From bef13ad1d045c6c4cbb55e0537dcfbd3f4a169f9 Mon Sep 17 00:00:00 2001 From: Felix Fietkau Date: Sat, 19 Nov 2005 19:24:33 +0000 Subject: [PATCH] update layer7 (forward port from whiterussian) SVN-Revision: 2538 --- ...ayer7-1.4.patch => 02-layer7-1.5nbd.patch} | 70 ++++++--- ...atch => 602-netfilter_layer7_1.5nbd.patch} | 139 +++++++++++------- 2 files changed, 133 insertions(+), 76 deletions(-) rename openwrt/package/iptables/patches/{02-layer7-1.4.patch => 02-layer7-1.5nbd.patch} (82%) rename openwrt/target/linux/linux-2.4/patches/generic/{602-netfilter_layer7.patch => 602-netfilter_layer7_1.5nbd.patch} (92%) diff --git a/openwrt/package/iptables/patches/02-layer7-1.4.patch b/openwrt/package/iptables/patches/02-layer7-1.5nbd.patch similarity index 82% rename from openwrt/package/iptables/patches/02-layer7-1.4.patch rename to openwrt/package/iptables/patches/02-layer7-1.5nbd.patch index 7ef6df5dc1..95c62a860a 100644 --- a/openwrt/package/iptables/patches/02-layer7-1.4.patch +++ b/openwrt/package/iptables/patches/02-layer7-1.5nbd.patch @@ -1,13 +1,44 @@ -diff -Nurp iptables-1.3.0-stock/extensions/.layer7-test iptables-1.3.0-layer7/extensions/.layer7-test ---- iptables-1.3.0-stock/extensions/.layer7-test 1969-12-31 18:00:00.000000000 -0600 -+++ iptables-1.3.0-layer7/extensions/.layer7-test 2005-03-01 22:12:06.000000000 -0600 +diff -urN iptables.old/extensions/.layer7-test iptables.dev/extensions/.layer7-test +--- iptables.old/extensions/.layer7-test 1970-01-01 01:00:00.000000000 +0100 ++++ iptables.dev/extensions/.layer7-test 2005-11-10 16:57:51.819381000 +0100 @@ -0,0 +1,2 @@ +#! /bin/sh +[ -f $KERNEL_DIR/include/linux/netfilter_ipv4/ipt_layer7.h ] && echo layer7 -diff -Nurp iptables-1.3.0-stock/extensions/libipt_layer7.c iptables-1.3.0-layer7/extensions/libipt_layer7.c ---- iptables-1.3.0-stock/extensions/libipt_layer7.c 1969-12-31 18:00:00.000000000 -0600 -+++ iptables-1.3.0-layer7/extensions/libipt_layer7.c 2005-03-06 22:14:13.000000000 -0600 -@@ -0,0 +1,357 @@ +diff -urN iptables.old/extensions/ipt_layer7.h iptables.dev/extensions/ipt_layer7.h +--- iptables.old/extensions/ipt_layer7.h 1970-01-01 01:00:00.000000000 +0100 ++++ iptables.dev/extensions/ipt_layer7.h 2005-11-10 17:46:32.933599750 +0100 +@@ -0,0 +1,27 @@ ++/* ++ By Matthew Strait , Dec 2003. ++ http://l7-filter.sf.net ++ ++ This program is free software; you can redistribute it and/or ++ modify it under the terms of the GNU General Public License ++ as published by the Free Software Foundation; either version ++ 2 of the License, or (at your option) any later version. ++ http://www.gnu.org/licenses/gpl.txt ++*/ ++ ++#ifndef _IPT_LAYER7_H ++#define _IPT_LAYER7_H ++ ++#define MAX_PATTERN_LEN 8192 ++#define MAX_PROTOCOL_LEN 256 ++ ++typedef char *(*proc_ipt_search) (char *, char, char *); ++ ++struct ipt_layer7_info { ++ char protocol[MAX_PROTOCOL_LEN]; ++ char invert:1; ++ char pattern[MAX_PATTERN_LEN]; ++ char pkt; ++}; ++ ++#endif /* _IPT_LAYER7_H */ +diff -urN iptables.old/extensions/libipt_layer7.c iptables.dev/extensions/libipt_layer7.c +--- iptables.old/extensions/libipt_layer7.c 1970-01-01 01:00:00.000000000 +0100 ++++ iptables.dev/extensions/libipt_layer7.c 2005-11-10 17:47:01.399378750 +0100 +@@ -0,0 +1,358 @@ +/* + Shared library add-on to iptables to add layer 7 matching support. + @@ -34,7 +65,7 @@ diff -Nurp iptables-1.3.0-stock/extensions/libipt_layer7.c iptables-1.3.0-layer7 +#include + +#include -+#include ++#include "ipt_layer7.h" + +#define MAX_FN_LEN 256 + @@ -47,7 +78,8 @@ diff -Nurp iptables-1.3.0-stock/extensions/libipt_layer7.c iptables-1.3.0-layer7 + "LAYER7 match v%s options:\n" + "--l7dir : Look for patterns here instead of /etc/l7-protocols/\n" + " (--l7dir must be specified before --l7proto if used!)\n" -+ "--l7proto [!] : Match the protocol defined in /etc/l7-protocols/name.pat\n", ++ "--l7proto [!] : Match the protocol defined in /etc/l7-protocols/name.pat\n" ++ "--l7pkt : Skip connection tracking and match individual packets\n", + IPTABLES_VERSION); + fputc('\n', stdout); +} @@ -55,15 +87,10 @@ diff -Nurp iptables-1.3.0-stock/extensions/libipt_layer7.c iptables-1.3.0-layer7 +static struct option opts[] = { + { .name = "l7proto", .has_arg = 1, .flag = 0, .val = '1' }, + { .name = "l7dir", .has_arg = 1, .flag = 0, .val = '2' }, ++ { .name = "l7pkt", .has_arg = 0, .flag = 0, .val = '3' }, + { .name = 0 } +}; + -+/* Initialize the match. */ -+static void init(struct ipt_entry_match *m, unsigned int *nfcache) -+{ -+ *nfcache |= NFC_UNKNOWN; -+} -+ +/* reads filename, puts protocol info into layer7_protocol_info, number of protocols to numprotos */ +int parse_protocol_file(char * filename, const unsigned char * protoname, struct ipt_layer7_info *info) +{ @@ -305,6 +332,9 @@ diff -Nurp iptables-1.3.0-stock/extensions/libipt_layer7.c iptables-1.3.0-layer7 + + *flags = 1; + break; ++ case '3': ++ layer7info->pkt = 1; ++ break; + + default: + return 0; @@ -337,6 +367,9 @@ diff -Nurp iptables-1.3.0-stock/extensions/libipt_layer7.c iptables-1.3.0-layer7 + + print_protocol(((struct ipt_layer7_info *)match->data)->protocol, + ((struct ipt_layer7_info *)match->data)->invert, numeric); ++ ++ if (((struct ipt_layer7_info *)match->data)->pkt) ++ printf("l7pkt "); +} +/* Saves the union ipt_matchinfo in parsable form to stdout. */ +static void save(const struct ipt_ip *ip, const struct ipt_entry_match *match) @@ -353,7 +386,6 @@ diff -Nurp iptables-1.3.0-stock/extensions/libipt_layer7.c iptables-1.3.0-layer7 + .size = IPT_ALIGN(sizeof(struct ipt_layer7_info)), + .userspacesize = IPT_ALIGN(sizeof(struct ipt_layer7_info)), + .help = &help, -+ .init = &init, + .parse = &parse, + .final_check = &final_check, + .print = &print, @@ -365,9 +397,9 @@ diff -Nurp iptables-1.3.0-stock/extensions/libipt_layer7.c iptables-1.3.0-layer7 +{ + register_match(&layer7); +} -diff -Nurp iptables-1.3.0-stock/extensions/libipt_layer7.man