--- /dev/null
+diff -Naur include.org/asm/errno.h include/asm/errno.h
+--- include.org/asm/errno.h 2010-02-12 18:21:40.000000000 +0100
++++ include/asm/errno.h 2010-02-12 18:19:41.000000000 +0100
+@@ -5,4 +5,8 @@
+ #include <linux/errno.h>
+ #endif
+
++#ifndef _ASM_GENERIC_ERRNO_H
++ #include <asm-generic/errno.h>
++#endif
++
+ #endif
+diff -Naur include.org/asm-generic/errno-base.h include/asm-generic/errno-base.h
+--- include.org/asm-generic/errno-base.h 1970-01-01 01:00:00.000000000 +0100
++++ include/asm-generic/errno-base.h 2010-02-09 13:57:19.000000000 +0100
+@@ -0,0 +1,39 @@
++#ifndef _ASM_GENERIC_ERRNO_BASE_H
++#define _ASM_GENERIC_ERRNO_BASE_H
++
++#define EPERM 1 /* Operation not permitted */
++#define ENOENT 2 /* No such file or directory */
++#define ESRCH 3 /* No such process */
++#define EINTR 4 /* Interrupted system call */
++#define EIO 5 /* I/O error */
++#define ENXIO 6 /* No such device or address */
++#define E2BIG 7 /* Argument list too long */
++#define ENOEXEC 8 /* Exec format error */
++#define EBADF 9 /* Bad file number */
++#define ECHILD 10 /* No child processes */
++#define EAGAIN 11 /* Try again */
++#define ENOMEM 12 /* Out of memory */
++#define EACCES 13 /* Permission denied */
++#define EFAULT 14 /* Bad address */
++#define ENOTBLK 15 /* Block device required */
++#define EBUSY 16 /* Device or resource busy */
++#define EEXIST 17 /* File exists */
++#define EXDEV 18 /* Cross-device link */
++#define ENODEV 19 /* No such device */
++#define ENOTDIR 20 /* Not a directory */
++#define EISDIR 21 /* Is a directory */
++#define EINVAL 22 /* Invalid argument */
++#define ENFILE 23 /* File table overflow */
++#define EMFILE 24 /* Too many open files */
++#define ENOTTY 25 /* Not a typewriter */
++#define ETXTBSY 26 /* Text file busy */
++#define EFBIG 27 /* File too large */
++#define ENOSPC 28 /* No space left on device */
++#define ESPIPE 29 /* Illegal seek */
++#define EROFS 30 /* Read-only file system */
++#define EMLINK 31 /* Too many links */
++#define EPIPE 32 /* Broken pipe */
++#define EDOM 33 /* Math argument out of domain of func */
++#define ERANGE 34 /* Math result not representable */
++
++#endif
+diff -Naur include.org/asm-generic/errno.h include/asm-generic/errno.h
+--- include.org/asm-generic/errno.h 1970-01-01 01:00:00.000000000 +0100
++++ include/asm-generic/errno.h 2010-02-09 13:57:19.000000000 +0100
+@@ -0,0 +1,111 @@
++#ifndef _ASM_GENERIC_ERRNO_H
++#define _ASM_GENERIC_ERRNO_H
++
++#include <asm-generic/errno-base.h>
++
++#define EDEADLK 35 /* Resource deadlock would occur */
++#define ENAMETOOLONG 36 /* File name too long */
++#define ENOLCK 37 /* No record locks available */
++#define ENOSYS 38 /* Function not implemented */
++#define ENOTEMPTY 39 /* Directory not empty */
++#define ELOOP 40 /* Too many symbolic links encountered */
++#define EWOULDBLOCK EAGAIN /* Operation would block */
++#define ENOMSG 42 /* No message of desired type */
++#define EIDRM 43 /* Identifier removed */
++#define ECHRNG 44 /* Channel number out of range */
++#define EL2NSYNC 45 /* Level 2 not synchronized */
++#define EL3HLT 46 /* Level 3 halted */
++#define EL3RST 47 /* Level 3 reset */
++#define ELNRNG 48 /* Link number out of range */
++#define EUNATCH 49 /* Protocol driver not attached */
++#define ENOCSI 50 /* No CSI structure available */
++#define EL2HLT 51 /* Level 2 halted */
++#define EBADE 52 /* Invalid exchange */
++#define EBADR 53 /* Invalid request descriptor */
++#define EXFULL 54 /* Exchange full */
++#define ENOANO 55 /* No anode */
++#define EBADRQC 56 /* Invalid request code */
++#define EBADSLT 57 /* Invalid slot */
++
++#define EDEADLOCK EDEADLK
++
++#define EBFONT 59 /* Bad font file format */
++#define ENOSTR 60 /* Device not a stream */
++#define ENODATA 61 /* No data available */
++#define ETIME 62 /* Timer expired */
++#define ENOSR 63 /* Out of streams resources */
++#define ENONET 64 /* Machine is not on the network */
++#define ENOPKG 65 /* Package not installed */
++#define EREMOTE 66 /* Object is remote */
