Changeset 2538


Ignore:
Timestamp:
2005-11-19T20:24:33+01:00 (11 years ago)
Author:
nbd
Message:

update layer7 (forward port from whiterussian)

Location:
trunk/openwrt
Files:
2 moved

Legend:

Unmodified
Added
Removed
  • trunk/openwrt/package/iptables/patches/02-layer7-1.5nbd.patch

    r2536 r2538  
    1 diff -Nurp iptables-1.3.0-stock/extensions/.layer7-test iptables-1.3.0-layer7/extensions/.layer7-test 
    2 --- iptables-1.3.0-stock/extensions/.layer7-test        1969-12-31 18:00:00.000000000 -0600 
    3 +++ iptables-1.3.0-layer7/extensions/.layer7-test       2005-03-01 22:12:06.000000000 -0600 
     1diff -urN iptables.old/extensions/.layer7-test iptables.dev/extensions/.layer7-test 
     2--- iptables.old/extensions/.layer7-test        1970-01-01 01:00:00.000000000 +0100 
     3+++ iptables.dev/extensions/.layer7-test        2005-11-10 16:57:51.819381000 +0100 
    44@@ -0,0 +1,2 @@ 
    55+#! /bin/sh 
    66+[ -f $KERNEL_DIR/include/linux/netfilter_ipv4/ipt_layer7.h ] && echo layer7 
    7 diff -Nurp iptables-1.3.0-stock/extensions/libipt_layer7.c iptables-1.3.0-layer7/extensions/libipt_layer7.c 
    8 --- iptables-1.3.0-stock/extensions/libipt_layer7.c     1969-12-31 18:00:00.000000000 -0600 
    9 +++ iptables-1.3.0-layer7/extensions/libipt_layer7.c    2005-03-06 22:14:13.000000000 -0600 
    10 @@ -0,0 +1,357 @@ 
     7diff -urN iptables.old/extensions/ipt_layer7.h iptables.dev/extensions/ipt_layer7.h 
     8--- iptables.old/extensions/ipt_layer7.h        1970-01-01 01:00:00.000000000 +0100 
     9+++ iptables.dev/extensions/ipt_layer7.h        2005-11-10 17:46:32.933599750 +0100 
     10@@ -0,0 +1,27 @@ 
     11+/*  
     12+  By Matthew Strait <quadong@users.sf.net>, Dec 2003. 
     13+  http://l7-filter.sf.net 
     14+ 
     15+  This program is free software; you can redistribute it and/or 
     16+  modify it under the terms of the GNU General Public License 
     17+  as published by the Free Software Foundation; either version 
     18+  2 of the License, or (at your option) any later version. 
     19+  http://www.gnu.org/licenses/gpl.txt 
     20+*/ 
     21+ 
     22+#ifndef _IPT_LAYER7_H 
     23+#define _IPT_LAYER7_H 
     24+ 
     25+#define MAX_PATTERN_LEN 8192 
     26+#define MAX_PROTOCOL_LEN 256 
     27+ 
     28+typedef char *(*proc_ipt_search) (char *, char, char *); 
     29+ 
     30+struct ipt_layer7_info { 
     31+    char protocol[MAX_PROTOCOL_LEN]; 
     32+    char invert:1; 
     33+    char pattern[MAX_PATTERN_LEN]; 
     34+       char pkt; 
     35+}; 
     36+ 
     37+#endif /* _IPT_LAYER7_H */ 
     38diff -urN iptables.old/extensions/libipt_layer7.c iptables.dev/extensions/libipt_layer7.c 
     39--- iptables.old/extensions/libipt_layer7.c     1970-01-01 01:00:00.000000000 +0100 
     40+++ iptables.dev/extensions/libipt_layer7.c     2005-11-10 17:47:01.399378750 +0100 
     41@@ -0,0 +1,358 @@ 
    1142+/*  
    1243+   Shared library add-on to iptables to add layer 7 matching support.  
     
