTABLES
---- /dev/null   2005-03-14 20:10:29.001600248 +0100
-+++ linux-2.4.29-ebt-brnf/net/bridge/netfilter/ebtable_filter.c 2005-03-14 00:00:29.000000000 +0100
+--- /dev/null   2005-09-22 15:53:13.374707688 +0000
++++ linux-2.4.31-ebt-brnf/net/bridge/netfilter/ebtable_filter.c 2005-09-15 16:57:23.000000000 +0000
 @@ -0,0 +1,90 @@
 +/*
@@ -574 +619 @@
 +EXPORT_NO_SYMBOLS;
 +MODULE_LICENSE("GPL");
---- /dev/null   2005-03-14 20:10:29.001600248 +0100
-+++ linux-2.4.29-ebt-brnf/net/bridge/netfilter/ebtable_nat.c    2005-03-14 00:00:29.000000000 +0100
+--- /dev/null   2005-09-22 15:53:13.374707688 +0000
++++ linux-2.4.31-ebt-brnf/net/bridge/netfilter/ebtable_nat.c    2005-09-15 16:57:23.000000000 +0000
 @@ -0,0 +1,96 @@
 +/*
@@ -673 +718 @@
 +EXPORT_NO_SYMBOLS;
 +MODULE_LICENSE("GPL");
---- /dev/null   2005-03-14 20:10:29.001600248 +0100
-+++ linux-2.4.29-ebt-brnf/net/bridge/netfilter/ebtable_broute.c 2005-03-14 00:00:29.000000000 +0100
+--- /dev/null   2005-09-22 15:53:13.374707688 +0000
++++ linux-2.4.31-ebt-brnf/net/bridge/netfilter/ebtable_broute.c 2005-09-15 16:57:23.000000000 +0000
 @@ -0,0 +1,79 @@
 +/*
@@ -755 +800 @@
 +EXPORT_NO_SYMBOLS;
 +MODULE_LICENSE("GPL");
---- /dev/null   2005-03-14 20:10:29.001600248 +0100
-+++ linux-2.4.29-ebt-brnf/net/bridge/netfilter/ebt_among.c      2005-03-14 00:00:29.000000000 +0100
+--- /dev/null   2005-09-22 15:53:13.374707688 +0000
++++ linux-2.4.31-ebt-brnf/net/bridge/netfilter/ebt_among.c      2005-09-15 16:57:23.000000000 +0000
 @@ -0,0 +1,223 @@
 +/*
@@ -981 +1026 @@
 +EXPORT_NO_SYMBOLS;
 +MODULE_LICENSE("GPL");
---- /dev/null   2005-03-14 20:10:29.001600248 +0100
-+++ linux-2.4.29-ebt-brnf/net/bridge/netfilter/ebt_limit.c      2005-03-14 00:00:29.000000000 +0100
+--- /dev/null   2005-09-22 15:53:13.374707688 +0000
++++ linux-2.4.31-ebt-brnf/net/bridge/netfilter/ebt_limit.c      2005-09-15 16:57:23.000000000 +0000
 @@ -0,0 +1,101 @@
 +/*
@@ -1085 +1130 @@
 +EXPORT_NO_SYMBOLS;
 +MODULE_LICENSE("GPL");
---- /dev/null   2005-03-14 20:10:29.001600248 +0100
-+++ linux-2.4.29-ebt-brnf/net/bridge/netfilter/ebt_arpreply.c   2005-03-14 00:00:30.000000000 +0100
+--- /dev/null   2005-09-22 15:53:13.374707688 +0000
++++ linux-2.4.31-ebt-brnf/net/bridge/netfilter/ebt_arpreply.c   2005-09-15 16:57:23.000000000 +0000
 @@ -0,0 +1,86 @@
 +/*
@@ -1174 +1219 @@
 +EXPORT_NO_SYMBOLS;
 +MODULE_LICENSE("GPL");
---- /dev/null   2005-03-14 20:10:29.001600248 +0100
-+++ linux-2.4.29-ebt-brnf/net/bridge/netfilter/ebt_802_3.c      2005-03-14 00:00:30.000000000 +0100
+--- /dev/null   2005-09-22 15:53:13.374707688 +0000
++++ linux-2.4.31-ebt-brnf/net/bridge/netfilter/ebt_802_3.c      2005-09-15 16:57:23.000000000 +0000
 @@ -0,0 +1,74 @@
 +/*
@@ -1251 +1296 @@
 +EXPORT_NO_SYMBOLS;
 +MODULE_LICENSE("GPL");
---- /dev/null   2005-03-14 20:10:29.001600248 +0100
-+++ linux-2.4.29-ebt-brnf/net/bridge/netfilter/ebt_mark.c       2005-03-14 00:00:30.000000000 +0100
+--- /dev/null   2005-09-22 15:53:13.374707688 +0000
++++ linux-2.4.31-ebt-brnf/net/bridge/netfilter/ebt_mark.c       2005-09-15 16:57:23.000000000 +0000
 @@ -0,0 +1,66 @@
 +/*
@@ -1320 +1365 @@
 +EXPORT_NO_SYMBOLS;
 +MODULE_LICENSE("GPL");
---- /dev/null   2005-03-14 20:10:29.001600248 +0100
-+++ linux-2.4.29-ebt-brnf/net/bridge/netfilter/ebt_mark_m.c     2005-03-14 00:00:30.000000000 +0100
+--- /dev/null   2005-09-22 15:53:13.374707688 +0000
