summaryrefslogtreecommitdiff
path: root/target/linux/generic-2.6/patches
diff options
context:
space:
mode:
authorFelix Fietkau <nbd@openwrt.org>2007-07-02 02:10:01 +0000
committerFelix Fietkau <nbd@openwrt.org>2007-07-02 02:10:01 +0000
commit9801602a9351b3ba3d254dceb830d288dde4ddf4 (patch)
treec12fd12fb3d0d9ec5b502a847d060a2d8fc845b5 /target/linux/generic-2.6/patches
parent46d194834b736d53a61a3ef3b7b2e0a521f73384 (diff)
downloadmtk-20170518-9801602a9351b3ba3d254dceb830d288dde4ddf4.zip
mtk-20170518-9801602a9351b3ba3d254dceb830d288dde4ddf4.tar.gz
mtk-20170518-9801602a9351b3ba3d254dceb830d288dde4ddf4.tar.bz2
upgrade layer7 to the latest version and add fixes for 2.6.21 and 2.6.22-rc - compile tested on .21, run time tested on .22-rc6
SVN-Revision: 7846
Diffstat (limited to 'target/linux/generic-2.6/patches')
-rw-r--r--target/linux/generic-2.6/patches/100-netfilter_layer7_2.9.patch (renamed from target/linux/generic-2.6/patches/100-netfilter_layer7_2.8.patch)156
-rw-r--r--target/linux/generic-2.6/patches/101-netfilter_layer7_pktmatch.patch26
2 files changed, 105 insertions, 77 deletions
diff --git a/target/linux/generic-2.6/patches/100-netfilter_layer7_2.8.patch b/target/linux/generic-2.6/patches/100-netfilter_layer7_2.9.patch
index 9e9452a..5035e0b 100644
--- a/target/linux/generic-2.6/patches/100-netfilter_layer7_2.8.patch
+++ b/target/linux/generic-2.6/patches/100-netfilter_layer7_2.9.patch
@@ -1,25 +1,7 @@
-diff -urN linux-2.6.21.1.old/include/linux/netfilter_ipv4/ip_conntrack.h linux-2.6.21.1.dev/include/linux/netfilter_ipv4/ip_conntrack.h
---- linux-2.6.21.1.old/include/linux/netfilter_ipv4/ip_conntrack.h 2007-04-27 23:49:26.000000000 +0200
-+++ linux-2.6.21.1.dev/include/linux/netfilter_ipv4/ip_conntrack.h 2007-05-26 20:13:52.648130120 +0200
-@@ -128,6 +128,15 @@
- /* Traversed often, so hopefully in different cacheline to top */
- /* These are my tuples; original and reply */
- struct ip_conntrack_tuple_hash tuplehash[IP_CT_DIR_MAX];
-+
-+#if defined(CONFIG_IP_NF_MATCH_LAYER7) || defined(CONFIG_IP_NF_MATCH_LAYER7_MODULE)
-+ struct {
-+ char * app_proto; /* e.g. "http". NULL before decision. "unknown" after decision if no match */
-+ char * app_data; /* application layer data so far. NULL after match decision */
-+ unsigned int app_data_len;
-+ } layer7;
-+#endif
-+
- };
-
- struct ip_conntrack_expect
-diff -urN linux-2.6.21.1.old/include/linux/netfilter_ipv4/ipt_layer7.h linux-2.6.21.1.dev/include/linux/netfilter_ipv4/ipt_layer7.h
---- linux-2.6.21.1.old/include/linux/netfilter_ipv4/ipt_layer7.h 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.21.1.dev/include/linux/netfilter_ipv4/ipt_layer7.h 2007-05-26 20:13:52.648130120 +0200
+Index: linux-2.6.21.5/include/linux/netfilter_ipv4/ipt_layer7.h
+===================================================================
+--- /dev/null 1970-01-01 00:00:00.000000000 +0000
++++ linux-2.6.21.5/include/linux/netfilter_ipv4/ipt_layer7.h 2007-07-02 00:43:58.271086750 +0200
@@ -0,0 +1,26 @@
+/*
+ By Matthew Strait <quadong@users.sf.net>, Dec 2003.