++#define ENOLINK 67 /* Link has been severed */
++#define EADV 68 /* Advertise error */
++#define ESRMNT 69 /* Srmount error */
++#define ECOMM 70 /* Communication error on send */
++#define EPROTO 71 /* Protocol error */
++#define EMULTIHOP 72 /* Multihop attempted */
++#define EDOTDOT 73 /* RFS specific error */
++#define EBADMSG 74 /* Not a data message */
++#define EOVERFLOW 75 /* Value too large for defined data type */
++#define ENOTUNIQ 76 /* Name not unique on network */
++#define EBADFD 77 /* File descriptor in bad state */
++#define EREMCHG 78 /* Remote address changed */
++#define ELIBACC 79 /* Can not access a needed shared library */
++#define ELIBBAD 80 /* Accessing a corrupted shared library */
++#define ELIBSCN 81 /* .lib section in a.out corrupted */
++#define ELIBMAX 82 /* Attempting to link in too many shared libraries */
++#define ELIBEXEC 83 /* Cannot exec a shared library directly */
++#define EILSEQ 84 /* Illegal byte sequence */
++#define ERESTART 85 /* Interrupted system call should be restarted */
++#define ESTRPIPE 86 /* Streams pipe error */
++#define EUSERS 87 /* Too many users */
++#define ENOTSOCK 88 /* Socket operation on non-socket */
++#define EDESTADDRREQ 89 /* Destination address required */
++#define EMSGSIZE 90 /* Message too long */
++#define EPROTOTYPE 91 /* Protocol wrong type for socket */
++#define ENOPROTOOPT 92 /* Protocol not available */
++#define EPROTONOSUPPORT 93 /* Protocol not supported */
++#define ESOCKTNOSUPPORT 94 /* Socket type not supported */
++#define EOPNOTSUPP 95 /* Operation not supported on transport endpoint */
++#define EPFNOSUPPORT 96 /* Protocol family not supported */
++#define EAFNOSUPPORT 97 /* Address family not supported by protocol */
++#define EADDRINUSE 98 /* Address already in use */
++#define EADDRNOTAVAIL 99 /* Cannot assign requested address */
++#define ENETDOWN 100 /* Network is down */
++#define ENETUNREACH 101 /* Network is unreachable */
++#define ENETRESET 102 /* Network dropped connection because of reset */
++#define ECONNABORTED 103 /* Software caused connection abort */
++#define ECONNRESET 104 /* Connection reset by peer */
++#define ENOBUFS 105 /* No buffer space available */
++#define EISCONN 106 /* Transport endpoint is already connected */
++#define ENOTCONN 107 /* Transport endpoint is not connected */
++#define ESHUTDOWN 108 /* Cannot send after transport endpoint shutdown */
++#define ETOOMANYREFS 109 /* Too many references: cannot splice */
++#define ETIMEDOUT 110 /* Connection timed out */
++#define ECONNREFUSED 111 /* Connection refused */
++#define EHOSTDOWN 112 /* Host is down */
++#define EHOSTUNREACH 113 /* No route to host */
++#define EALREADY 114 /* Operation already in progress */
++#define EINPROGRESS 115 /* Operation now in progress */
++#define ESTALE 116 /* Stale NFS file handle */
++#define EUCLEAN 117 /* Structure needs cleaning */
++#define ENOTNAM 118 /* Not a XENIX named type file */
++#define ENAVAIL 119 /* No XENIX semaphores available */
++#define EISNAM 120 /* Is a named type file */
++#define EREMOTEIO 121 /* Remote I/O error */
++#define EDQUOT 122 /* Quota exceeded */
++
++#define ENOMEDIUM 123 /* No medium found */
++#define EMEDIUMTYPE 124 /* Wrong medium type */
++#define ECANCELED 125 /* Operation Canceled */
++#define ENOKEY 126 /* Required key not available */
++#define EKEYEXPIRED 127 /* Key has expired */
++#define EKEYREVOKED 128 /* Key has been revoked */
++#define EKEYREJECTED 129 /* Key was rejected by service */
++
++/* for robust mutexes */
++#define EOWNERDEAD 130 /* Owner died */
++#define ENOTRECOVERABLE 131 /* State not recoverable */
++
++#define ERFKILL 132 /* Operation not possible due to RF-kill */
++
++#endif
--- /dev/null
+diff -Naurw iptables-1.4.1/extensions/.IMQ-testx iptables-1.4.1.imq/extensions/.IMQ-testx
+--- iptables-1.4.1/extensions/.IMQ-testx 1969-12-31 21:00:00.000000000 -0300
++++ iptables-1.4.1.imq/extensions/.IMQ-testx 2008-06-24 22:20:06.000000000 -0300
+@@ -0,0 +1,3 @@
++#!/bin/sh
++# True if IMQ target patch is applied.