++++ linux-2.4.31-ebt-brnf/net/bridge/netfilter/ebt_mark_m.c     2005-09-15 16:57:23.000000000 +0000
 @@ -0,0 +1,61 @@
 +/*
@@ -1384 +1429 @@
 +EXPORT_NO_SYMBOLS;
 +MODULE_LICENSE("GPL");
---- /dev/null   2005-03-14 20:10:29.001600248 +0100
-+++ linux-2.4.29-ebt-brnf/net/bridge/netfilter/ebt_pkttype.c    2005-03-14 00:00:30.000000000 +0100
+--- /dev/null   2005-09-22 15:53:13.374707688 +0000
++++ linux-2.4.31-ebt-brnf/net/bridge/netfilter/ebt_pkttype.c    2005-09-15 16:57:23.000000000 +0000
 @@ -0,0 +1,60 @@
 +/*
@@ -1447 +1492 @@
 +EXPORT_NO_SYMBOLS;
 +MODULE_LICENSE("GPL");
---- /dev/null   2005-03-14 20:10:29.001600248 +0100
-+++ linux-2.4.29-ebt-brnf/net/bridge/netfilter/ebt_stp.c        2005-03-14 00:00:30.000000000 +0100
+--- /dev/null   2005-09-22 15:53:13.374707688 +0000
++++ linux-2.4.31-ebt-brnf/net/bridge/netfilter/ebt_stp.c        2005-09-15 16:57:23.000000000 +0000
 @@ -0,0 +1,191 @@
 +/*
@@ -1641 +1686 @@
 +EXPORT_NO_SYMBOLS;
 +MODULE_LICENSE("GPL");
---- /dev/null   2005-03-14 20:10:29.001600248 +0100
-+++ linux-2.4.29-ebt-brnf/net/bridge/netfilter/ebt_redirect.c   2005-03-14 00:00:30.000000000 +0100
+--- /dev/null   2005-09-22 15:53:13.374707688 +0000
++++ linux-2.4.31-ebt-brnf/net/bridge/netfilter/ebt_redirect.c   2005-09-15 16:57:23.000000000 +0000
 @@ -0,0 +1,71 @@
 +/*
@@ -1715 +1760 @@
 +EXPORT_NO_SYMBOLS;
 +MODULE_LICENSE("GPL");
---- /dev/null   2005-03-14 20:10:29.001600248 +0100
-+++ linux-2.4.29-ebt-brnf/net/bridge/netfilter/ebt_arp.c        2005-03-14 00:00:30.000000000 +0100
+--- /dev/null   2005-09-22 15:53:13.374707688 +0000
++++ linux-2.4.31-ebt-brnf/net/bridge/netfilter/ebt_arp.c        2005-09-15 16:57:23.000000000 +0000
 @@ -0,0 +1,149 @@
 +/*
@@ -1867 +1912 @@
 +EXPORT_NO_SYMBOLS;
 +MODULE_LICENSE("GPL");
---- /dev/null   2005-03-14 20:10:29.001600248 +0100
-+++ linux-2.4.29-ebt-brnf/net/bridge/netfilter/ebt_ip.c 2005-03-14 00:00:30.000000000 +0100
+--- /dev/null   2005-09-22 15:53:13.374707688 +0000
++++ linux-2.4.31-ebt-brnf/net/bridge/netfilter/ebt_ip.c 2005-09-15 16:57:23.000000000 +0000
 @@ -0,0 +1,121 @@
 +/*
@@ -1991 +2036 @@
 +EXPORT_NO_SYMBOLS;
 +MODULE_LICENSE("GPL");
---- /dev/null   2005-03-14 20:10:29.001600248 +0100
-+++ linux-2.4.29-ebt-brnf/net/bridge/netfilter/ebt_vlan.c       2005-03-14 00:00:30.000000000 +0100
+--- /dev/null   2005-09-22 15:53:13.374707688 +0000
++++ linux-2.4.31-ebt-brnf/net/bridge/netfilter/ebt_vlan.c       2005-09-15 16:57:23.000000000 +0000
 @@ -0,0 +1,259 @@
 +/*
@@ -2253 +2298 @@
 +
 +EXPORT_NO_SYMBOLS;
---- /dev/null   2005-03-14 20:10:29.001600248 +0100
-+++ linux-2.4.29-ebt-brnf/net/bridge/netfilter/ebt_log.c        2005-03-14 00:00:30.000000000 +0100
+--- /dev/null   2005-09-22 15:53:13.374707688 +0000
++++ linux-2.4.31-ebt-brnf/net/bridge/netfilter/ebt_log.c        2005-09-15 16:57:23.000000000 +0000
 @@ -0,0 +1,153 @@
 +/*
@@ -2409 +2454 @@
 +EXPORT_NO_SYMBOLS;
 +MODULE_LICENSE("GPL");
---- /dev/null   2005-03-14 20:10:29.001600248 +0100
-+++ linux-2.4.29-ebt-brnf/net/bridge/netfilter/ebt_ulog.c       2005-03-14 00:00:30.000000000 +0100
+--- /dev/null   2005-09-22 15:53:13.374707688 +0000
++++ linux-2.4.31-ebt-brnf/net/bridge/netfilter/ebt_ulog.c       2005-09-15 16:57:23.000000000 +0000
 @@ -0,0 +1,281 @@
 +/*
@@ -2693 +2738 @@
 +MODULE_DESCRIPTION("ebtables userspace logging module for bridged Ethernet"
 +                   " frames");
---- /dev/null   2005-03-14 20:10:29.001600248 +0100