@@ -47,10 +29,11 @@ diff -urN linux-2.6.21.1.old/include/linux/netfilter_ipv4/ipt_layer7.h linux-2.6
+};
+
+#endif /* _IPT_LAYER7_H */
-diff -urN linux-2.6.21.1.old/net/ipv4/netfilter/ip_conntrack_core.c linux-2.6.21.1.dev/net/ipv4/netfilter/ip_conntrack_core.c
---- linux-2.6.21.1.old/net/ipv4/netfilter/ip_conntrack_core.c 2007-04-27 23:49:26.000000000 +0200
-+++ linux-2.6.21.1.dev/net/ipv4/netfilter/ip_conntrack_core.c 2007-05-26 20:13:52.649129968 +0200
-@@ -337,6 +337,13 @@
+Index: linux-2.6.21.5/net/ipv4/netfilter/ip_conntrack_core.c
+===================================================================
+--- linux-2.6.21.5.orig/net/ipv4/netfilter/ip_conntrack_core.c 2007-07-02 00:37:53.432285750 +0200
++++ linux-2.6.21.5/net/ipv4/netfilter/ip_conntrack_core.c 2007-07-02 00:37:55.496414750 +0200
+@@ -332,6 +332,13 @@
* too. */
ip_ct_remove_expectations(ct);
@@ -64,9 +47,10 @@ diff -urN linux-2.6.21.1.old/net/ipv4/netfilter/ip_conntrack_core.c linux-2.6.21
/* We overload first tuple to link into unconfirmed list. */
if (!is_confirmed(ct)) {
BUG_ON(list_empty(&ct->tuplehash[IP_CT_DIR_ORIGINAL].list));
-diff -urN linux-2.6.21.1.old/net/ipv4/netfilter/ip_conntrack_standalone.c linux-2.6.21.1.dev/net/ipv4/netfilter/ip_conntrack_standalone.c
---- linux-2.6.21.1.old/net/ipv4/netfilter/ip_conntrack_standalone.c 2007-04-27 23:49:26.000000000 +0200
-+++ linux-2.6.21.1.dev/net/ipv4/netfilter/ip_conntrack_standalone.c 2007-05-26 20:13:52.649129968 +0200
+Index: linux-2.6.21.5/net/ipv4/netfilter/ip_conntrack_standalone.c
+===================================================================
+--- linux-2.6.21.5.orig/net/ipv4/netfilter/ip_conntrack_standalone.c 2007-07-02 00:37:53.440286250 +0200
++++ linux-2.6.21.5/net/ipv4/netfilter/ip_conntrack_standalone.c 2007-07-02 00:37:55.544417750 +0200
@@ -188,6 +188,12 @@
return -ENOSPC;
#endif
@@ -80,10 +64,11 @@ diff -urN linux-2.6.21.1.old/net/ipv4/netfilter/ip_conntrack_standalone.c linux-
if (seq_printf(s, "use=%u\n", atomic_read(&conntrack->ct_general.use)))
return -ENOSPC;
-diff -urN linux-2.6.21.1.old/net/ipv4/netfilter/ipt_layer7.c linux-2.6.21.1.dev/net/ipv4/netfilter/ipt_layer7.c
---- linux-2.6.21.1.old/net/ipv4/netfilter/ipt_layer7.c 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.21.1.dev/net/ipv4/netfilter/ipt_layer7.c 2007-05-26 20:13:52.650129816 +0200
-@@ -0,0 +1,573 @@
+Index: linux-2.6.21.5/net/ipv4/netfilter/ipt_layer7.c
+===================================================================
+--- /dev/null 1970-01-01 00:00:00.000000000 +0000
++++ linux-2.6.21.5/net/ipv4/netfilter/ipt_layer7.c 2007-07-02 01:27:54.195821750 +0200
+@@ -0,0 +1,582 @@
+/*
+ Kernel module to match application layer (OSI layer 7) data in connections.