iptables-1.3.0-layer7/extensions/libipt_layer7.man ---- iptables-1.3.0-stock/extensions/libipt_layer7.man 1969-12-31 18:00:00.000000000 -0600 -+++ iptables-1.3.0-layer7/extensions/libipt_layer7.man 2005-03-01 22:12:06.000000000 -0600 +diff -urN iptables.old/extensions/libipt_layer7.man iptables.dev/extensions/libipt_layer7.man +--- iptables.old/extensions/libipt_layer7.man 1970-01-01 01:00:00.000000000 +0100 ++++ iptables.dev/extensions/libipt_layer7.man 2005-11-10 16:57:51.823381250 +0100 @@ -0,0 +1,13 @@ +This module matches packets based on the application layer data of +their connections. It uses regular expression matching to compare diff --git a/openwrt/target/linux/linux-2.4/patches/generic/602-netfilter_layer7.patch b/openwrt/target/linux/linux-2.4/patches/generic/602-netfilter_layer7_1.5nbd.patch similarity index 92% rename from openwrt/target/linux/linux-2.4/patches/generic/602-netfilter_layer7.patch rename to openwrt/target/linux/linux-2.4/patches/generic/602-netfilter_layer7_1.5nbd.patch index 55e817aa4f..1b0e11a11e 100644 --- a/openwrt/target/linux/linux-2.4/patches/generic/602-netfilter_layer7.patch +++ b/openwrt/target/linux/linux-2.4/patches/generic/602-netfilter_layer7_1.5nbd.patch @@ -1,7 +1,7 @@ -diff -Nurp linux-2.4.30/Documentation/Configure.help linux-2.4.30-layer7/Documentation/Configure.help ---- linux-2.4.30/Documentation/Configure.help 2005-04-03 20:42:19.000000000 -0500 -+++ linux-2.4.30-layer7/Documentation/Configure.help 2005-05-03 18:37:03.000000000 -0500 -@@ -29056,6 +29056,23 @@ CONFIG_SOUND_WM97XX +diff -urN linux.old/Documentation/Configure.help linux.dev/Documentation/Configure.help +--- linux.old/Documentation/Configure.help 2005-11-10 16:01:07.645540500 +0100 ++++ linux.dev/Documentation/Configure.help 2005-11-10 16:03:00.524595000 +0100 +@@ -29082,6 +29082,23 @@ If unsure, say N. @@ -25,10 +25,10 @@ diff -Nurp linux-2.4.30/Documentation/Configure.help linux-2.4.30-layer7/Documen # # A couple of things I keep forgetting: # capitalize: AppleTalk, Ethernet, DOS, DMA, FAT, FTP, Internet, -diff -Nurp linux-2.4.30/include/linux/netfilter_ipv4/ip_conntrack.h linux-2.4.30-layer7/include/linux/netfilter_ipv4/ip_conntrack.h ---- linux-2.4.30/include/linux/netfilter_ipv4/ip_conntrack.h 2005-04-03 20:42:20.000000000 -0500 -+++ linux-2.4.30-layer7/include/linux/netfilter_ipv4/ip_conntrack.h 2005-05-03 18:37:03.000000000 -0500 -@@ -207,6 +207,17 @@ struct ip_conntrack +diff -urN linux.old/include/linux/netfilter_ipv4/ip_conntrack.h linux.dev/include/linux/netfilter_ipv4/ip_conntrack.h +--- linux.old/include/linux/netfilter_ipv4/ip_conntrack.h 2005-04-04 03:42:20.000000000 +0200 ++++ linux.dev/include/linux/netfilter_ipv4/ip_conntrack.h 2005-11-10 16:03:00.544596250 +0100 +@@ -207,6 +207,17 @@ } nat; #endif /* CONFIG_IP_NF_NAT_NEEDED */ @@ -46,10 +46,10 @@ diff -Nurp linux-2.4.30/include/linux/netfilter_ipv4/ip_conntrack.h linux-2.4.30 }; /* get master conntrack via master expectation */ -diff -Nurp linux-2.4.30/include/linux/netfilter_ipv4/ipt_layer7.h linux-2.4.30-layer7/include/linux/netfilter_ipv4/ipt_layer7.h ---- linux-2.4.30/include/linux/netfilter_ipv4/ipt_layer7.h 1969-12-31 18:00:00.000000000 -0600 -+++ linux-2.4.30-layer7/include/linux/netfilter_ipv4/ipt_layer7.h 2005-05-03 18:37:03.000000000 -0500 -@@ -0,0 +1,26 @@ +diff -urN linux.old/include/linux/netfilter_ipv4/ipt_layer7.h linux.dev/include/linux/netfilter_ipv4/ipt_layer7.h +--- linux.old/include/linux/netfilter_ipv4/ipt_layer7.h 1970-01-01 01:00:00.000000000 +0100 ++++ linux.dev/include/linux/netfilter_ipv4/ipt_layer7.h 2005-11-10 17:22:12.777440750 +0100 +@@ -0,0 +1,27 @@ +/* + By Matthew Strait , Dec 2003. + http://l7-filter.sf.net @@ -73,13 +73,14 @@ diff -Nurp linux-2.4.30/include/linux/netfilter_ipv4/ipt_layer7.h linux-2.4.30-l + char protocol[MAX_PROTOCOL_LEN]; + char invert:1; + char pattern[MAX_PATTERN_LEN]; ++ char pkt; +}; + +#endif /* _IPT_LAYER7_H */ -diff -Nurp linux-2.4.30/net/ipv4/netfilter/Config.in linux-2.4.30-layer7/net/ipv4/netfilter/Config.in ---- linux-2.4.30/net/ipv4/netfilter/Config.in 2005-01-19 08:10:13.000000000 -0600 -+++ linux-2.4.30-layer7/net/ipv4/netfilter/Config.in 2005-05-03 18:37:03.000000000 -0500 -@@ -43,6 +43,10 @@ if [ "$CONFIG_IP_NF_IPTABLES" != "n" ]; +diff -urN linux.old/net/ipv4/netfilter/Config.in linux.dev/net/ipv4/netfilter/Config.in +--- linux.old/net/ipv4/netfilter/Config.in 2005-11-10 16:01:16.194074750 +0100 ++++ linux.dev/net/ipv4/netfilter/Config.in 2005-11-10 16:03:00.576598250 +0100 +@@ -44,6 +44,10 @@ if [ "$CONFIG_EXPERIMENTAL" = "y" ]; then dep_tristate ' Unclean match support (EXPERIMENTAL)' CONFIG_IP_NF_MATCH_UNCLEAN $CONFIG_IP_NF_IPTABLES dep_tristate ' Owner match support (EXPERIMENTAL)' CONFIG_IP_NF_MATCH_OWNER $CONFIG_IP_NF_IPTABLES @@ -90,10 +91,10 @@ diff -Nurp linux-2.4.30/net/ipv4/netfilter/Config.in linux-2.4.30-layer7/net/ipv fi # The targets dep_tristate ' Packet filtering' CONFIG_IP_NF_FILTER $CONFIG_IP_NF_IPTABLES -diff -Nurp linux-2.4.30/net/ipv4/netfilter/Makefile linux-2.4.30-layer7/net/ipv4/netfilter/Makefile ---- linux-2.4.30/net/ipv4/netfilter/Makefile 2003-08-25 06:44:44.000000000 -0500 -+++ linux-2.4.30-layer7/net/ipv4/netfilter/Makefile 2005-05-03 18:44:12.000000000 -0500 -@@ -86,6 +86,7 @@ obj-$(CONFIG_IP_NF_MATCH_STATE) += ipt_s +diff -urN linux.old/net/ipv4/netfilter/Makefile linux.dev/net/ipv4/netfilter/Makefile +--- linux.old/net/ipv4/netfilter/Makefile 2005-11-10 16:01:16.210075750 +0100 ++++ linux.dev/net/ipv4/netfilter/Makefile 2005-11-10 16:03:00.576598250 +0100 +@@ -87,6 +87,7 @@ obj-$(CONFIG_IP_NF_MATCH_CONNTRACK) += ipt_conntrack.o obj-$(CONFIG_IP_NF_MATCH_UNCLEAN) += ipt_unclean.o obj-$(CONFIG_IP_NF_MATCH_TCPMSS) += ipt_tcpmss.o @@ -101,10 +102,10 @@ diff -Nurp linux-2.4.30/net/ipv4/netfilter/Makefile linux-2.4.30-layer7/net/ipv4 # targets obj-$(CONFIG_IP_NF_TARGET_REJECT) += ipt_REJECT.o -diff -Nurp