-+++ linux-2.4.29-ebt-brnf/net/bridge/netfilter/ebt_snat.c       2005-03-14 00:00:30.000000000 +0100
+--- /dev/null   2005-09-22 15:53:13.374707688 +0000
++++ linux-2.4.31-ebt-brnf/net/bridge/netfilter/ebt_snat.c       2005-09-15 16:57:23.000000000 +0000
 @@ -0,0 +1,64 @@
 +/*
@@ -2760 +2805 @@
 +EXPORT_NO_SYMBOLS;
 +MODULE_LICENSE("GPL");
---- /dev/null   2005-03-14 20:10:29.001600248 +0100
-+++ linux-2.4.29-ebt-brnf/net/bridge/netfilter/ebt_dnat.c       2005-03-14 00:00:30.000000000 +0100
+--- /dev/null   2005-09-22 15:53:13.374707688 +0000
++++ linux-2.4.31-ebt-brnf/net/bridge/netfilter/ebt_dnat.c       2005-09-15 16:57:23.000000000 +0000
 @@ -0,0 +1,65 @@
 +/*
@@ -2828 +2873 @@
 +EXPORT_NO_SYMBOLS;
 +MODULE_LICENSE("GPL");
---- /dev/null   2005-03-14 20:10:29.001600248 +0100
-+++ linux-2.4.29-ebt-brnf/net/bridge/netfilter/ebtables.c       2005-03-14 21:04:05.155913576 +0100
+--- /dev/null   2005-09-22 15:53:13.374707688 +0000
++++ linux-2.4.31-ebt-brnf/net/bridge/netfilter/ebtables.c       2005-09-15 16:57:23.000000000 +0000
 @@ -0,0 +1,1497 @@
 +/*
@@ -4328 +4373 @@
 +module_exit(fini);
 +MODULE_LICENSE("GPL");
---- /dev/null   2005-03-14 20:10:29.001600248 +0100
-+++ linux-2.4.29-ebt-brnf/include/linux/netfilter_bridge/ebtables.h     2005-03-14 21:24:12.000000000 +0100
+--- /dev/null   2005-09-22 15:53:13.374707688 +0000
++++ linux-2.4.31-ebt-brnf/include/linux/netfilter_bridge/ebtables.h     2005-09-15 16:57:23.000000000 +0000
 @@ -0,0 +1,361 @@
 +/*
@@ -4692 +4737 @@
 +
 +#endif
---- /dev/null   2005-03-14 20:10:29.001600248 +0100
-+++ linux-2.4.29-ebt-brnf/include/linux/netfilter_bridge/ebt_among.h    2005-03-14 00:00:30.000000000 +0100
+--- /dev/null   2005-09-22 15:53:13.374707688 +0000
++++ linux-2.4.31-ebt-brnf/include/linux/netfilter_bridge/ebt_among.h    2005-09-15 16:57:23.000000000 +0000
 @@ -0,0 +1,65 @@
 +#ifndef __LINUX_BRIDGE_EBT_AMONG_H
@@ -4760 +4805 @@
 +
 +#endif
---- /dev/null   2005-03-14 20:10:29.001600248 +0100
-+++ linux-2.4.29-ebt-brnf/include/linux/netfilter_bridge/ebt_limit.h    2005-03-14 00:00:30.000000000 +0100
+--- /dev/null   2005-09-22 15:53:13.374707688 +0000
++++ linux-2.4.31-ebt-brnf/include/linux/netfilter_bridge/ebt_limit.h    2005-09-15 16:57:23.000000000 +0000
 @@ -0,0 +1,23 @@
 +#ifndef __LINUX_BRIDGE_EBT_LIMIT_H
@@ -4786 +4831 @@
 +
 +#endif
---- /dev/null   2005-03-14 20:10:29.001600248 +0100
-+++ linux-2.4.29-ebt-brnf/include/linux/netfilter_bridge/ebt_arpreply.h 2005-03-14 00:00:30.000000000 +0100
+--- /dev/null   2005-09-22 15:53:13.374707688 +0000
++++ linux-2.4.31-ebt-brnf/include/linux/netfilter_bridge/ebt_arpreply.h 2005-09-15 16:57:23.000000000 +0000
 @@ -0,0 +1,11 @@
 +#ifndef __LINUX_BRIDGE_EBT_ARPREPLY_H
@@ -4800 +4845 @@
 +
 +#endif
---- /dev/null   2005-03-14 20:10:29.001600248 +0100
-+++ linux-2.4.29-ebt-brnf/include/linux/netfilter_bridge/ebt_802_3.h    2005-03-14 00:00:30.000000000 +0100
+--- /dev/null   2005-09-22 15:53:13.374707688 +0000
++++ linux-2.4.31-ebt-brnf/include/linux/netfilter_bridge/ebt_802_3.h    2005-09-15 16:57:23.000000000 +0000
 @@ -0,0 +1,60 @@
 +#ifndef __LINUX_BRIDGE_EBT_802_3_H
@@ -4863 +4908 @@
 +
 +#endif
---- /dev/null   2005-03-14 20:10:29.001600248 +0100
-+++ linux-2.4.29-ebt-brnf/include/linux/netfilter_bridge/ebt_arp.h      2005-03-14 00:00:30.000000000 +0100
+--- /dev/null   2005-09-22 15:53:13.374707688 +0000
++++ linux-2.4.31-ebt-brnf/include/linux/netfilter_bridge/ebt_arp.h      2005-09-15 16:57:23.000000000 +0000