+
@@ -99,15 +84,18 @@ diff -urN linux-2.6.21.1.old/net/ipv4/netfilter/ipt_layer7.c linux-2.6.21.1.dev/
+
+ Based on ipt_string.c (C) 2000 Emmanuel Roger <winfield@freegates.be>
+ and cls_layer7.c (C) 2003 Matthew Strait, Ethan Sommer, Justin Levandoski
++
++ Jan Engelhardt, 2007-03-11: Arrange to compile with nf_conntrack
+*/
+
+#include <linux/module.h>
+#include <linux/skbuff.h>
-+#include <linux/netfilter_ipv4/ip_conntrack.h>
+#include <linux/proc_fs.h>
+#include <linux/ctype.h>
+#include <net/ip.h>
+#include <net/tcp.h>
++#include <net/netfilter/nf_conntrack.h>
++#include <net/netfilter/nf_nat_rule.h>
+#include <linux/spinlock.h>
+
+#include "regexp/regexp.c"
@@ -424,7 +412,8 @@ diff -urN linux-2.6.21.1.old/net/ipv4/netfilter/ipt_layer7.c linux-2.6.21.1.dev/
+
+ struct ipt_layer7_info * info = (struct ipt_layer7_info *)matchinfo;
+ enum ip_conntrack_info master_ctinfo, ctinfo;
-+ struct ip_conntrack *master_conntrack, *conntrack;
++ struct nf_conn *master_conntrack;
++ struct ip_conntrack *conntrack;
+ unsigned char * app_data;
+ unsigned int pattern_result, appdatalen;
+ regexp * comppattern;
@@ -437,9 +426,8 @@ diff -urN linux-2.6.21.1.old/net/ipv4/netfilter/ipt_layer7.c linux-2.6.21.1.dev/
+ /* Treat parent & all its children together as one connection, except
+ for the purpose of setting conntrack->layer7.app_proto in the actual
+ connection. This makes /proc/net/ip_conntrack more satisfying. */
-+ if(!(conntrack = ip_conntrack_get((struct sk_buff *)skb, &ctinfo)) ||
-+ !(master_conntrack = ip_conntrack_get((struct sk_buff *)skb, &master_ctinfo))) {
-+ //DPRINTK("layer7: packet is not from a known connection, giving up.\n");
++ if(((conntrack = ip_conntrack_get((struct sk_buff *)skb, &ctinfo)) == NULL) ||
++ ((master_conntrack = ip_conntrack_get((struct sk_buff *)skb, &master_ctinfo)) == NULL)) {
+ return info->invert;
+ }
+
@@ -453,11 +441,10 @@ diff -urN linux-2.6.21.1.old/net/ipv4/netfilter/ipt_layer7.c linux-2.6.21.1.dev/
+
+ pattern_result = match_no_append(conntrack, master_conntrack, ctinfo, master_ctinfo, info);
+
-+ /* skb->cb[0] == seen. Avoid doing things twice if there are two l7
-+ rules. I'm not sure that using cb for this purpose is correct, although
++ /* skb->cb[0] == seen. Don't do things twice if there are multiple l7
++ rules. I'm not sure that using cb for this purpose is correct, even though
+ it says "put your private variables there". But it doesn't look like it
-+ is being used for anything else in the skbs that make it here. How can
-+ I write to cb without making the compiler angry? */
++ is being used for anything else in the skbs that make it here. */
+ skb->cb[0] = 1; /* marking it seen here is probably irrelevant, but consistant */
+
+ return (pattern_result ^ info->invert);
@@ -518,6 +505,11 @@ diff -urN linux-2.6.21.1.old/net/ipv4/netfilter/ipt_layer7.c linux-2.6.21.1.dev/
+ read_lock(&ct_lock);
+ if(!strcmp(info->protocol, "unknown")) {
+ pattern_result = 0;
++ /* If looking for "unset", then always match. "Unset" means that we
++ haven't yet classified the connection. */
++ } else if(!strcmp(info->protocol, "unset")) {
++ pattern_result = 2;
++ DPRINTK("layer7: matched unset: not yet classified (%d/%d packets)\n", TOTAL_PACKETS, num_packets);
+ /* If the regexp failed to compile, don't bother running it */
+ } else if(comppattern && regexec(comppattern, master_conntrack->layer7.app_data)) {
+ DPRINTK("layer7: matched %s\n", info->protocol);
@@ -525,7 +517,7 @@ diff -urN linux-2.6.21.1.old/net/ipv4/netfilter/ipt_layer7.c linux-2.6.21.1.dev/
+ } else pattern_result = 0;
