-diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h
-index 841e2f0f5240..636e5abedb08 100644
---- a/include/linux/skbuff.h
-+++ b/include/linux/skbuff.h
-@@ -768,6 +768,9 @@ struct sk_buff {
-
+diff -Naur a/include/linux/skbuff.h b/include/linux/skbuff.h
+--- a/include/linux/skbuff.h 2022-01-27 10:05:44.000000000 +0000
++++ b/include/linux/skbuff.h 2022-01-29 08:04:32.984637671 +0000
+@@ -772,6 +772,9 @@
#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
unsigned long _nfct;
-+#endif
+ #endif
+#if defined(CONFIG_NETFILTER_XT_MATCH_LAYER7) || defined(CONFIG_NETFILTER_XT_MATCH_LAYER7_MODULE)
+ char layer7_flags[1];
- #endif
++#endif
unsigned int len,
data_len;
-diff --git a/include/net/netfilter/nf_conntrack.h b/include/net/netfilter/nf_conntrack.h
-index cc663c68ddc4..55655f5ee4f2 100644
---- a/include/net/netfilter/nf_conntrack.h
-+++ b/include/net/netfilter/nf_conntrack.h
-@@ -117,6 +117,23 @@ struct nf_conn {
+ __u16 mac_len,
+diff -Naur a/include/net/netfilter/nf_conntrack.h b/include/net/netfilter/nf_conntrack.h
+--- a/include/net/netfilter/nf_conntrack.h 2022-01-27 10:05:44.000000000 +0000
++++ b/include/net/netfilter/nf_conntrack.h 2022-01-29 08:04:32.984637671 +0000
+@@ -117,6 +117,23 @@
/* Extensions */
struct nf_ct_ext *ext;
/* Storage reserved for other modules, must be the last member */
union nf_conntrack_proto proto;
};
-diff --git a/include/uapi/linux/netfilter/xt_layer7.h b/include/uapi/linux/netfilter/xt_layer7.h
-new file mode 100644
-index 000000000000..147cd6477858
---- /dev/null
-+++ b/include/uapi/linux/netfilter/xt_layer7.h
+diff -Naur a/include/uapi/linux/netfilter/xt_layer7.h b/include/uapi/linux/netfilter/xt_layer7.h
+--- a/include/uapi/linux/netfilter/xt_layer7.h 1970-01-01 00:00:00.000000000 +0000
++++ b/include/uapi/linux/netfilter/xt_layer7.h 2022-01-29 08:04:32.984637671 +0000
@@ -0,0 +1,13 @@
+#ifndef _XT_LAYER7_H
+#define _XT_LAYER7_H
+};
+
+#endif /* _XT_LAYER7_H */
-diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig
-index 92a747896f80..0152bdbc338e 100644
---- a/net/netfilter/Kconfig
-+++ b/net/netfilter/Kconfig
-@@ -1389,6 +1389,26 @@ config NETFILTER_XT_MATCH_L2TP
+diff -Naur a/net/netfilter/Kconfig b/net/netfilter/Kconfig
+--- a/net/netfilter/Kconfig 2022-01-27 10:05:44.000000000 +0000
++++ b/net/netfilter/Kconfig 2022-01-29 08:04:32.988637605 +0000
+@@ -1389,6 +1389,26 @@
To compile it as a module, choose M here. If unsure, say N.
config NETFILTER_XT_MATCH_LENGTH
tristate '"length" match support'
depends on NETFILTER_ADVANCED
-diff --git a/net/netfilter/Makefile b/net/netfilter/Makefile
-index aab20e575ecd..0dfd2c3df9e1 100644
---- a/net/netfilter/Makefile
-+++ b/net/netfilter/Makefile
-@@ -201,6 +201,7 @@ obj-$(CONFIG_NETFILTER_XT_MATCH_RECENT) += xt_recent.o
+diff -Naur a/net/netfilter/Makefile b/net/netfilter/Makefile
+--- a/net/netfilter/Makefile 2022-01-27 10:05:44.000000000 +0000
++++ b/net/netfilter/Makefile 2022-01-29 08:04:32.988637605 +0000
+@@ -201,6 +201,7 @@
obj-$(CONFIG_NETFILTER_XT_MATCH_SCTP) += xt_sctp.o
obj-$(CONFIG_NETFILTER_XT_MATCH_SOCKET) += xt_socket.o
obj-$(CONFIG_NETFILTER_XT_MATCH_STATE) += xt_state.o
obj-$(CONFIG_NETFILTER_XT_MATCH_STATISTIC) += xt_statistic.o
obj-$(CONFIG_NETFILTER_XT_MATCH_STRING) += xt_string.o
obj-$(CONFIG_NETFILTER_XT_MATCH_TCPMSS) += xt_tcpmss.o
-diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
-index 770a63103c7a..5951aedc010a 100644
---- a/net/netfilter/nf_conntrack_core.c
-+++ b/net/netfilter/nf_conntrack_core.c
-@@ -636,6 +636,11 @@ destroy_conntrack(struct nf_conntrack *nfct)
