update layer7 (forward port from whiterussian)

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@2538 3c298f89-4303-0410-b956-a3cf2f4a3e73

openwrt/package/iptables/patches/02-layer7-1.5nbd.patch

@@ -1,13 +1,44 @@
-diff -Nurp iptables-1.3.0-stock/extensions/.layer7-test iptables-1.3.0-layer7/extensions/.layer7-test
---- iptables-1.3.0-stock/extensions/.layer7-test	1969-12-31 18:00:00.000000000 -0600
-+++ iptables-1.3.0-layer7/extensions/.layer7-test	2005-03-01 22:12:06.000000000 -0600
+diff -urN iptables.old/extensions/.layer7-test iptables.dev/extensions/.layer7-test
+--- iptables.old/extensions/.layer7-test	1970-01-01 01:00:00.000000000 +0100
++++ iptables.dev/extensions/.layer7-test	2005-11-10 16:57:51.819381000 +0100
 @@ -0,0 +1,2 @@
 +#! /bin/sh
 +[ -f $KERNEL_DIR/include/linux/netfilter_ipv4/ipt_layer7.h ] && echo layer7
-diff -Nurp iptables-1.3.0-stock/extensions/libipt_layer7.c iptables-1.3.0-layer7/extensions/libipt_layer7.c
---- iptables-1.3.0-stock/extensions/libipt_layer7.c	1969-12-31 18:00:00.000000000 -0600
-+++ iptables-1.3.0-layer7/extensions/libipt_layer7.c	2005-03-06 22:14:13.000000000 -0600
-@@ -0,0 +1,357 @@
+diff -urN iptables.old/extensions/ipt_layer7.h iptables.dev/extensions/ipt_layer7.h
+--- iptables.old/extensions/ipt_layer7.h	1970-01-01 01:00:00.000000000 +0100
++++ iptables.dev/extensions/ipt_layer7.h	2005-11-10 17:46:32.933599750 +0100
+@@ -0,0 +1,27 @@
++/* 
++  By Matthew Strait <quadong@users.sf.net>, Dec 2003.
++  http://l7-filter.sf.net
++
++  This program is free software; you can redistribute it and/or
++  modify it under the terms of the GNU General Public License
++  as published by the Free Software Foundation; either version
++  2 of the License, or (at your option) any later version.
++  http://www.gnu.org/licenses/gpl.txt
++*/
++
++#ifndef _IPT_LAYER7_H
++#define _IPT_LAYER7_H
++
++#define MAX_PATTERN_LEN 8192
++#define MAX_PROTOCOL_LEN 256
++
++typedef char *(*proc_ipt_search) (char *, char, char *);
++
++struct ipt_layer7_info {
++    char protocol[MAX_PROTOCOL_LEN];
++    char invert:1;
++    char pattern[MAX_PATTERN_LEN];
++	char pkt;
++};
++
++#endif /* _IPT_LAYER7_H */
+diff -urN iptables.old/extensions/libipt_layer7.c iptables.dev/extensions/libipt_layer7.c
+--- iptables.old/extensions/libipt_layer7.c	1970-01-01 01:00:00.000000000 +0100
++++ iptables.dev/extensions/libipt_layer7.c	2005-11-10 17:47:01.399378750 +0100
+@@ -0,0 +1,358 @@
 +/* 
 +   Shared library add-on to iptables to add layer 7 matching support. 
 +  
@@ -34,7 +65,7 @@ diff -Nurp iptables-1.3.0-stock/extensions/libipt_layer7.c iptables-1.3.0-layer7
 +#include <dirent.h>
 +
 +#include <iptables.h>
-+#include <linux/netfilter_ipv4/ipt_layer7.h>
++#include "ipt_layer7.h"
 +
 +#define MAX_FN_LEN 256
 +
@@ -47,7 +78,8 @@ diff -Nurp iptables-1.3.0-stock/extensions/libipt_layer7.c iptables-1.3.0-layer7
 +	"LAYER7 match v%s options:\n"
 +	"--l7dir <directory>  : Look for patterns here instead of /etc/l7-protocols/\n"