++[ -f $KERNEL_DIR/include/linux/netfilter/xt_IMQ.h ] && echo IMQ
+diff -Naurw iptables-1.4.1/extensions/libxt_IMQ.c iptables-1.4.1.imq/extensions/libxt_IMQ.c
+--- iptables-1.4.1/extensions/libxt_IMQ.c 1969-12-31 21:00:00.000000000 -0300
++++ iptables-1.4.1.imq/extensions/libxt_IMQ.c 2008-06-24 22:31:02.000000000 -0300
+@@ -0,0 +1,103 @@
++/* Shared library add-on to iptables to add IMQ target support. */
++#include <stdio.h>
++#include <string.h>
++#include <stdlib.h>
++#include <getopt.h>
++
++#include <xtables.h>
++#include <linux/netfilter/x_tables.h>
++#include <linux/netfilter/xt_IMQ.h>
++
++/* Function which prints out usage message. */
++static void IMQ_help(void)
++{
++ printf(
++"IMQ target options:\n"
++" --todev <N> enqueue to imq<N>, defaults to 0\n");
++
++}
++
++static struct option IMQ_opts[] = {
++ { "todev", 1, 0, '1' },
++ { 0 }
++};
++
++/* Initialize the target. */
++static void IMQ_init(struct xt_entry_target *t)
++{
++ struct xt_imq_info *mr = (struct xt_imq_info*)t->data;
++
++ mr->todev = 0;
++}
++
++/* Function which parses command options; returns true if it
++ ate an option */
++static int IMQ_parse(int c, char **argv, int invert, unsigned int *flags,
++ const void *entry, struct xt_entry_target **target)
++{
++ struct xt_imq_info *mr = (struct xt_imq_info*)(*target)->data;
++
++ switch(c) {
++ case '1':
++ if (xtables_check_inverse(optarg, &invert, NULL, 0, argv))
++ xtables_error(PARAMETER_PROBLEM,
++ "Unexpected `!' for --todev");
++ mr->todev=atoi(optarg);
++ break;
++ default:
++ return 0;
++ }
++ return 1;
++}
++
++/* Prints out the targinfo. */
++static void IMQ_print(const void *ip,
++ const struct xt_entry_target *target,
++ int numeric)
++{
++ struct xt_imq_info *mr = (struct xt_imq_info*)target->data;
++
++ printf("IMQ: todev %u ", mr->todev);
++}
++
++/* Saves the union ipt_targinfo in parsable form to stdout. */
++static void IMQ_save(const void *ip, const struct xt_entry_target *target)
++{
++ struct xt_imq_info *mr = (struct xt_imq_info*)target->data;
++
++ printf("--todev %u", mr->todev);
++}
++
++static struct xtables_target imq_target = {
++ .name = "IMQ",
++ .version = XTABLES_VERSION,
++ .family = NFPROTO_IPV4,
++ .size = XT_ALIGN(sizeof(struct xt_imq_info)),
++ .userspacesize = XT_ALIGN(sizeof(struct xt_imq_info)),
++ .help = IMQ_help,
++ .init = IMQ_init,
++ .parse = IMQ_parse,
++ .print = IMQ_print,
++ .save = IMQ_save,
++ .extra_opts = IMQ_opts,
++};
++
++static struct xtables_target imq_target6 = {
++ .name = "IMQ",
++ .version = XTABLES_VERSION,
++ .family = NFPROTO_IPV6,
++ .size = XT_ALIGN(sizeof(struct xt_imq_info)),
++ .userspacesize = XT_ALIGN(sizeof(struct xt_imq_info)),
++ .help = IMQ_help,
++ .init = IMQ_init,
++ .parse = IMQ_parse,
++ .print = IMQ_print,
++ .save = IMQ_save,
++ .extra_opts = IMQ_opts,
++};
++
++// void __attribute((constructor)) nf_ext_init(void){
++void _init(void){
++ xtables_register_target(&imq_target);
++ xtables_register_target(&imq_target6);
++}
+--- iptables-1.4.1.1/include/linux/netfilter/xt_IMQ.h 1970-01-01 02:00:00.000000000 +0200
++++ iptables-1.4.1.1.new/include/linux/netfilter/xt_IMQ.h 2008-08-05 00:41:28.000000000 +0300
+@@ -0,0 +1,9 @@
++#ifndef _XT_IMQ_H
++#define _XT_IMQ_H
++
++struct xt_imq_info {
++ unsigned int todev; /* target imq device */