linux-2.4.30/net/ipv4/netfilter/ip_conntrack_core.c linux-2.4.30-layer7/net/ipv4/netfilter/ip_conntrack_core.c ---- linux-2.4.30/net/ipv4/netfilter/ip_conntrack_core.c 2005-04-03 20:42:20.000000000 -0500 -+++ linux-2.4.30-layer7/net/ipv4/netfilter/ip_conntrack_core.c 2005-05-03 18:37:03.000000000 -0500 -@@ -346,6 +346,14 @@ destroy_conntrack(struct nf_conntrack *n +diff -urN linux.old/net/ipv4/netfilter/ip_conntrack_core.c linux.dev/net/ipv4/netfilter/ip_conntrack_core.c +--- linux.old/net/ipv4/netfilter/ip_conntrack_core.c 2005-04-04 03:42:20.000000000 +0200 ++++ linux.dev/net/ipv4/netfilter/ip_conntrack_core.c 2005-11-10 16:03:00.584598750 +0100 +@@ -346,6 +346,14 @@ } kfree(ct->master); } @@ -119,10 +120,10 @@ diff -Nurp linux-2.4.30/net/ipv4/netfilter/ip_conntrack_core.c linux-2.4.30-laye WRITE_UNLOCK(&ip_conntrack_lock); if (master) -diff -Nurp linux-2.4.30/net/ipv4/netfilter/ip_conntrack_standalone.c linux-2.4.30-layer7/net/ipv4/netfilter/ip_conntrack_standalone.c ---- linux-2.4.30/net/ipv4/netfilter/ip_conntrack_standalone.c 2005-04-03 20:42:20.000000000 -0500 -+++ linux-2.4.30-layer7/net/ipv4/netfilter/ip_conntrack_standalone.c 2005-05-03 18:37:03.000000000 -0500 -@@ -107,6 +107,13 @@ print_conntrack(char *buffer, struct ip_ +diff -urN linux.old/net/ipv4/netfilter/ip_conntrack_standalone.c linux.dev/net/ipv4/netfilter/ip_conntrack_standalone.c +--- linux.old/net/ipv4/netfilter/ip_conntrack_standalone.c 2005-04-04 03:42:20.000000000 +0200 ++++ linux.dev/net/ipv4/netfilter/ip_conntrack_standalone.c 2005-11-10 16:03:00.592599250 +0100 +@@ -107,6 +107,13 @@ len += sprintf(buffer + len, "[ASSURED] "); len += sprintf(buffer + len, "use=%u ", atomic_read(&conntrack->ct_general.use)); @@ -136,10 +137,10 @@ diff -Nurp linux-2.4.30/net/ipv4/netfilter/ip_conntrack_standalone.c linux-2.4.3 len += sprintf(buffer + len, "\n"); return len; -diff -Nurp linux-2.4.30/net/ipv4/netfilter/ipt_layer7.c linux-2.4.30-layer7/net/ipv4/netfilter/ipt_layer7.c ---- linux-2.4.30/net/ipv4/netfilter/ipt_layer7.c 1969-12-31 18:00:00.000000000 -0600 -+++ linux-2.4.30-layer7/net/ipv4/netfilter/ipt_layer7.c 2005-05-03 18:37:03.000000000 -0500 -@@ -0,0 +1,557 @@ +diff -urN linux.old/net/ipv4/netfilter/ipt_layer7.c linux.dev/net/ipv4/netfilter/ipt_layer7.c +--- linux.old/net/ipv4/netfilter/ipt_layer7.c 1970-01-01 01:00:00.000000000 +0100 ++++ linux.dev/net/ipv4/netfilter/ipt_layer7.c 2005-11-10 16:55:35.238845250 +0100 +@@ -0,0 +1,581 @@ +/* + Kernel module to match application layer (OSI layer 7) + data in connections. @@ -434,27 +435,34 @@ diff -Nurp linux-2.4.30/net/ipv4/netfilter/ipt_layer7.c linux-2.4.30-layer7/net/ + } +} + -+/* add the new app data to the conntrack. Return number of bytes added. */ -+static int add_data(struct ip_conntrack * master_conntrack, -+ char * app_data, int appdatalen) ++static int add_datastr(char *target, int offset, char *app_data, int len) +{ + int length = 0, i; -+ int oldlength = master_conntrack->layer7.app_data_len; -+ ++ + /* Strip nulls. Make everything lower case (our regex lib doesn't + do case insensitivity). Add it to the end of the current data. */ -+ for(i = 0; i < CONFIG_IP_NF_MATCH_LAYER7_MAXDATALEN-oldlength-1 && -+ i < appdatalen; i++) { ++ for(i = 0; i < CONFIG_IP_NF_MATCH_LAYER7_MAXDATALEN-offset-1 && ++ i < len; i++) { + if(app_data[i] != '\0') { -+ master_conntrack->layer7.app_data[length+oldlength] = ++ target[length+offset] = + /* the kernel version of tolower mungs 'upper ascii' */ + isascii(app_data[i])? tolower(app_data[i]) : app_data[i]; + length++; + } + } ++ target[length+offset] = '\0'; + -+ master_conntrack->layer7.app_data[length+oldlength] = '\0'; -+ master_conntrack->layer7.app_data_len = length + oldlength; ++ return length; ++} ++ ++/* add the new app data to the conntrack. Return number of bytes added. */ ++static int add_data(struct ip_conntrack * master_conntrack, ++ char * app_data, int appdatalen) ++{ ++ int length; ++ ++ length = add_datastr(master_conntrack->layer7.app_data, master_conntrack->layer7.app_data_len, app_data, appdatalen); ++ master_conntrack->layer7.app_data_len += length; + + return length; +} @@ -467,7 +475,7 @@ diff -Nurp linux-2.4.30/net/ipv4/netfilter/ipt_layer7.c linux-2.4.30-layer7/net/ + struct ipt_layer7_info * info = (struct ipt_layer7_info *)matchinfo; + enum ip_conntrack_info master_ctinfo, ctinfo; + struct ip_conntrack *master_conntrack, *conntrack; -+ unsigned char * app_data; ++ unsigned char *app_data, *tmp_data; + unsigned int pattern_result, appdatalen; + regexp * comppattern; + @@ -497,8 +505,8 @@ diff -Nurp linux-2.4.30/net/ipv4/netfilter/ipt_layer7.c linux-2.4.30-layer7/net/ + } + + /* if we've classified it or seen too many packets */ -+ if(TOTAL_PACKETS > num_packets || -+ master_conntrack->layer7.app_proto) { ++ if(!info->pkt && (TOTAL_PACKETS > num_packets || ++ master_conntrack->layer7.app_proto)) { + + pattern_result = match_no_append(conntrack, master_conntrack, ctinfo, master_ctinfo, info); + @@ -529,6 +537,23 @@ diff -Nurp linux-2.4.30/net/ipv4/netfilter/ipt_layer7.c linux-2.4.30-layer7/net/ + comppattern = compile_and_cache(info->pattern, info->protocol); + UNLOCK_BH(&list_lock); + ++ if (info->pkt) { ++ tmp_data = kmalloc(CONFIG_IP_NF_MATCH_LAYER7_MAXDATALEN, GFP_ATOMIC); ++ if(!tmp_data){ ++ if (net_ratelimit()) ++ printk(KERN_ERR "layer7: out of memory in match, bailing.\n"); ++ return info->invert; ++ } ++ ++ tmp_data[0] = '\0'; ++ add_datastr(tmp_data, 0, app_data, appdatalen); ++ pattern_result = ((comppattern && regexec(comppattern, tmp_data)) ? 