 @@ -0,0 +1,32 @@
 +#ifndef __LINUX_BRIDGE_EBT_ARP_H
@@ -4898 +4943 @@
 +
 +#endif
---- /dev/null   2005-03-14 20:10:29.001600248 +0100
-+++ linux-2.4.29-ebt-brnf/include/linux/netfilter_bridge/ebt_ip.h       2005-03-14 00:00:30.000000000 +0100
+--- /dev/null   2005-09-22 15:53:13.374707688 +0000
++++ linux-2.4.31-ebt-brnf/include/linux/netfilter_bridge/ebt_ip.h       2005-09-15 16:57:23.000000000 +0000
 @@ -0,0 +1,43 @@
 +/*
@@ -4944 +4989 @@
 +
 +#endif
---- /dev/null   2005-03-14 20:10:29.001600248 +0100
-+++ linux-2.4.29-ebt-brnf/include/linux/netfilter_bridge/ebt_pkttype.h  2005-03-14 00:00:30.000000000 +0100
+--- /dev/null   2005-09-22 15:53:13.374707688 +0000
++++ linux-2.4.31-ebt-brnf/include/linux/netfilter_bridge/ebt_pkttype.h  2005-09-15 16:57:23.000000000 +0000
 @@ -0,0 +1,11 @@
 +#ifndef __LINUX_BRIDGE_EBT_PKTTYPE_H
@@ -4958 +5003 @@
 +
 +#endif
---- /dev/null   2005-03-14 20:10:29.001600248 +0100
-+++ linux-2.4.29-ebt-brnf/include/linux/netfilter_bridge/ebt_stp.h      2005-03-14 00:00:30.000000000 +0100
+--- /dev/null   2005-09-22 15:53:13.374707688 +0000
++++ linux-2.4.31-ebt-brnf/include/linux/netfilter_bridge/ebt_stp.h      2005-09-15 16:57:23.000000000 +0000
 @@ -0,0 +1,46 @@
 +#ifndef __LINUX_BRIDGE_EBT_STP_H
@@ -5007 +5052 @@
 +
 +#endif
---- /dev/null   2005-03-14 20:10:29.001600248 +0100
-+++ linux-2.4.29-ebt-brnf/include/linux/netfilter_bridge/ebt_vlan.h     2005-03-14 00:00:30.000000000 +0100
+--- /dev/null   2005-09-22 15:53:13.374707688 +0000
++++ linux-2.4.31-ebt-brnf/include/linux/netfilter_bridge/ebt_vlan.h     2005-09-15 16:57:23.000000000 +0000
 @@ -0,0 +1,20 @@
 +#ifndef __LINUX_BRIDGE_EBT_VLAN_H
@@ -5030 +5075 @@
 +
 +#endif
---- /dev/null   2005-03-14 20:10:29.001600248 +0100
-+++ linux-2.4.29-ebt-brnf/include/linux/netfilter_bridge/ebt_log.h      2005-03-14 00:00:30.000000000 +0100
+--- /dev/null   2005-09-22 15:53:13.374707688 +0000
++++ linux-2.4.31-ebt-brnf/include/linux/netfilter_bridge/ebt_log.h      2005-09-15 16:57:23.000000000 +0000
 @@ -0,0 +1,17 @@
 +#ifndef __LINUX_BRIDGE_EBT_LOG_H
@@ -5050 +5095 @@
 +
 +#endif
---- /dev/null   2005-03-14 20:10:29.001600248 +0100
-+++ linux-2.4.29-ebt-brnf/include/linux/netfilter_bridge/ebt_ulog.h     2005-03-14 00:00:30.000000000 +0100
+--- /dev/null   2005-09-22 15:53:13.374707688 +0000
++++ linux-2.4.31-ebt-brnf/include/linux/netfilter_bridge/ebt_ulog.h     2005-09-15 16:57:23.000000000 +0000
 @@ -0,0 +1,33 @@
 +#ifndef _EBT_ULOG_H
@@ -5086 +5131 @@
 +
 +#endif /* _EBT_ULOG_H */
---- /dev/null   2005-03-14 20:10:29.001600248 +0100
-+++ linux-2.4.29-ebt-brnf/include/linux/netfilter_bridge/ebt_nat.h      2005-03-14 00:00:30.000000000 +0100
+--- /dev/null   2005-09-22 15:53:13.374707688 +0000
++++ linux-2.4.31-ebt-brnf/include/linux/netfilter_bridge/ebt_nat.h      2005-09-15 16:57:23.000000000 +0000
 @@ -0,0 +1,13 @@
 +#ifndef __LINUX_BRIDGE_EBT_NAT_H
@@ -5102 +5147 @@
 +
 +#endif
---- /dev/null   2005-03-14 20:10:29.001600248 +0100
-+++ linux-2.4.29-ebt-brnf/include/linux/netfilter_bridge/ebt_redirect.h 2005-03-14 00:00:30.000000000 +0100
+--- /dev/null   2005-09-22 15:53:13.374707688 +0000
++++ linux-2.4.31-ebt-brnf/include/linux/netfilter_bridge/ebt_redirect.h 2005-09-15 16:57:23.000000000 +0000
 @@ -0,0 +1,11 @@
 +#ifndef __LINUX_BRIDGE_EBT_REDIRECT_H
@@ -5116 +5161 @@
 +
 +#endif
---- /dev/null   2005-03-14 20:10:29.001600248 +0100