+ read_unlock(&ct_lock);
+
-+ if(pattern_result) {
++ if(pattern_result == 1) {
+ write_lock(&ct_lock);
+ master_conntrack->layer7.app_proto = kmalloc(strlen(info->protocol)+1, GFP_ATOMIC);
+ if(!master_conntrack->layer7.app_proto){
@@ -536,6 +528,8 @@ diff -urN linux-2.6.21.1.old/net/ipv4/netfilter/ipt_layer7.c linux-2.6.21.1.dev/
+ }
+ strcpy(master_conntrack->layer7.app_proto, info->protocol);
+ write_unlock(&ct_lock);
++ } else if(pattern_result > 1) { /* cleanup from "unset" */
++ pattern_result = 1;
+ }
+
+ /* mark the packet seen */
@@ -544,7 +538,7 @@ diff -urN linux-2.6.21.1.old/net/ipv4/netfilter/ipt_layer7.c linux-2.6.21.1.dev/
+ return (pattern_result ^ info->invert);
+}
+
-+static struct ipt_match layer7_match = {
++static struct xt_match layer7_match = {
+ .name = "layer7",
+ .match = &match,
+ .matchsize = sizeof(struct ipt_layer7_info),
@@ -646,27 +640,28 @@ diff -urN linux-2.6.21.1.old/net/ipv4/netfilter/ipt_layer7.c linux-2.6.21.1.dev/
+ printk(KERN_WARNING "layer7: maxdatalen can't be > 65536, using 65536\n");
+ maxdatalen = 65536;
+ }
-+ return ipt_register_match(&layer7_match);
++ return xt_register_match(&layer7_match);
+}
+
+static void __exit ipt_layer7_fini(void)
+{
+ layer7_cleanup_proc();
-+ ipt_unregister_match(&layer7_match);
++ xt_unregister_match(&layer7_match);
+}
+
+module_init(ipt_layer7_init);
+module_exit(ipt_layer7_fini);
-diff -urN linux-2.6.21.1.old/net/ipv4/netfilter/Kconfig linux-2.6.21.1.dev/net/ipv4/netfilter/Kconfig
---- linux-2.6.21.1.old/net/ipv4/netfilter/Kconfig 2007-04-27 23:49:26.000000000 +0200
-+++ linux-2.6.21.1.dev/net/ipv4/netfilter/Kconfig 2007-05-26 20:13:52.650129816 +0200
+Index: linux-2.6.21.5/net/ipv4/netfilter/Kconfig
+===================================================================
+--- linux-2.6.21.5.orig/net/ipv4/netfilter/Kconfig 2007-07-02 00:37:53.456287250 +0200
++++ linux-2.6.21.5/net/ipv4/netfilter/Kconfig 2007-07-02 01:21:17.231013000 +0200
@@ -245,6 +245,24 @@
To compile it as a module, choose M here. If unsure, say N.
+config IP_NF_MATCH_LAYER7
+ tristate "Layer 7 match support (EXPERIMENTAL)"
-+ depends on IP_NF_IPTABLES && IP_NF_CT_ACCT && IP_NF_CONNTRACK && EXPERIMENTAL
++ depends on IP_NF_IPTABLES && NF_CT_ACCT && NF_CONNTRACK && EXPERIMENTAL
+ help
+ Say Y if you want to be able to classify connections (and their
+ packets) based on regular expression matching of their application
@@ -685,9 +680,10 @@ diff -urN linux-2.6.21.1.old/net/ipv4/netfilter/Kconfig linux-2.6.21.1.dev/net/i
config IP_NF_MATCH_TOS
tristate "TOS match support"
depends on IP_NF_IPTABLES
-diff -urN linux-2.6.21.1.old/net/ipv4/netfilter/Makefile linux-2.6.21.1.dev/net/ipv4/netfilter/Makefile
---- linux-2.6.21.1.old/net/ipv4/netfilter/Makefile 2007-04-27 23:49:26.000000000 +0200
-+++ linux-2.6.21.1.dev/net/ipv4/netfilter/Makefile 2007-05-26 20:13:52.651129664 +0200
+Index: linux-2.6.21.5/net/ipv4/netfilter/Makefile
+===================================================================
+--- linux-2.6.21.5.orig/net/ipv4/netfilter/Makefile 2007-07-02 00:37:53.464287750 +0200
++++ linux-2.6.21.5/net/ipv4/netfilter/Makefile 2007-07-02 00:43:58.191081750 +0200
@@ -92,6 +92,8 @@
obj-$(CONFIG_IP_NF_MATCH_TTL) += ipt_ttl.o
obj-$(CONFIG_IP_NF_MATCH_ADDRTYPE) += ipt_addrtype.o
@@ -697,9 +693,10 @@ diff -urN linux-2.6.21.1.old/net/ipv4/netfilter/Makefile linux-2.6.21.1.dev/net/
# targets
obj-$(CONFIG_IP_NF_TARGET_REJECT) += ipt_REJECT.o
obj-$(CONFIG_IP_NF_TARGET_TOS) += ipt_TOS.o
-diff -urN linux-2.6.21.1.old/net/ipv4/netfilter/regexp/regexp.c linux-2.6.21.1.dev/net/ipv4/netfilter/regexp/regexp.c