    3566+ 
    3667+#include <iptables.h> 
    37 +#include <linux/netfilter_ipv4/ipt_layer7.h> 
     68+#include "ipt_layer7.h" 
    3869+ 
    3970+#define MAX_FN_LEN 256 
     
    4879+       "--l7dir <directory>  : Look for patterns here instead of /etc/l7-protocols/\n" 
    4980+       "                       (--l7dir must be specified before --l7proto if used!)\n" 
    50 +       "--l7proto [!] <name> : Match the protocol defined in /etc/l7-protocols/name.pat\n", 
     81+       "--l7proto [!] <name> : Match the protocol defined in /etc/l7-protocols/name.pat\n" 
     82+       "--l7pkt              : Skip connection tracking and match individual packets\n", 
    5183+       IPTABLES_VERSION); 
    5284+       fputc('\n', stdout); 
     
    5688+       { .name = "l7proto", .has_arg = 1, .flag = 0, .val = '1' }, 
    5789+       { .name = "l7dir",   .has_arg = 1, .flag = 0, .val = '2' }, 
     90+       { .name = "l7pkt",   .has_arg = 0, .flag = 0, .val = '3' }, 
    5891+       { .name = 0 } 
    5992+}; 
    60 + 
    61 +/* Initialize the match. */ 
    62 +static void init(struct ipt_entry_match *m, unsigned int *nfcache) 
    63 +{ 
    64 +       *nfcache |= NFC_UNKNOWN; 
    65 +} 
    6693+ 
    6794+/* reads filename, puts protocol info into layer7_protocol_info, number of protocols to numprotos */ 
     
    306333+               *flags = 1; 
    307334+               break; 
     335+       case '3': 
     336+               layer7info->pkt = 1; 
     337+               break; 
    308338+ 
    309339+       default: 
     
    338368+       print_protocol(((struct ipt_layer7_info *)match->data)->protocol, 
    339369+                 ((struct ipt_layer7_info *)match->data)->invert, numeric); 
     370+ 
     371+       if (((struct ipt_layer7_info *)match->data)->pkt) 
     372+               printf("l7pkt "); 
    340373+} 
    341374+/* Saves the union ipt_matchinfo in parsable form to stdout. */ 
     
    354387+    .userspacesize = IPT_ALIGN(sizeof(struct ipt_layer7_info)), 
    355388+    .help          = &help, 
    356 +    .init          = &init, 
    357389+    .parse         = &parse, 
    358390+    .final_check   = &final_check, 
     
    366398+       register_match(&layer7); 
    367399+} 
    368 diff -Nurp iptables-1.3.0-stock/extensions/libipt_layer7.man iptables-1.3.0-layer7/extensions/libipt_layer7.man 
    369 --- iptables-1.3.0-stock/extensions/libipt_layer7.man   1969-12-31 18:00:00.000000000 -0600 
    370 +++ iptables-1.3.0-layer7/extensions/libipt_layer7.man  2005-03-01 22:12:06.000000000 -0600 
     400diff -urN iptables.old/extensions/libipt_layer7.man iptables.dev/extensions/libipt_layer7.man 
     401--- iptables.old/extensions/libipt_layer7.man   1970-01-01 01:00:00.000000000 +0100 
     402+++ iptables.dev/extensions/libipt_layer7.man   2005-11-10 16:57:51.823381250 +0100 
    371403@@ -0,0 +1,13 @@ 
    372404+This module matches packets based on the application layer data of  
  • trunk/openwrt/target/linux/linux-2.4/patches/generic/602-netfilter_layer7_1.5nbd.patch

    r2536 r2538  
    1 diff -Nurp linux-2.4.30/Documentation/Configure.help linux-2.4.30-layer7/Documentation/Configure.help 
    2 --- linux-2.4.30/Documentation/Configure.help   2005-04-03 20:42:19.000000000 -0500 
    3 +++ linux-2.4.30-layer7/Documentation/Configure.help    2005-05-03 18:37:03.000000000 -0500 
    4 @@ -29056,6 +29056,23 @@ CONFIG_SOUND_WM97XX 
     1diff -urN linux.old/Documentation/Configure.help linux.dev/Documentation/Configure.help 
     2--- linux.old/Documentation/Configure.help      2005-11-10 16:01:07.645540500 +0100 
     3+++ linux.dev/Documentation/Configure.help      2005-11-10 16:03:00.524595000 +0100 
     4@@ -29082,6 +29082,23 @@ 
    55    
    66   If unsure, say N. 
     