-+++ linux-2.4.29-ebt-brnf/include/linux/netfilter_bridge/ebt_mark_m.h   2005-03-14 00:00:30.000000000 +0100
+--- /dev/null   2005-09-22 15:53:13.374707688 +0000
++++ linux-2.4.31-ebt-brnf/include/linux/netfilter_bridge/ebt_mark_m.h   2005-09-15 16:57:23.000000000 +0000
 @@ -0,0 +1,15 @@
 +#ifndef __LINUX_BRIDGE_EBT_MARK_M_H
@@ -5134 +5179 @@
 +
 +#endif
---- /dev/null   2005-03-14 20:10:29.001600248 +0100
-+++ linux-2.4.29-ebt-brnf/include/linux/netfilter_bridge/ebt_mark_t.h   2005-03-14 00:00:30.000000000 +0100
+--- /dev/null   2005-09-22 15:53:13.374707688 +0000
++++ linux-2.4.31-ebt-brnf/include/linux/netfilter_bridge/ebt_mark_t.h   2005-09-15 16:57:23.000000000 +0000
 @@ -0,0 +1,12 @@
 +#ifndef __LINUX_BRIDGE_EBT_MARK_T_H
@@ -5149 +5194 @@
 +
 +#endif
---- linux-2.4.29/include/linux/netfilter.h      2005-01-19 15:10:12.000000000 +0100
-+++ linux-2.4.29-ebt-brnf/include/linux/netfilter.h     2005-03-14 21:11:36.000000000 +0100
+--- linux-2.4.31/include/linux/netfilter.h      2005-01-19 14:10:12.000000000 +0000
++++ linux-2.4.31-ebt-brnf/include/linux/netfilter.h     2005-09-15 16:57:23.000000000 +0000
 @@ -17,7 +17,8 @@
  #define NF_STOLEN 2
@@ -5203 +5248 @@
  /* Call setsockopt() */
  int nf_setsockopt(struct sock *sk, int pf, int optval, char *opt, 
---- linux-2.4.29/include/linux/netfilter_ipv4.h 2002-02-25 20:38:13.000000000 +0100
-+++ linux-2.4.29-ebt-brnf/include/linux/netfilter_ipv4.h        2005-03-14 21:11:36.000000000 +0100
+--- linux-2.4.31/include/linux/netfilter_ipv4.h 2002-02-25 19:38:13.000000000 +0000
++++ linux-2.4.31-ebt-brnf/include/linux/netfilter_ipv4.h        2005-09-15 16:57:23.000000000 +0000
 @@ -52,8 +52,10 @@
  enum nf_ip_hook_priorities {
@@ -5216 +5261 @@
         NF_IP_PRI_NAT_SRC = 100,
         NF_IP_PRI_LAST = INT_MAX,
---- linux-2.4.29/include/linux/netfilter_ipv6.h 2001-01-02 01:17:54.000000000 +0100
-+++ linux-2.4.29-ebt-brnf/include/linux/netfilter_ipv6.h        2005-03-14 21:24:11.000000000 +0100
+--- linux-2.4.31/include/linux/netfilter_ipv6.h 2001-01-02 00:17:54.000000000 +0000
++++ linux-2.4.31-ebt-brnf/include/linux/netfilter_ipv6.h        2005-09-15 16:57:23.000000000 +0000
 @@ -57,8 +57,10 @@
  enum nf_ip6_hook_priorities {
@@ -5229 +5274 @@
         NF_IP6_PRI_NAT_SRC = 100,
         NF_IP6_PRI_LAST = INT_MAX,
---- linux-2.4.29/include/linux/skbuff.h 2004-08-08 01:26:06.000000000 +0200
-+++ linux-2.4.29-ebt-brnf/include/linux/skbuff.h        2005-03-14 21:07:31.000000000 +0100
+--- linux-2.4.31/include/linux/skbuff.h 2005-04-04 01:42:20.000000000 +0000
++++ linux-2.4.31-ebt-brnf/include/linux/skbuff.h        2005-09-15 16:57:23.000000000 +0000
 @@ -92,6 +92,20 @@ struct nf_conntrack {
  struct nf_ct_info {
@@ -5262 +5307 @@
  
  #if defined(CONFIG_HIPPI)
-@@ -1175,6 +1192,20 @@ nf_reset(struct sk_buff *skb)
+@@ -1171,6 +1188,20 @@ nf_reset(struct sk_buff *skb)
         skb->nf_debug = 0;
  #endif
@@ -5283 +5328 @@
  static inline void nf_reset(struct sk_buff *skb) {}
  #endif /* CONFIG_NETFILTER */
---- linux-2.4.29/net/core/netfilter.c   2005-01-19 15:10:13.000000000 +0100
-+++ linux-2.4.29-ebt-brnf/net/core/netfilter.c  2005-03-14 21:21:41.825275416 +0100
+--- linux-2.4.31/net/core/netfilter.c   2005-01-19 14:10:13.000000000 +0000
++++ linux-2.4.31-ebt-brnf/net/core/netfilter.c  2005-09-15 16:57:23.000000000 +0000
 @@ -342,32 +342,29 @@ static unsigned int nf_iterate(struct li
                                const struct net_device *indev,
