SOURCES (LINUX_2_6): linux-2.6-nf-layer7.patch - updated to FINAL 2.0

paszczus paszczus at pld-linux.org
Sun Nov 13 14:29:40 CET 2005 

Author: paszczus                     Date: Sun Nov 13 13:29:40 2005 GMT
Module: SOURCES                       Tag: LINUX_2_6
---- Log message:
- updated to FINAL 2.0

---- Files affected:
SOURCES:
   linux-2.6-nf-layer7.patch (1.1.2.1 -> 1.1.2.2) 

---- Diffs:

================================================================
Index: SOURCES/linux-2.6-nf-layer7.patch
diff -u SOURCES/linux-2.6-nf-layer7.patch:1.1.2.1 SOURCES/linux-2.6-nf-layer7.patch:1.1.2.2
--- SOURCES/linux-2.6-nf-layer7.patch:1.1.2.1	Wed Nov  2 23:28:44 2005
+++ SOURCES/linux-2.6-nf-layer7.patch	Sun Nov 13 14:29:35 2005
@@ -1,7 +1,6 @@
-diff -uNr linux-2.6.14/include/linux/netfilter_ipv4.orig/ip_conntrack.h linux-2.6.14/include/linux/netfilter_ipv4/ip_conntrack.h
---- linux-2.6.14/include/linux/netfilter_ipv4.orig/ip_conntrack.h	2005-10-28 02:02:08.000000000 +0200
-+++ linux-2.6.14/include/linux/netfilter_ipv4/ip_conntrack.h	2005-11-02 23:20:01.000000000 +0100
-@@ -253,6 +253,15 @@
+--- linux-2.6.14/include/linux/netfilter_ipv4/ip_conntrack.h	2005-10-27 19:02:08.000000000 -0500
++++ linux-2.6.14-layer7/include/linux/netfilter_ipv4/ip_conntrack.h	2005-11-12 17:31:34.000000000 -0600
+@@ -253,6 +253,15 @@ struct ip_conntrack
  	/* Traversed often, so hopefully in different cacheline to top */
  	/* These are my tuples; original and reply */
  	struct ip_conntrack_tuple_hash tuplehash[IP_CT_DIR_MAX];
@@ -17,9 +16,8 @@
  };
  