    2626 # A couple of things I keep forgetting: 
    2727 #   capitalize: AppleTalk, Ethernet, DOS, DMA, FAT, FTP, Internet, 
    28 diff -Nurp linux-2.4.30/include/linux/netfilter_ipv4/ip_conntrack.h linux-2.4.30-layer7/include/linux/netfilter_ipv4/ip_conntrack.h 
    29 --- linux-2.4.30/include/linux/netfilter_ipv4/ip_conntrack.h    2005-04-03 20:42:20.000000000 -0500 
    30 +++ linux-2.4.30-layer7/include/linux/netfilter_ipv4/ip_conntrack.h     2005-05-03 18:37:03.000000000 -0500 
    31 @@ -207,6 +207,17 @@ struct ip_conntrack 
     28diff -urN linux.old/include/linux/netfilter_ipv4/ip_conntrack.h linux.dev/include/linux/netfilter_ipv4/ip_conntrack.h 
     29--- linux.old/include/linux/netfilter_ipv4/ip_conntrack.h       2005-04-04 03:42:20.000000000 +0200 
     30+++ linux.dev/include/linux/netfilter_ipv4/ip_conntrack.h       2005-11-10 16:03:00.544596250 +0100 
     31@@ -207,6 +207,17 @@ 
    3232        } nat; 
    3333 #endif /* CONFIG_IP_NF_NAT_NEEDED */ 
     
    4747  
    4848 /* get master conntrack via master expectation */ 
    49 diff -Nurp linux-2.4.30/include/linux/netfilter_ipv4/ipt_layer7.h linux-2.4.30-layer7/include/linux/netfilter_ipv4/ipt_layer7.h 
    50 --- linux-2.4.30/include/linux/netfilter_ipv4/ipt_layer7.h      1969-12-31 18:00:00.000000000 -0600 
    51 +++ linux-2.4.30-layer7/include/linux/netfilter_ipv4/ipt_layer7.h       2005-05-03 18:37:03.000000000 -0500 
    52 @@ -0,0 +1,26 @@ 
     49diff -urN linux.old/include/linux/netfilter_ipv4/ipt_layer7.h linux.dev/include/linux/netfilter_ipv4/ipt_layer7.h 
     50--- linux.old/include/linux/netfilter_ipv4/ipt_layer7.h 1970-01-01 01:00:00.000000000 +0100 
     51+++ linux.dev/include/linux/netfilter_ipv4/ipt_layer7.h 2005-11-10 17:22:12.777440750 +0100 
     52@@ -0,0 +1,27 @@ 
    5353+/*  
    5454+  By Matthew Strait <quadong@users.sf.net>, Dec 2003. 
     
    7474+    char invert:1; 
    7575+    char pattern[MAX_PATTERN_LEN]; 
     76+       char pkt; 
    7677+}; 
    7778+ 
    7879+#endif /* _IPT_LAYER7_H */ 
    79 diff -Nurp linux-2.4.30/net/ipv4/netfilter/Config.in linux-2.4.30-layer7/net/ipv4/netfilter/Config.in 
    80 --- linux-2.4.30/net/ipv4/netfilter/Config.in   2005-01-19 08:10:13.000000000 -0600 
    81 +++ linux-2.4.30-layer7/net/ipv4/netfilter/Config.in    2005-05-03 18:37:03.000000000 -0500 
    82 @@ -43,6 +43,10 @@ if [ "$CONFIG_IP_NF_IPTABLES" != "n" ];  
     80diff -urN linux.old/net/ipv4/netfilter/Config.in linux.dev/net/ipv4/netfilter/Config.in 
     81--- linux.old/net/ipv4/netfilter/Config.in      2005-11-10 16:01:16.194074750 +0100 
     82+++ linux.dev/net/ipv4/netfilter/Config.in      2005-11-10 16:03:00.576598250 +0100 
     83@@ -44,6 +44,10 @@ 
    8384   if [ "$CONFIG_EXPERIMENTAL" = "y" ]; then 
    8485     dep_tristate '  Unclean match support (EXPERIMENTAL)' CONFIG_IP_NF_MATCH_UNCLEAN $CONFIG_IP_NF_IPTABLES 
     