@@ -5472 +5517 @@
  
         switch (verdict) {
---- linux-2.4.29/net/core/skbuff.c      2003-08-25 13:44:44.000000000 +0200
-+++ linux-2.4.29-ebt-brnf/net/core/skbuff.c     2005-03-14 00:00:30.000000000 +0100
+--- linux-2.4.31/net/core/skbuff.c      2003-08-25 11:44:44.000000000 +0000
++++ linux-2.4.31-ebt-brnf/net/core/skbuff.c     2005-09-15 16:57:23.000000000 +0000
 @@ -246,6 +246,9 @@ static inline void skb_headerinit(void *
  #ifdef CONFIG_NETFILTER_DEBUG
@@ -5538 +5583 @@
         copy_skb_header(n, skb);
         return n;
---- linux-2.4.29/net/ipv4/netfilter/ip_tables.c 2005-01-19 15:10:13.000000000 +0100
-+++ linux-2.4.29-ebt-brnf/net/ipv4/netfilter/ip_tables.c        2005-03-14 00:00:30.000000000 +0100
-@@ -118,12 +118,19 @@ static LIST_HEAD(ipt_tables);
+--- linux-2.4.31/net/ipv4/netfilter/ip_tables.c 2005-04-04 01:42:20.000000000 +0000
++++ linux-2.4.31-ebt-brnf/net/ipv4/netfilter/ip_tables.c        2005-09-15 16:57:23.000000000 +0000
+@@ -120,12 +120,19 @@ static LIST_HEAD(ipt_tables);
  static inline int
  ip_packet_match(const struct iphdr *ip,
@@ -5560 +5605 @@
  #define FWINV(bool,invflg) ((bool) ^ !!(ipinfo->invflags & invflg))
  
-@@ -153,7 +160,15 @@ ip_packet_match(const struct iphdr *ip,
+@@ -155,7 +162,15 @@ ip_packet_match(const struct iphdr *ip,
                         & ((const unsigned long *)ipinfo->iniface_mask)[i];
         }
@@ -5577 +5622 @@
                         indev, ipinfo->iniface,
                         ipinfo->invflags&IPT_INV_VIA_IN ?" (INV)":"");
-@@ -166,7 +181,15 @@ ip_packet_match(const struct iphdr *ip,
+@@ -168,7 +183,15 @@ ip_packet_match(const struct iphdr *ip,
                         & ((const unsigned long *)ipinfo->outiface_mask)[i];
         }
@@ -5594 +5639 @@
                         outdev, ipinfo->outiface,
                         ipinfo->invflags&IPT_INV_VIA_OUT ?" (INV)":"");
-@@ -265,6 +288,9 @@ ipt_do_table(struct sk_buff **pskb,
+@@ -267,6 +290,9 @@ ipt_do_table(struct sk_buff **pskb,
         /* Initializing verdict to NF_DROP keeps gcc happy. */
         unsigned int verdict = NF_DROP;
@@ -5604 +5649 @@
         struct ipt_entry *e, *back;
  
-@@ -274,6 +300,13 @@ ipt_do_table(struct sk_buff **pskb,
+@@ -276,6 +302,13 @@ ipt_do_table(struct sk_buff **pskb,
         datalen = (*pskb)->len - ip->ihl * 4;
         indev = in ? in->name : nulldevname;
@@ -5618 +5663 @@
          * if it was a normal packet.  All other fragments are treated
          * normally, except that they will NEVER match rules that ask
-@@ -309,7 +342,15 @@ ipt_do_table(struct sk_buff **pskb,
+@@ -311,7 +344,15 @@ ipt_do_table(struct sk_buff **pskb,
                 IP_NF_ASSERT(e);
                 IP_NF_ASSERT(back);
@@ -5635 +5680 @@
  
                         if (IPT_MATCH_ITERATE(e, do_match,
---- linux-2.4.29/net/ipv4/ip_output.c   2005-01-19 15:10:13.000000000 +0100
-+++ linux-2.4.29-ebt-brnf/net/ipv4/ip_output.c  2005-03-14 00:00:30.000000000 +0100
-@@ -890,6 +890,10 @@ int ip_fragment(struct sk_buff *skb, int
+--- linux-2.4.31/net/ipv4/ip_output.c   2005-01-19 14:10:13.000000000 +0000
++++ linux-2.4.31-ebt-brnf/net/ipv4/ip_output.c  2005-09-15 16:57:23.000000000 +0000
+@@ -77,6 +77,7 @@
+ #include <linux/netfilter_ipv4.h>
+ #include <linux/mroute.h>
+ #include <linux/netlink.h>
++#include <linux/netfilter_bridge.h>
+ 
+ /*
+  *      Shall we try to damage output packets if routing dev changes?