++};
++
++#endif /* _XT_IMQ_H */
++
--- /dev/null
+diff -Naur iptables-1.4.6.org/extensions/.ipp2p-test iptables-1.4.6/extensions/.ipp2p-test
+--- iptables-1.4.6.org/extensions/.ipp2p-test 1970-01-01 01:00:00.000000000 +0100
++++ iptables-1.4.6/extensions/.ipp2p-test 2010-02-13 20:02:52.000000000 +0100
+@@ -0,0 +1,2 @@
++#! /bin/sh
++[ -f $KERNEL_DIR/include/linux/netfilter_ipv4/ipt_ipp2p.h ] && echo ipp2p
+diff -Naur iptables-1.4.6.org/extensions/libipt_ipp2p.c iptables-1.4.6/extensions/libipt_ipp2p.c
+--- iptables-1.4.6.org/extensions/libipt_ipp2p.c 1970-01-01 01:00:00.000000000 +0100
++++ iptables-1.4.6/extensions/libipt_ipp2p.c 2010-02-13 20:02:52.000000000 +0100
+@@ -0,0 +1,424 @@
++#include <stdio.h>
++#include <netdb.h>
++#include <string.h>
++#include <stdlib.h>
++#include <getopt.h>
++#include <ctype.h>
++
++#include <iptables.h>
++
++#include <linux/netfilter_ipv4/ipt_ipp2p.h>
++
++#ifndef XTABLES_VERSION
++#define XTABLES_VERSION IPTABLES_VERSION
++#endif
++
++#ifdef IPT_LIB_DIR
++#define xtables_target iptables_target
++#define xtables_register_target register_target
++#endif
++
++static void
++help(void)
++{
++ printf(
++ "IPP2P v%s options:\n"
++ " --ipp2p Grab all known p2p packets\n"
++ " --edk [TCP&UDP] All known eDonkey/eMule/Overnet packets\n"
++ " --dc [TCP] All known Direct Connect packets\n"
++ " --kazaa [TCP&UDP] All known KaZaA packets\n"
++ " --gnu [TCP&UDP] All known Gnutella packets\n"
++ " --bit [TCP&UDP] All known BitTorrent packets\n"
++ " --apple [TCP] All known AppleJuice packets\n"
++ " --winmx [TCP] All known WinMX\n"
++ " --soul [TCP] All known SoulSeek\n"
++ " --ares [TCP] All known Ares\n\n"
++ " EXPERIMENTAL protocols (please send feedback to: ipp2p@ipp2p.org) :\n"
++ " --mute [TCP] All known Mute packets\n"
++ " --waste [TCP] All known Waste packets\n"
++ " --xdcc [TCP] All known XDCC packets (only xdcc login)\n\n"
++ " DEBUG SUPPPORT, use only if you know why\n"
++ " --debug Generate kernel debug output, THIS WILL SLOW DOWN THE FILTER\n"
++ "\nNote that the follwing options will have the same meaning:\n"
++ " '--ipp2p' is equal to '--edk --dc --kazaa --gnu --bit --apple --winmx --soul --ares'\n"
++ "\nIPP2P was intended for TCP only. Due to increasing usage of UDP we needed to change this.\n"
++ "You can now use -p udp to search UDP packets only or without -p switch to search UDP and TCP packets.\n"
++ "\nSee README included with this package for more details or visit http://www.ipp2p.org\n"
++ "\nExamples:\n"
++ " iptables -A FORWARD -m ipp2p --ipp2p -j MARK --set-mark 0x01\n"
++ " iptables -A FORWARD -p udp -m ipp2p --kazaa --bit -j DROP\n"
++ " iptables -A FORWARD -p tcp -m ipp2p --edk --soul -j DROP\n\n"
++ , IPP2P_VERSION);
++}
++
++static struct option opts[] = {
++ { "ipp2p", 0, 0, '1' },
++ { "edk", 0, 0, '2' },
++ { "dc", 0, 0, '7' },
++ { "gnu", 0, 0, '9' },
++ { "kazaa", 0, 0, 'a' },
++ { "bit", 0, 0, 'b' },
++ { "apple", 0, 0, 'c' },
++ { "soul", 0, 0, 'd' },
++ { "winmx", 0, 0, 'e' },
++ { "ares", 0, 0, 'f' },
++ { "mute", 0, 0, 'g' },
++ { "waste", 0, 0, 'h' },
++ { "xdcc", 0, 0, 'i' },
++ { "debug", 0, 0, 'j' },
++ {0}
++};
++
++
++static void
++#ifdef _XTABLES_H
++init(struct xt_entry_match *m)
++#else
++init(struct ipt_entry_match *t, unsigned int *nfcache)