---- linux-2.6.21.1.old/net/ipv4/netfilter/regexp/regexp.c 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.21.1.dev/net/ipv4/netfilter/regexp/regexp.c 2007-05-26 20:13:52.652129512 +0200
+Index: linux-2.6.21.5/net/ipv4/netfilter/regexp/regexp.c
+===================================================================
+--- /dev/null 1970-01-01 00:00:00.000000000 +0000
++++ linux-2.6.21.5/net/ipv4/netfilter/regexp/regexp.c 2007-07-02 00:37:55.648424250 +0200
@@ -0,0 +1,1197 @@
+/*
+ * regcomp and regexec -- regsub and regerror are elsewhere
@@ -1898,9 +1895,10 @@ diff -urN linux-2.6.21.1.old/net/ipv4/netfilter/regexp/regexp.c linux-2.6.21.1.d
+#endif
+
+
-diff -urN linux-2.6.21.1.old/net/ipv4/netfilter/regexp/regexp.h linux-2.6.21.1.dev/net/ipv4/netfilter/regexp/regexp.h
---- linux-2.6.21.1.old/net/ipv4/netfilter/regexp/regexp.h 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.21.1.dev/net/ipv4/netfilter/regexp/regexp.h 2007-05-26 20:13:52.652129512 +0200
+Index: linux-2.6.21.5/net/ipv4/netfilter/regexp/regexp.h
+===================================================================
+--- /dev/null 1970-01-01 00:00:00.000000000 +0000
++++ linux-2.6.21.5/net/ipv4/netfilter/regexp/regexp.h 2007-07-02 00:37:55.700427500 +0200
@@ -0,0 +1,41 @@
+/*
+ * Definitions etc. for regexp(3) routines.
@@ -1943,18 +1941,20 @@ diff -urN linux-2.6.21.1.old/net/ipv4/netfilter/regexp/regexp.h linux-2.6.21.1.d
+void regerror(char *s);
+
+#endif
-diff -urN linux-2.6.21.1.old/net/ipv4/netfilter/regexp/regmagic.h linux-2.6.21.1.dev/net/ipv4/netfilter/regexp/regmagic.h
---- linux-2.6.21.1.old/net/ipv4/netfilter/regexp/regmagic.h 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.21.1.dev/net/ipv4/netfilter/regexp/regmagic.h 2007-05-26 20:13:52.652129512 +0200
+Index: linux-2.6.21.5/net/ipv4/netfilter/regexp/regmagic.h
+===================================================================
+--- /dev/null 1970-01-01 00:00:00.000000000 +0000
++++ linux-2.6.21.5/net/ipv4/netfilter/regexp/regmagic.h 2007-07-02 00:37:55.724429000 +0200
@@ -0,0 +1,5 @@
+/*
+ * The first byte of the regexp internal "program" is actually this magic
+ * number; the start node begins in the second byte.
+ */
+#define MAGIC 0234
-diff -urN linux-2.6.21.1.old/net/ipv4/netfilter/regexp/regsub.c linux-2.6.21.1.dev/net/ipv4/netfilter/regexp/regsub.c
---- linux-2.6.21.1.old/net/ipv4/netfilter/regexp/regsub.c 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.21.1.dev/net/ipv4/netfilter/regexp/regsub.c 2007-05-26 20:13:52.653129360 +0200
+Index: linux-2.6.21.5/net/ipv4/netfilter/regexp/regsub.c
+===================================================================
+--- /dev/null 1970-01-01 00:00:00.000000000 +0000
++++ linux-2.6.21.5/net/ipv4/netfilter/regexp/regsub.c 2007-07-02 00:37:55.752430750 +0200
@@ -0,0 +1,95 @@
+/*
+ * regsub
@@ -2051,3 +2051,29 @@ diff -urN linux-2.6.21.1.old/net/ipv4/netfilter/regexp/regsub.c linux-2.6.21.1.d
+ }
+ *dst++ = '\0';
+}
+Index: linux-2.6.21.5/include/net/netfilter/nf_conntrack.h
+===================================================================
+--- linux-2.6.21.5.orig/include/net/netfilter/nf_conntrack.h 2007-07-02 00:49:22.815369500 +0200
++++ linux-2.6.21.5/include/net/netfilter/nf_conntrack.h 2007-07-02 00:56:21.413530250 +0200
+@@ -128,6 +128,21 @@
+ u_int32_t secmark;
+ #endif
+
++#if defined(CONFIG_IP_NF_MATCH_LAYER7) || defined(CONFIG_IP_NF_MATCH_LAYER7_MODULE)
++ struct {
++ /*
++ * e.g. "http". NULL before decision. "unknown" after decision
++ * if no match.