    9192 # The targets 
    9293   dep_tristate '  Packet filtering' CONFIG_IP_NF_FILTER $CONFIG_IP_NF_IPTABLES  
    93 diff -Nurp linux-2.4.30/net/ipv4/netfilter/Makefile linux-2.4.30-layer7/net/ipv4/netfilter/Makefile 
    94 --- linux-2.4.30/net/ipv4/netfilter/Makefile    2003-08-25 06:44:44.000000000 -0500 
    95 +++ linux-2.4.30-layer7/net/ipv4/netfilter/Makefile     2005-05-03 18:44:12.000000000 -0500 
    96 @@ -86,6 +86,7 @@ obj-$(CONFIG_IP_NF_MATCH_STATE) += ipt_s 
     94diff -urN linux.old/net/ipv4/netfilter/Makefile linux.dev/net/ipv4/netfilter/Makefile 
     95--- linux.old/net/ipv4/netfilter/Makefile       2005-11-10 16:01:16.210075750 +0100 
     96+++ linux.dev/net/ipv4/netfilter/Makefile       2005-11-10 16:03:00.576598250 +0100 
     97@@ -87,6 +87,7 @@ 
    9798 obj-$(CONFIG_IP_NF_MATCH_CONNTRACK) += ipt_conntrack.o 
    9899 obj-$(CONFIG_IP_NF_MATCH_UNCLEAN) += ipt_unclean.o 
     
    102103 # targets 
    103104 obj-$(CONFIG_IP_NF_TARGET_REJECT) += ipt_REJECT.o 
    104 diff -Nurp linux-2.4.30/net/ipv4/netfilter/ip_conntrack_core.c linux-2.4.30-layer7/net/ipv4/netfilter/ip_conntrack_core.c 
    105 --- linux-2.4.30/net/ipv4/netfilter/ip_conntrack_core.c 2005-04-03 20:42:20.000000000 -0500 
    106 +++ linux-2.4.30-layer7/net/ipv4/netfilter/ip_conntrack_core.c  2005-05-03 18:37:03.000000000 -0500 
    107 @@ -346,6 +346,14 @@ destroy_conntrack(struct nf_conntrack *n 
     105diff -urN linux.old/net/ipv4/netfilter/ip_conntrack_core.c linux.dev/net/ipv4/netfilter/ip_conntrack_core.c 
     106--- linux.old/net/ipv4/netfilter/ip_conntrack_core.c    2005-04-04 03:42:20.000000000 +0200 
     107+++ linux.dev/net/ipv4/netfilter/ip_conntrack_core.c    2005-11-10 16:03:00.584598750 +0100 
     108@@ -346,6 +346,14 @@ 
    108109                } 
    109110                kfree(ct->master); 
     
    120121  
    121122        if (master) 
    122 diff -Nurp linux-2.4.30/net/ipv4/netfilter/ip_conntrack_standalone.c linux-2.4.30-layer7/net/ipv4/netfilter/ip_conntrack_standalone.c 
    123 --- linux-2.4.30/net/ipv4/netfilter/ip_conntrack_standalone.c   2005-04-03 20:42:20.000000000 -0500 
    124 +++ linux-2.4.30-layer7/net/ipv4/netfilter/ip_conntrack_standalone.c    2005-05-03 18:37:03.000000000 -0500 
    125 @@ -107,6 +107,13 @@ print_conntrack(char *buffer, struct ip_ 
     123diff -urN linux.old/net/ipv4/netfilter/ip_conntrack_standalone.c linux.dev/net/ipv4/netfilter/ip_conntrack_standalone.c 
     124--- linux.old/net/ipv4/netfilter/ip_conntrack_standalone.c      2005-04-04 03:42:20.000000000 +0200 
     125+++ linux.dev/net/ipv4/netfilter/ip_conntrack_standalone.c      2005-11-10 16:03:00.592599250 +0100 
     126@@ -107,6 +107,13 @@ 
    126127                len += sprintf(buffer + len, "[ASSURED] "); 
    127128        len += sprintf(buffer + len, "use=%u ", 
     
    137138  
    138139        return len; 
    139 diff -Nurp linux-2.4.30/net/ipv4/netfilter/ipt_layer7.c linux-2.4.30-layer7/net/ipv4/netfilter/ipt_layer7.c 
    140 --- linux-2.4.30/net/ipv4/netfilter/ipt_layer7.c        1969-12-31 18:00:00.000000000 -0600 
    141 +++ linux-2.4.30-layer7/net/ipv4/netfilter/ipt_layer7.c 2005-05-03 18:37:03.000000000 -0500 
    142 @@ -0,0 +1,557 @@ 
     140diff -urN linux.old/net/ipv4/netfilter/ipt_layer7.c linux.dev/net/ipv4/netfilter/ipt_layer7.c 
     141--- linux.old/net/ipv4/netfilter/ipt_layer7.c   1970-01-01 01:00:00.000000000 +0100 
     142+++ linux.dev/net/ipv4/netfilter/ipt_layer7.c   2005-11-10 16:55:35.238845250 +0100 
     143@@ -0,0 +1,581 @@ 
    143144+/*  
    144145+  Kernel module to match application layer (OSI layer 7)  
     