++#endif
++{
++ struct ipt_p2p_info *info = (struct ipt_p2p_info *)m->data;
++
++#ifndef _XTABLES_H
++ *nfcache |= NFC_UNKNOWN;
++#endif
++
++ /*init the module with default values*/
++ info->cmd = 0;
++ info->debug = 0;
++
++}
++
++
++static int
++parse(int c, char **argv, int invert, unsigned int *flags,
++#ifdef _XTABLES_H
++ const void *entry, struct xt_entry_match **match)
++#else
++ const struct ipt_entry *entry, unsigned int *nfcache, struct ipt_entry_match **match)
++#endif
++{
++ struct ipt_p2p_info *info = (struct ipt_p2p_info *)(*match)->data;
++
++ switch (c) {
++ case '1': /*cmd: ipp2p*/
++ if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P)
++ exit_error(PARAMETER_PROBLEM,
++ "ipp2p: `--ipp2p' may only be "
++ "specified once!");
++
++/* if ((*flags & SHORT_HAND_DATA) == SHORT_HAND_DATA)
++ exit_error(PARAMETER_PROBLEM,
++ "ipp2p: `--ipp2p-data' may only be "
++ "specified alone!");
++*/
++
++ if ((*flags) != 0)
++ exit_error(PARAMETER_PROBLEM,
++ "ipp2p: `--ipp2p' may only be "
++ "specified alone!");
++ if (invert) exit_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!");
++ *flags += SHORT_HAND_IPP2P;
++ info->cmd = *flags;
++ break;
++
++ case '2': /*cmd: edk*/
++ if ((*flags & IPP2P_EDK) == IPP2P_EDK)
++ exit_error(PARAMETER_PROBLEM,
++ "ipp2p: `--edk' may only be "
++ "specified once");
++ if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P)
++ exit_error(PARAMETER_PROBLEM,
++ "ipp2p: `--ipp2p' may only be "
++ "specified alone!");
++/* if ((*flags & SHORT_HAND_DATA) == SHORT_HAND_DATA)
++ exit_error(PARAMETER_PROBLEM,
++ "ipp2p: `--ipp2p-data' may only be "
++ "specified alone!");*/
++ if ((*flags & IPP2P_DATA_EDK) == IPP2P_DATA_EDK)
++ exit_error(PARAMETER_PROBLEM,
++ "ipp2p: use `--edk' OR `--edk-data' but not both of them!");
++ if (invert) exit_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!");
++ *flags += IPP2P_EDK;
++ info->cmd = *flags;
++ break;
++
++
++ case '7': /*cmd: dc*/
++ if ((*flags & IPP2P_DC) == IPP2P_DC)
++ exit_error(PARAMETER_PROBLEM,
++ "ipp2p: `--dc' may only be "
++ "specified once!");
++ if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P)
++ exit_error(PARAMETER_PROBLEM,
++ "ipp2p: `--ipp2p' may only be "
++ "specified alone!");
++/* if ((*flags & SHORT_HAND_DATA) == SHORT_HAND_DATA)
++ exit_error(PARAMETER_PROBLEM,
++ "ipp2p: `--ipp2p-data' may only be "
++ "specified alone!");*/
++ if ((*flags & IPP2P_DATA_DC) == IPP2P_DATA_DC)
++ exit_error(PARAMETER_PROBLEM,
++ "ipp2p: use `--dc' OR `--dc-data' but not both of them!");
++ if (invert) exit_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!");
++ *flags += IPP2P_DC;
++ info->cmd = *flags;
++ break;
++
++
++ case '9': /*cmd: gnu*/
++ if ((*flags & IPP2P_GNU) == IPP2P_GNU)
++ exit_error(PARAMETER_PROBLEM,
++ "ipp2p: `--gnu' may only be "
++ "specified once!");
++/* if ((*flags & SHORT_HAND_DATA) == SHORT_HAND_DATA)
++ exit_error(PARAMETER_PROBLEM,
++ "ipp2p: `--ipp2p-data' may only be "
++ "specified alone!");*/
++ if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P)
++ exit_error(PARAMETER_PROBLEM,
++ "ipp2p: `--ipp2p' may only be "
++ "specified alone!");
++ if ((*flags & IPP2P_DATA_GNU) == IPP2P_DATA_GNU)
++ exit_error(PARAMETER_PROBLEM,
++ "ipp2p: use `--gnu' OR `--gnu-data' but not both of them!");