  struct ip_conntrack_expect
-diff -uNr linux-2.6.14/include/linux/netfilter_ipv4.orig/ipt_layer7.h linux-2.6.14/include/linux/netfilter_ipv4/ipt_layer7.h
---- linux-2.6.14/include/linux/netfilter_ipv4.orig/ipt_layer7.h	1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.14/include/linux/netfilter_ipv4/ipt_layer7.h	2005-11-02 23:20:01.000000000 +0100
+--- linux-2.6.14/include/linux/netfilter_ipv4/ipt_layer7.h	1969-12-31 18:00:00.000000000 -0600
++++ linux-2.6.14-layer7/include/linux/netfilter_ipv4/ipt_layer7.h	2005-11-12 17:31:34.000000000 -0600
 @@ -0,0 +1,26 @@
 +/* 
 +  By Matthew Strait <quadong at users.sf.net>, Dec 2003.
@@ -47,10 +45,47 @@
 +};
 +
 +#endif /* _IPT_LAYER7_H */
-diff -uNr linux-2.6.14/net/ipv4/netfilter.orig/ip_conntrack_core.c linux-2.6.14/net/ipv4/netfilter/ip_conntrack_core.c
---- linux-2.6.14/net/ipv4/netfilter.orig/ip_conntrack_core.c	2005-10-28 02:02:08.000000000 +0200
-+++ linux-2.6.14/net/ipv4/netfilter/ip_conntrack_core.c	2005-11-02 23:20:01.000000000 +0100
-@@ -335,6 +335,13 @@
+--- linux-2.6.14/net/ipv4/netfilter/Kconfig	2005-10-27 19:02:08.000000000 -0500
++++ linux-2.6.14-layer7/net/ipv4/netfilter/Kconfig	2005-11-12 17:31:34.000000000 -0600
+@@ -205,6 +205,24 @@ config IP_NF_MATCH_MAC
+ 
+ 	  To compile it as a module, choose M here.  If unsure, say N.
+ 
++config IP_NF_MATCH_LAYER7
++	tristate "Layer 7 match support (EXPERIMENTAL)"
++	depends on IP_NF_IPTABLES && IP_NF_CT_ACCT && IP_NF_CONNTRACK && EXPERIMENTAL
++	help
++ 	  Say Y if you want to be able to classify connections (and their 
++          packets) based on regular expression matching of their application 
++	  layer data.   This is one way to classify applications such as 
++	  peer-to-peer filesharing systems that do not always use the same 
++	  port.
++
++	  To compile it as a module, choose M here.  If unsure, say N.
++
++config IP_NF_MATCH_LAYER7_DEBUG
++	bool "Layer 7 debugging output"
++	depends on IP_NF_MATCH_LAYER7
++	help
++	  Say Y to get lots of debugging output.
++
+ config IP_NF_MATCH_PKTTYPE
+ 	tristate "Packet type match support"
+ 	depends on IP_NF_IPTABLES
+--- linux-2.6.14/net/ipv4/netfilter/Makefile	2005-10-27 19:02:08.000000000 -0500
++++ linux-2.6.14-layer7/net/ipv4/netfilter/Makefile	2005-11-12 17:31:34.000000000 -0600
+@@ -74,6 +74,8 @@ obj-$(CONFIG_IP_NF_MATCH_PHYSDEV) += ipt
+ obj-$(CONFIG_IP_NF_MATCH_COMMENT) += ipt_comment.o
+ obj-$(CONFIG_IP_NF_MATCH_STRING) += ipt_string.o
+ 
++obj-$(CONFIG_IP_NF_MATCH_LAYER7) += ipt_layer7.o
++
+ # targets
+ obj-$(CONFIG_IP_NF_TARGET_REJECT) += ipt_REJECT.o
+ obj-$(CONFIG_IP_NF_TARGET_TOS) += ipt_TOS.o
+--- linux-2.6.14/net/ipv4/netfilter/ip_conntrack_core.c	2005-10-27 19:02:08.000000000 -0500
++++ linux-2.6.14-layer7/net/ipv4/netfilter/ip_conntrack_core.c	2005-11-12 17:31:34.000000000 -0600
+@@ -335,6 +335,13 @@ destroy_conntrack(struct nf_conntrack *n
  	 * too. */
  	ip_ct_remove_expectations(ct);
  
@@ -64,10 +99,9 @@
  	/* We overload first tuple to link into unconfirmed list. */
  	if (!is_confirmed(ct)) {
  		BUG_ON(list_empty(&ct->tuplehash[IP_CT_DIR_ORIGINAL].list));
-diff -uNr linux-2.6.14/net/ipv4/netfilter.orig/ip_conntrack_standalone.c linux-2.6.14/net/ipv4/netfilter/ip_conntrack_standalone.c
---- linux-2.6.14/net/ipv4/netfilter.orig/ip_conntrack_standalone.c	2005-10-28 02:02:08.000000000 +0200
-+++ linux-2.6.14/net/ipv4/netfilter/ip_conntrack_standalone.c	2005-11-02 23:20:01.000000000 +0100
-@@ -188,6 +188,12 @@
+--- linux-2.6.14/net/ipv4/netfilter/ip_conntrack_standalone.c	2005-10-27 19:02:08.000000000 -0500
++++ linux-2.6.14-layer7/net/ipv4/netfilter/ip_conntrack_standalone.c	2005-11-12 17:31:34.000000000 -0600
+@@ -188,6 +188,12 @@ static int ct_seq_show(struct seq_file *
  		return -ENOSPC;
  #endif
  
@@ -80,10 +114,9 @@
  	if (seq_printf(s, "use=%u\n", atomic_read(&conntrack->ct_general.use)))
  		return -ENOSPC;
  