    435436+} 
    436437+ 
    437 +/* add the new app data to the conntrack.  Return number of bytes added. */ 
    438 +static int add_data(struct ip_conntrack * master_conntrack,  
    439 +                       char * app_data, int appdatalen) 
     438+static int add_datastr(char *target, int offset, char *app_data, int len) 
    440439+{ 
    441440+       int length = 0, i; 
    442 +       int oldlength = master_conntrack->layer7.app_data_len; 
    443 + 
     441+        
    444442+       /* Strip nulls. Make everything lower case (our regex lib doesn't 
    445443+       do case insensitivity).  Add it to the end of the current data. */ 
    446 +       for(i = 0; i < CONFIG_IP_NF_MATCH_LAYER7_MAXDATALEN-oldlength-1 &&  
    447 +                  i < appdatalen; i++) { 
     444+       for(i = 0; i < CONFIG_IP_NF_MATCH_LAYER7_MAXDATALEN-offset-1 &&  
     445+                  i < len; i++) { 
    448446+               if(app_data[i] != '\0') { 
    449 +                       master_conntrack->layer7.app_data[length+oldlength] =  
     447+                       target[length+offset] =  
    450448+                               /* the kernel version of tolower mungs 'upper ascii' */ 
    451449+                               isascii(app_data[i])? tolower(app_data[i]) : app_data[i]; 
     
    453451+               } 
    454452+       } 
    455 + 
    456 +       master_conntrack->layer7.app_data[length+oldlength] = '\0'; 
    457 +       master_conntrack->layer7.app_data_len = length + oldlength; 
     453+       target[length+offset] = '\0'; 
     454+ 
     455+       return length; 
     456+} 
     457+ 
     458+/* add the new app data to the conntrack.  Return number of bytes added. */ 
     459+static int add_data(struct ip_conntrack * master_conntrack,  
     460+                       char * app_data, int appdatalen) 
     461+{ 
     462+       int length; 
     463+        
     464+       length = add_datastr(master_conntrack->layer7.app_data, master_conntrack->layer7.app_data_len, app_data, appdatalen); 
     465+       master_conntrack->layer7.app_data_len += length; 
    458466+ 
    459467+       return length; 
     
    468476+       enum ip_conntrack_info master_ctinfo, ctinfo; 
    469477+       struct ip_conntrack *master_conntrack, *conntrack; 
    470 +       unsigned char * app_data;   
     478+       unsigned char *app_data, *tmp_data;   
    471479+       unsigned int pattern_result, appdatalen; 
    472480+       regexp * comppattern; 
     
    498506+ 
    499507+       /* if we've classified it or seen too many packets */ 
    500 +       if(TOTAL_PACKETS > num_packets ||  
    501 +          master_conntrack->layer7.app_proto) { 
     508+       if(!info->pkt && (TOTAL_PACKETS > num_packets ||  
     509+               master_conntrack->layer7.app_proto)) { 
    502510+        
    503511+               pattern_result = match_no_append(conntrack, master_conntrack, ctinfo, master_ctinfo, info); 
     
    530538+       UNLOCK_BH(&list_lock); 
    531539+ 
     540+       if (info->pkt) { 
     541+               tmp_data = kmalloc(CONFIG_IP_NF_MATCH_LAYER7_MAXDATALEN, GFP_ATOMIC); 
     542+               if(!tmp_data){ 
     543+                       if (net_ratelimit()) 
     544+                               printk(KERN_ERR "layer7: out of memory in match, bailing.\n"); 
     545+                       return info->invert; 
     546+               } 
     547+                
     548+               tmp_data[0] = '\0'; 
     549+               add_datastr(tmp_data, 0, app_data, appdatalen); 
     550+               pattern_result = ((comppattern && regexec(comppattern, tmp_data)) ? 1 : 0); 
     551+               kfree(tmp_data); 
     552+               tmp_data = NULL; 
     553+                
     554+               return (pattern_result ^ info->invert); 
     555+       } 
     556+        
    532557+       /* On the first packet of a connection, allocate space for app data */ 
    533558+       WRITE_LOCK(&ct_lock); 
     