++ if (invert) exit_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!");
++ *flags += IPP2P_GNU;
++ info->cmd = *flags;
++ break;
++
++ case 'a': /*cmd: kazaa*/
++ if ((*flags & IPP2P_KAZAA) == IPP2P_KAZAA)
++ exit_error(PARAMETER_PROBLEM,
++ "ipp2p: `--kazaa' may only be "
++ "specified once!");
++/* if ((*flags & SHORT_HAND_DATA) == SHORT_HAND_DATA)
++ exit_error(PARAMETER_PROBLEM,
++ "ipp2p: `--ipp2p-data' may only be "
++ "specified alone!");*/
++ if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P)
++ exit_error(PARAMETER_PROBLEM,
++ "ipp2p: `--ipp2p' may only be "
++ "specified alone!");
++ if ((*flags & IPP2P_DATA_KAZAA) == IPP2P_DATA_KAZAA)
++ exit_error(PARAMETER_PROBLEM,
++ "ipp2p: use `--kazaa' OR `--kazaa-data' but not both of them!");
++ if (invert) exit_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!");
++ *flags += IPP2P_KAZAA;
++ info->cmd = *flags;
++ break;
++
++ case 'b': /*cmd: bit*/
++ if ((*flags & IPP2P_BIT) == IPP2P_BIT)
++ exit_error(PARAMETER_PROBLEM,
++ "ipp2p: `--bit' may only be "
++ "specified once!");
++ if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P)
++ exit_error(PARAMETER_PROBLEM,
++ "ipp2p: `--ipp2p' may only be "
++ "specified alone!");
++ if (invert) exit_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!");
++ *flags += IPP2P_BIT;
++ info->cmd = *flags;
++ break;
++
++ case 'c': /*cmd: apple*/
++ if ((*flags & IPP2P_APPLE) == IPP2P_APPLE)
++ exit_error(PARAMETER_PROBLEM,
++ "ipp2p: `--apple' may only be "
++ "specified once!");
++ if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P)
++ exit_error(PARAMETER_PROBLEM,
++ "ipp2p: `--ipp2p' may only be "
++ "specified alone!");
++ if (invert) exit_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!");
++ *flags += IPP2P_APPLE;
++ info->cmd = *flags;
++ break;
++
++
++ case 'd': /*cmd: soul*/
++ if ((*flags & IPP2P_SOUL) == IPP2P_SOUL)
++ exit_error(PARAMETER_PROBLEM,
++ "ipp2p: `--soul' may only be "
++ "specified once!");
++ if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P)
++ exit_error(PARAMETER_PROBLEM,
++ "ipp2p: `--ipp2p' may only be "
++ "specified alone!");
++ if (invert) exit_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!");
++ *flags += IPP2P_SOUL;
++ info->cmd = *flags;
++ break;
++
++
++ case 'e': /*cmd: winmx*/
++ if ((*flags & IPP2P_WINMX) == IPP2P_WINMX)
++ exit_error(PARAMETER_PROBLEM,
++ "ipp2p: `--winmx' may only be "
++ "specified once!");
++ if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P)
++ exit_error(PARAMETER_PROBLEM,
++ "ipp2p: `--ipp2p' may only be "
++ "specified alone!");
++ if (invert) exit_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!");
++ *flags += IPP2P_WINMX;
++ info->cmd = *flags;
++ break;
++
++ case 'f': /*cmd: ares*/
++ if ((*flags & IPP2P_ARES) == IPP2P_ARES)
++ exit_error(PARAMETER_PROBLEM,
++ "ipp2p: `--ares' may only be "
++ "specified once!");
++ if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P)
++ exit_error(PARAMETER_PROBLEM,
++ "ipp2p: `--ipp2p' may only be "
++ "specified alone!");
++ if (invert) exit_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!");
++ *flags += IPP2P_ARES;
++ info->cmd = *flags;
++ break;
++
++ case 'g': /*cmd: mute*/
++ if ((*flags & IPP2P_MUTE) == IPP2P_MUTE)
++ exit_error(PARAMETER_PROBLEM,