+@@ -769,7 +770,8 @@ int ip_fragment(struct sk_buff *skb, int
+        int not_last_frag;
+        struct rtable *rt = (struct rtable*)skb->dst;
+        int err = 0;
+-
++        unsigned int ll_rs = 0;
++       
+        dev = rt->u.dst.dev;
+ 
+        /*
+@@ -785,6 +787,10 @@ int ip_fragment(struct sk_buff *skb, int
+        hlen = iph->ihl * 4;
+        left = skb->len - hlen;         /* Space per frame */
+        mtu = rt->u.dst.pmtu - hlen;    /* Size of data space */
++#ifdef CONFIG_NETFILTER
++       ll_rs = nf_bridge_pad(skb);
++       mtu -= ll_rs;
++#endif
+        ptr = raw + hlen;               /* Where to start from */
+ 
+        /*
+@@ -812,7 +818,7 @@ int ip_fragment(struct sk_buff *skb, int
+                 *      Allocate buffer.
+                 */
+ 
+-               if ((skb2 = alloc_skb(len+hlen+dev->hard_header_len+15,GFP_ATOMIC)) == NULL) {
++               if ((skb2 = alloc_skb(len+hlen+dev->hard_header_len+15+ll_rs,GFP_ATOMIC)) == NULL) {
+                        NETDEBUG(printk(KERN_INFO "IP: frag: no memory for new fragment!\n"));
+                        err = -ENOMEM;
+                        goto fail;
+@@ -824,7 +830,7 @@ int ip_fragment(struct sk_buff *skb, int
+ 
+                skb2->pkt_type = skb->pkt_type;
+                skb2->priority = skb->priority;
+-               skb_reserve(skb2, (dev->hard_header_len+15)&~15);
++               skb_reserve(skb2, (dev->hard_header_len+15+ll_rs)&~15);
+                skb_put(skb2, len + hlen);
+                skb2->nh.raw = skb2->data;
+                skb2->h.raw = skb2->data + hlen;
+@@ -890,6 +896,10 @@ int ip_fragment(struct sk_buff *skb, int
                 /* Connection association is same as pre-frag packet */
                 skb2->nfct = skb->nfct;
@@ -5648 +5740 @@
                 skb2->nf_debug = skb->nf_debug;
  #endif
---- linux-2.4.29/net/ipv4/netfilter/ipt_LOG.c   2003-11-28 19:26:21.000000000 +0100
-+++ linux-2.4.29-ebt-brnf/net/ipv4/netfilter/ipt_LOG.c  2005-03-14 00:00:30.000000000 +0100
-@@ -316,6 +316,18 @@ ipt_log_target(struct sk_buff **pskb,
+--- linux-2.4.31/net/ipv4/netfilter/ipt_LOG.c   2005-04-04 01:42:20.000000000 +0000
++++ linux-2.4.31-ebt-brnf/net/ipv4/netfilter/ipt_LOG.c  2005-09-15 16:57:23.000000000 +0000
+@@ -317,6 +317,18 @@ ipt_log_target(struct sk_buff **pskb,
                loginfo->prefix,
                in ? in->name : "",
@@ -5669 +5761 @@
                 /* MAC logging for input chain only. */
                 printk("MAC=");
---- linux-2.4.29/net/ipv4/netfilter/Makefile    2003-08-25 13:44:44.000000000 +0200
-+++ linux-2.4.29-ebt-brnf/net/ipv4/netfilter/Makefile   2005-03-14 00:00:30.000000000 +0100
+--- linux-2.4.31/net/ipv4/netfilter/Makefile    2003-08-25 11:44:44.000000000 +0000
++++ linux-2.4.31-ebt-brnf/net/ipv4/netfilter/Makefile   2005-09-15 16:57:23.000000000 +0000
 @@ -87,6 +87,8 @@ obj-$(CONFIG_IP_NF_MATCH_CONNTRACK) += i
  obj-$(CONFIG_IP_NF_MATCH_UNCLEAN) += ipt_unclean.o
@@ -5680 +5772 @@
  obj-$(CONFIG_IP_NF_TARGET_REJECT) += ipt_REJECT.o
  obj-$(CONFIG_IP_NF_TARGET_MIRROR) += ipt_MIRROR.o
---- linux-2.4.29/net/ipv4/netfilter/Config.in   2005-01-19 15:10:13.000000000 +0100
-+++ linux-2.4.29-ebt-brnf/net/ipv4/netfilter/Config.in  2005-03-14 00:00:30.000000000 +0100
+--- linux-2.4.31/net/ipv4/netfilter/Config.in   2005-01-19 14:10:13.000000000 +0000
++++ linux-2.4.31-ebt-brnf/net/ipv4/netfilter/Config.in  2005-09-15 16:57:23.000000000 +0000
 @@ -44,6 +44,9 @@ if [ "$CONFIG_IP_NF_IPTABLES" != "n" ]; 
      dep_tristate '  Unclean match support (EXPERIMENTAL)' CONFIG_IP_NF_MATCH_UNCLEAN $CONFIG_IP_NF_IPTABLES
@@ -5692 +5784 @@
    dep_tristate '  Packet filtering' CONFIG_IP_NF_FILTER $CONFIG_IP_NF_IPTABLES 
    if [ "$CONFIG_IP_NF_FILTER" != "n" ]; then
---- /dev/null   2005-03-14 20:10:29.001600248 +0100
-+++ linux-2.4.29-ebt-brnf/net/bridge/br_netfilter.c     2005-03-14 00:00:30.000000000 +0100
-@@ -0,0 +1,1101 @@
+--- /dev/null   2005-09-22 15:53:13.374707688 +0000
++++ linux-2.4.31-ebt-brnf/net/bridge/br_netfilter.c     2005-09-15 17:00:24.000000000 +0000
+@@ -0,0 +1,1102 @@
 +/*
 + *     Handle firewalling
@@ -5925 +6017 @@
 +
 +                       if (!ip_route_output(&rt, iph->daddr, 0, iph->tos, 0)) {
-+                               /* Bridged-and-DNAT'ed traffic doesn't
-+                                * require ip_forwarding.