 +	"                       (--l7dir must be specified before --l7proto if used!)\n"
-+	"--l7proto [!] <name> : Match the protocol defined in /etc/l7-protocols/name.pat\n",
++	"--l7proto [!] <name> : Match the protocol defined in /etc/l7-protocols/name.pat\n"
++	"--l7pkt              : Skip connection tracking and match individual packets\n",
 +	IPTABLES_VERSION);
 +	fputc('\n', stdout);
 +}
@@ -55,15 +87,10 @@ diff -Nurp iptables-1.3.0-stock/extensions/libipt_layer7.c iptables-1.3.0-layer7
 +static struct option opts[] = {
 +	{ .name = "l7proto", .has_arg = 1, .flag = 0, .val = '1' },
 +	{ .name = "l7dir",   .has_arg = 1, .flag = 0, .val = '2' },
++	{ .name = "l7pkt",   .has_arg = 0, .flag = 0, .val = '3' },
 +	{ .name = 0 }
 +};
 +
-+/* Initialize the match. */
-+static void init(struct ipt_entry_match *m, unsigned int *nfcache)
-+{
-+	*nfcache |= NFC_UNKNOWN;
-+}
-+
 +/* reads filename, puts protocol info into layer7_protocol_info, number of protocols to numprotos */
 +int parse_protocol_file(char * filename, const unsigned char * protoname, struct ipt_layer7_info *info)
 +{
@@ -305,6 +332,9 @@ diff -Nurp iptables-1.3.0-stock/extensions/libipt_layer7.c iptables-1.3.0-layer7
 +
 +		*flags = 1;
 +		break;
++	case '3':
++		layer7info->pkt = 1;
++		break;
 +
 +	default:
 +		return 0;
@@ -337,6 +367,9 @@ diff -Nurp iptables-1.3.0-stock/extensions/libipt_layer7.c iptables-1.3.0-layer7
 +
 +	print_protocol(((struct ipt_layer7_info *)match->data)->protocol,
 +		  ((struct ipt_layer7_info *)match->data)->invert, numeric);
++
++	if (((struct ipt_layer7_info *)match->data)->pkt)
++		printf("l7pkt ");
 +}
 +/* Saves the union ipt_matchinfo in parsable form to stdout. */
 +static void save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
@@ -353,7 +386,6 @@ diff -Nurp iptables-1.3.0-stock/extensions/libipt_layer7.c iptables-1.3.0-layer7
 +    .size          = IPT_ALIGN(sizeof(struct ipt_layer7_info)),
 +    .userspacesize = IPT_ALIGN(sizeof(struct ipt_layer7_info)),
 +    .help          = &help,
-+    .init          = &init,
 +    .parse         = &parse,
 +    .final_check   = &final_check,
 +    .print         = &print,
@@ -365,9 +397,9 @@ diff -Nurp iptables-1.3.0-stock/extensions/libipt_layer7.c iptables-1.3.0-layer7
 +{
 +	register_match(&layer7);
 +}
-diff -Nurp iptables-1.3.0-stock/extensions/libipt_layer7.man iptables-1.3.0-layer7/extensions/libipt_layer7.man
---- iptables-1.3.0-stock/extensions/libipt_layer7.man	1969-12-31 18:00:00.000000000 -0600
-+++ iptables-1.3.0-layer7/extensions/libipt_layer7.man	2005-03-01 22:12:06.000000000 -0600
+diff -urN iptables.old/extensions/libipt_layer7.man iptables.dev/extensions/libipt_layer7.man
+--- iptables.old/extensions/libipt_layer7.man	1970-01-01 01:00:00.000000000 +0100
++++ iptables.dev/extensions/libipt_layer7.man	2005-11-10 16:57:51.823381250 +0100
 @@ -0,0 +1,13 @@
 +This module matches packets based on the application layer data of 
 +their connections.  It uses regular expression matching to compare