++ "ipp2p: `--mute' may only be "
++ "specified once!");
++ if (invert) exit_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!");
++ *flags += IPP2P_MUTE;
++ info->cmd = *flags;
++ break;
++ case 'h': /*cmd: waste*/
++ if ((*flags & IPP2P_WASTE) == IPP2P_WASTE)
++ exit_error(PARAMETER_PROBLEM,
++ "ipp2p: `--waste' may only be "
++ "specified once!");
++ if (invert) exit_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!");
++ *flags += IPP2P_WASTE;
++ info->cmd = *flags;
++ break;
++ case 'i': /*cmd: xdcc*/
++ if ((*flags & IPP2P_XDCC) == IPP2P_XDCC)
++ exit_error(PARAMETER_PROBLEM,
++ "ipp2p: `--ares' may only be "
++ "specified once!");
++ if (invert) exit_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!");
++ *flags += IPP2P_XDCC;
++ info->cmd = *flags;
++ break;
++
++ case 'j': /*cmd: debug*/
++ if (invert) exit_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!");
++ info->debug = 1;
++ break;
++
++ default:
++// exit_error(PARAMETER_PROBLEM,
++// "\nipp2p-parameter problem: for ipp2p usage type: iptables -m ipp2p --help\n");
++ return 0;
++ }
++ return 1;
++}
++
++
++static void
++final_check(unsigned int flags)
++{
++ if (!flags)
++ exit_error(PARAMETER_PROBLEM,
++ "\nipp2p-parameter problem: for ipp2p usage type: iptables -m ipp2p --help\n");
++}
++
++static void
++#ifdef _XTABLES_H
++print(const void *ip,
++ const struct xt_entry_match *match,
++#else
++print(const struct ipt_ip *ip,
++ const struct ipt_entry_match *match,
++#endif
++ int numeric)
++{
++ struct ipt_p2p_info *info = (struct ipt_p2p_info *)match->data;
++
++ printf("ipp2p v%s", IPP2P_VERSION);
++ if ((info->cmd & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P) printf(" --ipp2p");
++// if ((info->cmd & SHORT_HAND_DATA) == SHORT_HAND_DATA) printf(" --ipp2p-data");
++ if ((info->cmd & IPP2P_KAZAA) == IPP2P_KAZAA) printf(" --kazaa");
++// if ((info->cmd & IPP2P_DATA_KAZAA) == IPP2P_DATA_KAZAA) printf(" --kazaa-data");
++// if ((info->cmd & IPP2P_DATA_GNU) == IPP2P_DATA_GNU) printf(" --gnu-data");
++ if ((info->cmd & IPP2P_GNU) == IPP2P_GNU) printf(" --gnu");
++ if ((info->cmd & IPP2P_EDK) == IPP2P_EDK) printf(" --edk");
++// if ((info->cmd & IPP2P_DATA_EDK) == IPP2P_DATA_EDK) printf(" --edk-data");
++// if ((info->cmd & IPP2P_DATA_DC) == IPP2P_DATA_DC) printf(" --dc-data");
++ if ((info->cmd & IPP2P_DC) == IPP2P_DC) printf(" --dc");
++ if ((info->cmd & IPP2P_BIT) == IPP2P_BIT) printf(" --bit");
++ if ((info->cmd & IPP2P_APPLE) == IPP2P_APPLE) printf(" --apple");
++ if ((info->cmd & IPP2P_SOUL) == IPP2P_SOUL) printf(" --soul");
++ if ((info->cmd & IPP2P_WINMX) == IPP2P_WINMX) printf(" --winmx");
++ if ((info->cmd & IPP2P_ARES) == IPP2P_ARES) printf(" --ares");
++ if ((info->cmd & IPP2P_MUTE) == IPP2P_MUTE) printf(" --mute");
++ if ((info->cmd & IPP2P_WASTE) == IPP2P_WASTE) printf(" --waste");
++ if ((info->cmd & IPP2P_XDCC) == IPP2P_XDCC) printf(" --xdcc");
++ if (info->debug != 0) printf(" --debug");
++ printf(" ");
++}
++
++static void
++#ifdef _XTABLES_H
++save(const void *ip,
++ const struct xt_entry_match *match)
++#else
++save(const struct ipt_ip *ip,
++ const struct ipt_entry_match *match)
++#endif
++{
++ struct ipt_p2p_info *info = (struct ipt_p2p_info *)match->data;
++