-+                                */
-+                               if (((struct dst_entry *)rt)->dev == dev) {
++                               /* - Bridged-and-DNAT'ed traffic doesn't
++                                *   require ip_forwarding.
++                                * - Deal with redirected traffic. */
++                               if (((struct dst_entry *)rt)->dev == dev ||
++                                   rt->rt_type == RTN_LOCAL) {
 +                                       skb->dst = (struct dst_entry *)rt;
 +                                       goto bridged_dnat;
@@ -6796 +6889 @@
 +
 +}
---- /dev/null   2005-03-14 20:10:29.001600248 +0100
-+++ linux-2.4.29-ebt-brnf/net/ipv4/netfilter/ipt_physdev.c      2005-03-14 00:00:30.000000000 +0100
+--- /dev/null   2005-09-22 15:53:13.374707688 +0000
++++ linux-2.4.31-ebt-brnf/net/ipv4/netfilter/ipt_physdev.c      2005-09-15 16:57:23.000000000 +0000
 @@ -0,0 +1,127 @@
 +/* Kernel module to match the bridge port in and
@@ -6926 +7019 @@
 +MODULE_LICENSE("GPL");
 +EXPORT_NO_SYMBOLS;
---- /dev/null   2005-03-14 20:10:29.001600248 +0100
-+++ linux-2.4.29-ebt-brnf/include/linux/netfilter_ipv4/ipt_physdev.h    2005-03-14 21:24:30.000000000 +0100
+--- /dev/null   2005-09-22 15:53:13.374707688 +0000
++++ linux-2.4.31-ebt-brnf/include/linux/netfilter_ipv4/ipt_physdev.h    2005-09-15 16:57:23.000000000 +0000
 @@ -0,0 +1,24 @@
 +#ifndef _IPT_PHYSDEV_H
@@ -6953 +7046 @@
 +
 +#endif /*_IPT_PHYSDEV_H*/
---- linux-2.4.29/net/8021q/vlan_dev.c   2005-01-19 15:10:13.000000000 +0100
-+++ linux-2.4.29-ebt-brnf/net/8021q/vlan_dev.c  2005-03-14 00:00:30.000000000 +0100
+--- linux-2.4.31/net/8021q/vlan_dev.c   2005-01-19 14:10:13.000000000 +0000
++++ linux-2.4.31-ebt-brnf/net/8021q/vlan_dev.c  2005-09-15 16:57:23.000000000 +0000
 @@ -488,6 +488,10 @@ int vlan_dev_hard_start_xmit(struct sk_b
         stats->tx_packets++; /* for statics only */
@@ -6966 +7059 @@
         dev_queue_xmit(skb);
  
---- linux-2.4.29/include/linux/sysctl.h 2005-01-19 15:10:13.000000000 +0100
-+++ linux-2.4.29-ebt-brnf/include/linux/sysctl.h        2005-03-14 21:07:18.000000000 +0100
-@@ -608,6 +608,15 @@ enum {
+--- linux-2.4.31/include/linux/sysctl.h 2005-04-04 01:42:20.000000000 +0000
++++ linux-2.4.31-ebt-brnf/include/linux/sysctl.h        2005-09-15 16:57:23.000000000 +0000
+@@ -609,6 +609,15 @@ enum {
         NET_DECNET_CONF_DEV_STATE = 7
  };
@@ -6984 +7077 @@
  
  /* CTL_FS names: */
---- linux-2.4.29/net/ipv4/netfilter/ipt_REJECT.c        2005-01-19 15:10:13.000000000 +0100
-+++ linux-2.4.29-ebt-brnf/net/ipv4/netfilter/ipt_REJECT.c       2005-03-14 00:00:30.000000000 +0100
+--- linux-2.4.31/net/ipv4/netfilter/ipt_REJECT.c        2005-01-19 14:10:13.000000000 +0000
++++ linux-2.4.31-ebt-brnf/net/ipv4/netfilter/ipt_REJECT.c       2005-09-15 16:57:23.000000000 +0000
 @@ -15,6 +15,9 @@
  #include <net/route.h>