-diff -uNr linux-2.6.14/net/ipv4/netfilter.orig/ipt_layer7.c linux-2.6.14/net/ipv4/netfilter/ipt_layer7.c
---- linux-2.6.14/net/ipv4/netfilter.orig/ipt_layer7.c	1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.14/net/ipv4/netfilter/ipt_layer7.c	2005-11-02 23:20:01.000000000 +0100
-@@ -0,0 +1,568 @@
+--- linux-2.6.14/net/ipv4/netfilter/ipt_layer7.c	1969-12-31 18:00:00.000000000 -0600
++++ linux-2.6.14-layer7/net/ipv4/netfilter/ipt_layer7.c	2005-11-12 17:49:24.000000000 -0600
+@@ -0,0 +1,569 @@
 +/* 
 +  Kernel module to match application layer (OSI layer 7) 
 +  data in connections.
@@ -119,12 +152,13 @@
 +MODULE_AUTHOR("Matthew Strait <quadong at users.sf.net>, Ethan Sommer <sommere at users.sf.net>");
 +MODULE_LICENSE("GPL");
 +MODULE_DESCRIPTION("iptables application layer match module");
++MODULE_VERSION("2.0");
 +
 +static int maxdatalen = 2048; // this is the default
 +module_param(maxdatalen, int, 0444);
 +MODULE_PARM_DESC(maxdatalen, "maximum bytes of data looked at by l7-filter");
 +
-+#if defined(CONFIG_IP_NF_MATCH_LAYER7_DEBUG)
++#ifdef CONFIG_IP_NF_MATCH_LAYER7_DEBUG
 +	#define DPRINTK(format,args...) printk(format,##args)
 +#else
 +	#define DPRINTK(format,args...)
@@ -652,49 +686,8 @@
 +
 +module_init(init);
 +module_exit(fini);
-diff -uNr linux-2.6.14/net/ipv4/netfilter.orig/Kconfig linux-2.6.14/net/ipv4/netfilter/Kconfig
---- linux-2.6.14/net/ipv4/netfilter.orig/Kconfig	2005-11-02 22:40:26.000000000 +0100
-+++ linux-2.6.14/net/ipv4/netfilter/Kconfig	2005-11-02 23:20:01.000000000 +0100
-@@ -205,6 +205,24 @@
- 
- 	  To compile it as a module, choose M here.  If unsure, say N.
- 
-+config IP_NF_MATCH_LAYER7
-+	tristate "Layer 7 match support (EXPERIMENTAL)"
-+	depends on IP_NF_IPTABLES && IP_NF_CT_ACCT && IP_NF_CONNTRACK && EXPERIMENTAL
-+	help
-+ 	  Say Y if you want to be able to classify connections (and their 
-+          packets) based on regular expression matching of their application 
-+	  layer data.   This is one way to classify applications such as 
-+	  peer-to-peer filesharing systems that do not always use the same 
-+	  port.
-+
-+	  To compile it as a module, choose M here.  If unsure, say N.
-+
-+config IP_NF_MATCH_LAYER7_DEBUG
-+	bool "Layer 7 debugging output"
-+	depends on IP_NF_MATCH_LAYER7
-+	help
-+	  Say Y to get lots of debugging output.
-+
- config IP_NF_MATCH_PKTTYPE
- 	tristate "Packet type match support"
- 	depends on IP_NF_IPTABLES
-diff -uNr linux-2.6.14/net/ipv4/netfilter.orig/Makefile linux-2.6.14/net/ipv4/netfilter/Makefile
---- linux-2.6.14/net/ipv4/netfilter.orig/Makefile	2005-11-02 22:40:26.000000000 +0100
-+++ linux-2.6.14/net/ipv4/netfilter/Makefile	2005-11-02 23:20:01.000000000 +0100
-@@ -113,6 +113,8 @@
- obj-$(CONFIG_IP_NF_MATCH_COMMENT) += ipt_comment.o
- obj-$(CONFIG_IP_NF_MATCH_STRING) += ipt_string.o