++ if ((info->cmd & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P) printf("--ipp2p ");
++// if ((info->cmd & SHORT_HAND_DATA) == SHORT_HAND_DATA) printf("--ipp2p-data ");
++ if ((info->cmd & IPP2P_KAZAA) == IPP2P_KAZAA) printf("--kazaa ");
++// if ((info->cmd & IPP2P_DATA_KAZAA) == IPP2P_DATA_KAZAA) printf("--kazaa-data ");
++// if ((info->cmd & IPP2P_DATA_GNU) == IPP2P_DATA_GNU) printf("--gnu-data ");
++ if ((info->cmd & IPP2P_GNU) == IPP2P_GNU) printf("--gnu ");
++ if ((info->cmd & IPP2P_EDK) == IPP2P_EDK) printf("--edk ");
++// if ((info->cmd & IPP2P_DATA_EDK) == IPP2P_DATA_EDK) printf("--edk-data ");
++// if ((info->cmd & IPP2P_DATA_DC) == IPP2P_DATA_DC) printf("--dc-data ");
++ if ((info->cmd & IPP2P_DC) == IPP2P_DC) printf("--dc ");
++ if ((info->cmd & IPP2P_BIT) == IPP2P_BIT) printf("--bit ");
++ if ((info->cmd & IPP2P_APPLE) == IPP2P_APPLE) printf("--apple ");
++ if ((info->cmd & IPP2P_SOUL) == IPP2P_SOUL) printf("--soul ");
++ if ((info->cmd & IPP2P_WINMX) == IPP2P_WINMX) printf("--winmx ");
++ if ((info->cmd & IPP2P_ARES) == IPP2P_ARES) printf("--ares ");
++ if ((info->cmd & IPP2P_MUTE) == IPP2P_MUTE) printf(" --mute");
++ if ((info->cmd & IPP2P_WASTE) == IPP2P_WASTE) printf(" --waste");
++ if ((info->cmd & IPP2P_XDCC) == IPP2P_XDCC) printf(" --xdcc");
++ if (info->debug != 0) printf("--debug ");
++}
++
++
++static
++struct xtables_match ipp2p=
++{
++ .next = NULL,
++ .name = "ipp2p",
++ .version = XTABLES_VERSION,
++ .size = IPT_ALIGN(sizeof(struct ipt_p2p_info)),
++ .userspacesize = IPT_ALIGN(sizeof(struct ipt_p2p_info)),
++ .help = &help,
++ .init = &init,
++ .parse = &parse,
++ .final_check = &final_check,
++ .print = &print,
++ .save = &save,
++ .extra_opts = opts
++};
++
++
++
++void _init(void)
++{
++ xtables_register_match(&ipp2p);
++}
++
+diff -Naur iptables-1.4.6.org/extensions/libipt_ipp2p.man iptables-1.4.6/extensions/libipt_ipp2p.man
+--- iptables-1.4.6.org/extensions/libipt_ipp2p.man 1970-01-01 01:00:00.000000000 +0100
++++ iptables-1.4.6/extensions/libipt_ipp2p.man 2010-02-13 20:02:52.000000000 +0100
+@@ -0,0 +1,43 @@
++This module matches certain packets in P2P flows. It is not
++designed to match all packets belonging to a P2P connection -
++use IPP2P together with CONNMARK for this purpose. Also visit
++http://www.ipp2p.org for detailed information.
++
++Use it together with -p tcp or -p udp to search these protocols
++only or without -p switch to search packets of both protocols.
++
++IPP2P provides the following options:
++.TP
++.B "--edk "
++Matches as many eDonkey/eMule packets as possible.
++.TP
++.B "--kazaa "
++Matches as many KaZaA packets as possible.
++.TP
++.B "--gnu "
++Matches as many Gnutella packets as possible.
++.TP
++.B "--dc "
++Matches as many Direct Connect packets as possible.
++.TP
++.B "--bit "
++Matches BitTorrent packets.
++.TP
++.B "--apple "
++Matches AppleJuice packets.
++.TP
++.B "--soul "
++Matches some SoulSeek packets. Considered as beta, use careful!
++.TP
++.B "--winmx "
++Matches some WinMX packets. Considered as beta, use careful!
++.TP
++.B "--ares "
++Matches Ares and AresLite packets. Use together with -j DROP only.
++.TP
++.B "--ipp2p "
++Short hand for: --edk --kazaa --gnu --dc
++.TP
++.B "--debug "
++Prints some information about each hit into kernel logfile. May
++produce huge logfiles so beware!