++ */
++ char *app_proto;
++ /*
++ * application layer data so far. NULL after match decision.
++ */
++ char *app_data;
++ unsigned int app_data_len;
++ } layer7;
++#endif
++
+ /* Storage reserved for other modules: */
+ union nf_conntrack_proto proto;
+
diff --git a/target/linux/generic-2.6/patches/101-netfilter_layer7_pktmatch.patch b/target/linux/generic-2.6/patches/101-netfilter_layer7_pktmatch.patch
index 2d7f058..966353a 100644
--- a/target/linux/generic-2.6/patches/101-netfilter_layer7_pktmatch.patch
+++ b/target/linux/generic-2.6/patches/101-netfilter_layer7_pktmatch.patch
@@ -1,6 +1,7 @@
-diff -urN linux-2.6.21.1.old/include/linux/netfilter_ipv4/ipt_layer7.h linux-2.6.21.1.dev/include/linux/netfilter_ipv4/ipt_layer7.h
---- linux-2.6.21.1.old/include/linux/netfilter_ipv4/ipt_layer7.h 2007-05-26 20:17:47.624408296 +0200
-+++ linux-2.6.21.1.dev/include/linux/netfilter_ipv4/ipt_layer7.h 2007-05-26 20:17:48.729240336 +0200
+Index: linux-2.6.21.5/include/linux/netfilter_ipv4/ipt_layer7.h
+===================================================================
+--- linux-2.6.21.5.orig/include/linux/netfilter_ipv4/ipt_layer7.h 2007-07-02 00:43:58.271086750 +0200
++++ linux-2.6.21.5/include/linux/netfilter_ipv4/ipt_layer7.h 2007-07-02 01:36:08.914739750 +0200
@@ -21,6 +21,7 @@
char protocol[MAX_PROTOCOL_LEN];
char invert:1;
@@ -9,10 +10,11 @@ diff -urN linux-2.6.21.1.old/include/linux/netfilter_ipv4/ipt_layer7.h linux-2.6
};
#endif /* _IPT_LAYER7_H */
-diff -urN linux-2.6.21.1.old/net/ipv4/netfilter/ipt_layer7.c linux-2.6.21.1.dev/net/ipv4/netfilter/ipt_layer7.c
---- linux-2.6.21.1.old/net/ipv4/netfilter/ipt_layer7.c 2007-05-26 20:17:47.626407992 +0200
-+++ linux-2.6.21.1.dev/net/ipv4/netfilter/ipt_layer7.c 2007-05-26 20:17:48.729240336 +0200
-@@ -296,33 +296,34 @@
+Index: linux-2.6.21.5/net/ipv4/netfilter/ipt_layer7.c
+===================================================================
+--- linux-2.6.21.5.orig/net/ipv4/netfilter/ipt_layer7.c 2007-07-02 01:27:54.195821750 +0200
++++ linux-2.6.21.5/net/ipv4/netfilter/ipt_layer7.c 2007-07-02 01:37:01.990056750 +0200
+@@ -299,33 +299,34 @@
}
}
@@ -62,16 +64,16 @@ diff -urN linux-2.6.21.1.old/net/ipv4/netfilter/ipt_layer7.c linux-2.6.21.1.dev/
return length;
}
-@@ -339,7 +340,7 @@
- struct ipt_layer7_info * info = (struct ipt_layer7_info *)matchinfo;
+@@ -343,7 +344,7 @@
enum ip_conntrack_info master_ctinfo, ctinfo;
- struct ip_conntrack *master_conntrack, *conntrack;
+ struct nf_conn *master_conntrack;
+ struct ip_conntrack *conntrack;
- unsigned char * app_data;
+ unsigned char *app_data, *tmp_data;
unsigned int pattern_result, appdatalen;
regexp * comppattern;
-@@ -362,8 +363,8 @@
+@@ -365,8 +366,8 @@
master_conntrack = master_ct(master_conntrack);
/* if we've classified it or seen too many packets */
@@ -82,7 +84,7 @@ diff -urN linux-2.6.21.1.old/net/ipv4/netfilter/ipt_layer7.c linux-2.6.21.1.dev/
pattern_result = match_no_append(conntrack, master_conntrack, ctinfo, master_ctinfo, info);
-@@ -394,6 +395,23 @@
+@@ -396,6 +397,23 @@
comppattern = compile_and_cache(info->pattern, info->protocol);
spin_unlock_bh(&list_lock);