- 
-+obj-$(CONFIG_IP_NF_MATCH_LAYER7) += ipt_layer7.o
-+
- # targets
- obj-$(CONFIG_IP_NF_TARGET_REJECT) += ipt_REJECT.o
- obj-$(CONFIG_IP_NF_TARGET_TOS) += ipt_TOS.o
-diff -uNr linux-2.6.14/net/ipv4/netfilter.orig/regexp/regexp.c linux-2.6.14/net/ipv4/netfilter/regexp/regexp.c
---- linux-2.6.14/net/ipv4/netfilter.orig/regexp/regexp.c	1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.14/net/ipv4/netfilter/regexp/regexp.c	2005-11-02 23:20:01.000000000 +0100
+--- linux-2.6.14/net/ipv4/netfilter/regexp/regexp.c	1969-12-31 18:00:00.000000000 -0600
++++ linux-2.6.14-layer7/net/ipv4/netfilter/regexp/regexp.c	2005-11-12 17:31:34.000000000 -0600
 @@ -0,0 +1,1195 @@
 +/*
 + * regcomp and regexec -- regsub and regerror are elsewhere
@@ -1891,9 +1884,8 @@
 +#endif
 +
 +
-diff -uNr linux-2.6.14/net/ipv4/netfilter.orig/regexp/regexp.h linux-2.6.14/net/ipv4/netfilter/regexp/regexp.h
---- linux-2.6.14/net/ipv4/netfilter.orig/regexp/regexp.h	1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.14/net/ipv4/netfilter/regexp/regexp.h	2005-11-02 23:20:01.000000000 +0100
+--- linux-2.6.14/net/ipv4/netfilter/regexp/regexp.h	1969-12-31 18:00:00.000000000 -0600
++++ linux-2.6.14-layer7/net/ipv4/netfilter/regexp/regexp.h	2005-11-12 17:31:34.000000000 -0600
 @@ -0,0 +1,41 @@
 +/*
 + * Definitions etc. for regexp(3) routines.
@@ -1936,18 +1928,16 @@
 +void regerror(char *s);
 +
 +#endif
-diff -uNr linux-2.6.14/net/ipv4/netfilter.orig/regexp/regmagic.h linux-2.6.14/net/ipv4/netfilter/regexp/regmagic.h
---- linux-2.6.14/net/ipv4/netfilter.orig/regexp/regmagic.h	1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.14/net/ipv4/netfilter/regexp/regmagic.h	2005-11-02 23:20:01.000000000 +0100
+--- linux-2.6.14/net/ipv4/netfilter/regexp/regmagic.h	1969-12-31 18:00:00.000000000 -0600
++++ linux-2.6.14-layer7/net/ipv4/netfilter/regexp/regmagic.h	2005-11-12 17:31:34.000000000 -0600
 @@ -0,0 +1,5 @@
 +/*
 + * The first byte of the regexp internal "program" is actually this magic
 + * number; the start node begins in the second byte.
 + */
 +#define	MAGIC	0234
-diff -uNr linux-2.6.14/net/ipv4/netfilter.orig/regexp/regsub.c linux-2.6.14/net/ipv4/netfilter/regexp/regsub.c
---- linux-2.6.14/net/ipv4/netfilter.orig/regexp/regsub.c	1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.14/net/ipv4/netfilter/regexp/regsub.c	2005-11-02 23:20:01.000000000 +0100
+--- linux-2.6.14/net/ipv4/netfilter/regexp/regsub.c	1969-12-31 18:00:00.000000000 -0600
++++ linux-2.6.14-layer7/net/ipv4/netfilter/regexp/regsub.c	2005-11-12 17:31:34.000000000 -0600
 @@ -0,0 +1,95 @@
 +/*
 + * regsub
================================================================

---- CVS-web:
    http://cvs.pld-linux.org/SOURCES/linux-2.6-nf-layer7.patch?r1=1.1.2.1&r2=1.1.2.2&f=u

More information about the pld-cvs-commit mailing list