    698723+module_init(init); 
    699724+module_exit(fini); 
    700 diff -Nurp linux-2.4.30/net/ipv4/netfilter/regexp/regexp.c linux-2.4.30-layer7/net/ipv4/netfilter/regexp/regexp.c 
    701 --- linux-2.4.30/net/ipv4/netfilter/regexp/regexp.c     1969-12-31 18:00:00.000000000 -0600 
    702 +++ linux-2.4.30-layer7/net/ipv4/netfilter/regexp/regexp.c      2005-05-03 18:37:03.000000000 -0500 
     725diff -urN linux.old/net/ipv4/netfilter/regexp/regexp.c linux.dev/net/ipv4/netfilter/regexp/regexp.c 
     726--- linux.old/net/ipv4/netfilter/regexp/regexp.c        1970-01-01 01:00:00.000000000 +0100 
     727+++ linux.dev/net/ipv4/netfilter/regexp/regexp.c        2005-11-10 16:03:00.596599500 +0100 
    703728@@ -0,0 +1,1195 @@ 
    704729+/* 
     
    18971922+ 
    18981923+ 
    1899 diff -Nurp linux-2.4.30/net/ipv4/netfilter/regexp/regexp.h linux-2.4.30-layer7/net/ipv4/netfilter/regexp/regexp.h 
    1900 --- linux-2.4.30/net/ipv4/netfilter/regexp/regexp.h     1969-12-31 18:00:00.000000000 -0600 
    1901 +++ linux-2.4.30-layer7/net/ipv4/netfilter/regexp/regexp.h      2005-05-03 18:37:03.000000000 -0500 
     1924diff -urN linux.old/net/ipv4/netfilter/regexp/regexp.h linux.dev/net/ipv4/netfilter/regexp/regexp.h 
     1925--- linux.old/net/ipv4/netfilter/regexp/regexp.h        1970-01-01 01:00:00.000000000 +0100 
     1926+++ linux.dev/net/ipv4/netfilter/regexp/regexp.h        2005-11-10 16:03:00.596599500 +0100 
    19021927@@ -0,0 +1,40 @@ 
    19031928+/* 
     
    19411966+ 
    19421967+#endif 
    1943 diff -Nurp linux-2.4.30/net/ipv4/netfilter/regexp/regmagic.h linux-2.4.30-layer7/net/ipv4/netfilter/regexp/regmagic.h 
    1944 --- linux-2.4.30/net/ipv4/netfilter/regexp/regmagic.h   1969-12-31 18:00:00.000000000 -0600 
    1945 +++ linux-2.4.30-layer7/net/ipv4/netfilter/regexp/regmagic.h    2005-05-03 18:37:03.000000000 -0500 
     1968diff -urN linux.old/net/ipv4/netfilter/regexp/regmagic.h linux.dev/net/ipv4/netfilter/regexp/regmagic.h 
     1969--- linux.old/net/ipv4/netfilter/regexp/regmagic.h      1970-01-01 01:00:00.000000000 +0100 
     1970+++ linux.dev/net/ipv4/netfilter/regexp/regmagic.h      2005-11-10 16:03:00.596599500 +0100 
    19461971@@ -0,0 +1,5 @@ 
    19471972+/* 
     
    19501975+ */ 
    19511976+#define        MAGIC   0234 
    1952 diff -Nurp linux-2.4.30/net/ipv4/netfilter/regexp/regsub.c linux-2.4.30-layer7/net/ipv4/netfilter/regexp/regsub.c 
    1953 --- linux-2.4.30/net/ipv4/netfilter/regexp/regsub.c     1969-12-31 18:00:00.000000000 -0600 
    1954 +++ linux-2.4.30-layer7/net/ipv4/netfilter/regexp/regsub.c      2005-05-03 18:37:03.000000000 -0500 
     1977diff -urN linux.old/net/ipv4/netfilter/regexp/regsub.c linux.dev/net/ipv4/netfilter/regexp/regsub.c 
     1978--- linux.old/net/ipv4/netfilter/regexp/regsub.c        1970-01-01 01:00:00.000000000 +0100 
     1979+++ linux.dev/net/ipv4/netfilter/regexp/regsub.c        2005-11-10 16:03:00.596599500 +0100 
    19551980@@ -0,0 +1,95 @@ 
    19561981+/* 
Note: See TracChangeset for help on using the changeset viewer.