1 : 0); ++ kfree(tmp_data); ++ tmp_data = NULL; ++ ++ return (pattern_result ^ info->invert); ++ } ++ + /* On the first packet of a connection, allocate space for app data */ + WRITE_LOCK(&ct_lock); + if(TOTAL_PACKETS == 1 && !skb->cb[0] && !master_conntrack->layer7.app_data) { @@ -697,9 +722,9 @@ diff -Nurp linux-2.4.30/net/ipv4/netfilter/ipt_layer7.c linux-2.4.30-layer7/net/ + +module_init(init); +module_exit(fini); -diff -Nurp linux-2.4.30/net/ipv4/netfilter/regexp/regexp.c linux-2.4.30-layer7/net/ipv4/netfilter/regexp/regexp.c ---- linux-2.4.30/net/ipv4/netfilter/regexp/regexp.c 1969-12-31 18:00:00.000000000 -0600 -+++ linux-2.4.30-layer7/net/ipv4/netfilter/regexp/regexp.c 2005-05-03 18:37:03.000000000 -0500 +diff -urN linux.old/net/ipv4/netfilter/regexp/regexp.c linux.dev/net/ipv4/netfilter/regexp/regexp.c +--- linux.old/net/ipv4/netfilter/regexp/regexp.c 1970-01-01 01:00:00.000000000 +0100 ++++ linux.dev/net/ipv4/netfilter/regexp/regexp.c 2005-11-10 16:03:00.596599500 +0100 @@ -0,0 +1,1195 @@ +/* + * regcomp and regexec -- regsub and regerror are elsewhere @@ -1896,9 +1921,9 @@ diff -Nurp linux-2.4.30/net/ipv4/netfilter/regexp/regexp.c linux-2.4.30-layer7/n +#endif + + -diff -Nurp linux-2.4.30/net/ipv4/netfilter/regexp/regexp.h linux-2.4.30-layer7/net/ipv4/netfilter/regexp/regexp.h ---- linux-2.4.30/net/ipv4/netfilter/regexp/regexp.h 1969-12-31 18:00:00.000000000 -0600 -+++ linux-2.4.30-layer7/net/ipv4/netfilter/regexp/regexp.h 2005-05-03 18:37:03.000000000 -0500 +diff -urN linux.old/net/ipv4/netfilter/regexp/regexp.h linux.dev/net/ipv4/netfilter/regexp/regexp.h +--- linux.old/net/ipv4/netfilter/regexp/regexp.h 1970-01-01 01:00:00.000000000 +0100 ++++ linux.dev/net/ipv4/netfilter/regexp/regexp.h 2005-11-10 16:03:00.596599500 +0100 @@ -0,0 +1,40 @@ +/* + * Definitions etc. for regexp(3) routines. @@ -1940,18 +1965,18 @@ diff -Nurp linux-2.4.30/net/ipv4/netfilter/regexp/regexp.h linux-2.4.30-layer7/n +void regerror(char *s); + +#endif -diff -Nurp linux-2.4.30/net/ipv4/netfilter/regexp/regmagic.h linux-2.4.30-layer7/net/ipv4/netfilter/regexp/regmagic.h ---- linux-2.4.30/net/ipv4/netfilter/regexp/regmagic.h 1969-12-31 18:00:00.000000000 -0600 -+++ linux-2.4.30-layer7/net/ipv4/netfilter/regexp/regmagic.h 2005-05-03 18:37:03.000000000 -0500 +diff -urN linux.old/net/ipv4/netfilter/regexp/regmagic.h linux.dev/net/ipv4/netfilter/regexp/regmagic.h +--- linux.old/net/ipv4/netfilter/regexp/regmagic.h 1970-01-01 01:00:00.000000000 +0100 ++++ linux.dev/net/ipv4/netfilter/regexp/regmagic.h 2005-11-10 16:03:00.596599500 +0100 @@ -0,0 +1,5 @@ +/* + * The first byte of the regexp internal "program" is actually this magic + * number; the start node begins in the second byte. + */ +#define MAGIC 0234 -diff -Nurp linux-2.4.30/net/ipv4/netfilter/regexp/regsub.c linux-2.4.30-layer7/net/ipv4/netfilter/regexp/regsub.c ---- linux-2.4.30/net/ipv4/netfilter/regexp/regsub.c 1969-12-31 18:00:00.000000000 -0600 -+++ linux-2.4.30-layer7/net/ipv4/netfilter/regexp/regsub.c 2005-05-03 18:37:03.000000000 -0500 +diff -urN linux.old/net/ipv4/netfilter/regexp/regsub.c linux.dev/net/ipv4/netfilter/regexp/regsub.c +--- linux.old/net/ipv4/netfilter/regexp/regsub.c 1970-01-01 01:00:00.000000000 +0100 ++++ linux.dev/net/ipv4/netfilter/regexp/regsub.c 2005-11-10 16:03:00.596599500 +0100 @@ -0,0 +1,95 @@ +/* + * regsub