+diff -Naur a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
+--- a/net/netfilter/nf_conntrack_core.c 2022-01-27 10:05:44.000000000 +0000
++++ b/net/netfilter/nf_conntrack_core.c 2022-01-29 08:04:32.992637539 +0000
+@@ -636,6 +636,11 @@
*/
nf_ct_remove_expectations(ct);
nf_ct_del_from_dying_or_unconfirmed_list(ct);
local_bh_enable();
-diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c
-index 80f675d884b2..3e7c0a85bdcf 100644
---- a/net/netfilter/nf_conntrack_standalone.c
-+++ b/net/netfilter/nf_conntrack_standalone.c
-@@ -370,6 +370,11 @@ static int ct_seq_show(struct seq_file *s, void *v)
+diff -Naur a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c
+--- a/net/netfilter/nf_conntrack_standalone.c 2022-01-27 10:05:44.000000000 +0000
++++ b/net/netfilter/nf_conntrack_standalone.c 2022-01-29 08:04:32.992637539 +0000
+@@ -370,6 +370,11 @@
ct_show_zone(s, ct, NF_CT_DEFAULT_ZONE_DIR);
ct_show_delta_time(s, ct);
seq_printf(s, "use=%u\n", atomic_read(&ct->ct_general.use));
if (seq_has_overflowed(s))
-diff --git a/net/netfilter/regexp/regexp.c b/net/netfilter/regexp/regexp.c
-new file mode 100644
-index 000000000000..900698886531
---- /dev/null
-+++ b/net/netfilter/regexp/regexp.c
+diff -Naur a/net/netfilter/regexp/regexp.c b/net/netfilter/regexp/regexp.c
+--- a/net/netfilter/regexp/regexp.c 1970-01-01 00:00:00.000000000 +0000
++++ b/net/netfilter/regexp/regexp.c 2022-01-29 08:04:32.992637539 +0000
@@ -0,0 +1,1197 @@
+/*
+ * regcomp and regexec -- regsub and regerror are elsewhere
+#endif
+
+
-diff --git a/net/netfilter/regexp/regexp.h b/net/netfilter/regexp/regexp.h
-new file mode 100644
-index 000000000000..a72eba71fb61
---- /dev/null
-+++ b/net/netfilter/regexp/regexp.h
+diff -Naur a/net/netfilter/regexp/regexp.h b/net/netfilter/regexp/regexp.h
+--- a/net/netfilter/regexp/regexp.h 1970-01-01 00:00:00.000000000 +0000
++++ b/net/netfilter/regexp/regexp.h 2022-01-29 08:04:32.992637539 +0000
@@ -0,0 +1,41 @@
+/*
+ * Definitions etc. for regexp(3) routines.
+void regerror(char *s);
+
+#endif
-diff --git a/net/netfilter/regexp/regmagic.h b/net/netfilter/regexp/regmagic.h
-new file mode 100644
-index 000000000000..5acf4478ff71
---- /dev/null
-+++ b/net/netfilter/regexp/regmagic.h
+diff -Naur a/net/netfilter/regexp/regmagic.h b/net/netfilter/regexp/regmagic.h
+--- a/net/netfilter/regexp/regmagic.h 1970-01-01 00:00:00.000000000 +0000
++++ b/net/netfilter/regexp/regmagic.h 2022-01-29 08:04:32.992637539 +0000
@@ -0,0 +1,5 @@
+/*
+ * The first byte of the regexp internal "program" is actually this magic
+ * number; the start node begins in the second byte.
+ */
+#define MAGIC 0234
-diff --git a/net/netfilter/regexp/regsub.c b/net/netfilter/regexp/regsub.c
-new file mode 100644
-index 000000000000..339631f06f00
---- /dev/null
-+++ b/net/netfilter/regexp/regsub.c
+diff -Naur a/net/netfilter/regexp/regsub.c b/net/netfilter/regexp/regsub.c
+--- a/net/netfilter/regexp/regsub.c 1970-01-01 00:00:00.000000000 +0000
++++ b/net/netfilter/regexp/regsub.c 2022-01-29 08:04:32.992637539 +0000
@@ -0,0 +1,95 @@
+/*
+ * regsub
+ }
+ *dst++ = '\0';
+}
-diff --git a/net/netfilter/xt_layer7.c b/net/netfilter/xt_layer7.c
-new file mode 100644
-index 000000000000..a7eb760123bf
---- /dev/null
-+++ b/net/netfilter/xt_layer7.c
+diff -Naur a/net/netfilter/xt_layer7.c b/net/netfilter/xt_layer7.c
+--- a/net/netfilter/xt_layer7.c 1970-01-01 00:00:00.000000000 +0000
++++ b/net/netfilter/xt_layer7.c 2022-01-29 08:04:32.992637539 +0000
@@ -0,0 +1,666 @@
+/*
+ Kernel module to match application layer (OSI layer 7) data in connections.
projects / people / pmueller / ipfire-2.x.git / blobdiff