[IPFire-SCM] [git.ipfire.org] IPFire 2.x development tree branch, kernel-update, updated. df1374700091096fcf75a2560e4894e9a8752e8b - IPFire-SCM

29 Jul 2012

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, kernel-update has been updated
       via  df1374700091096fcf75a2560e4894e9a8752e8b (commit)
       via  8e57f223289aeb8cf2eae3246cbd2dbf6ef29a12 (commit)
      from  50b5d7ce0bc813a35d3daaba150a87c1ae990faa (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit df1374700091096fcf75a2560e4894e9a8752e8b
Author: Arne Fitzenreiter arne_f@ipfire.org
Date:   Sun Jul 29 16:28:12 2012 +0200
iptables: update to 1.4.14.
commit 8e57f223289aeb8cf2eae3246cbd2dbf6ef29a12
Author: Arne Fitzenreiter arne_f@ipfire.org
Date:   Sun Jul 29 16:24:05 2012 +0200
miniupnpd: fix for build with newer iptables.
IPT_ALIGN is replaces by XT_ALIGN since iptables 1.4
    and the compatiblity macro is removed in 1.4.14.
-----------------------------------------------------------------------
Summary of changes:
 config/rootfiles/common/iptables                   |  116 ++++---------
 lfs/iptables                                       |   10 +-
 lfs/miniupnpd                                      |    5 +-
 ..._test1.patch => iptables-1.4.12-IMQ-test4.diff} |   47 ++++--
 ...ch => iptables-1.4.14-ipp2p-0.8.2-ipfire.patch} |    4 +-
 src/patches/iptables-1.4.6-errorno_includes.patch  |  170 --------------------
 src/patches/miniupnpd-1.4_use_XT_ALIGN.patch       |   47 ++++++
 7 files changed, 124 insertions(+), 275 deletions(-)
 rename src/patches/{iptables-1.4.6-imq_test1.patch => iptables-1.4.12-IMQ-test4.diff} (60%)
 rename src/patches/{iptables-1.4.6-ipp2p-0.8.2-pomng.patch => iptables-1.4.14-ipp2p-0.8.2-ipfire.patch} (99%)
 delete mode 100644 src/patches/iptables-1.4.6-errorno_includes.patch
 create mode 100644 src/patches/miniupnpd-1.4_use_XT_ALIGN.patch
Difference in files:

diff --git a/config/rootfiles/common/iptables b/config/rootfiles/common/iptables
index 8e1a6e4..e958a93 100644
--- a/config/rootfiles/common/iptables
+++ b/config/rootfiles/common/iptables
@@ -1,21 +1,27 @@
 #lib/libip4tc.la
 lib/libip4tc.so
 lib/libip4tc.so.0
-lib/libip4tc.so.0.0.0
+lib/libip4tc.so.0.1.0
 #lib/libip6tc.la
 lib/libip6tc.so
 lib/libip6tc.so.0
-lib/libip6tc.so.0.0.0
-#lib/libipq.a
+lib/libip6tc.so.0.1.0
+#lib/libipq.la
+lib/libipq.so
+lib/libipq.so.0
+lib/libipq.so.0.0.0
 #lib/libiptc.la
 lib/libiptc.so
 lib/libiptc.so.0
 lib/libiptc.so.0.0.0
 #lib/libxtables.la
 lib/libxtables.so
-lib/libxtables.so.4
-lib/libxtables.so.4.0.0
+lib/libxtables.so.7
+lib/libxtables.so.7.0.0
 #lib/pkgconfig
+#lib/pkgconfig/libip4tc.pc
+#lib/pkgconfig/libip6tc.pc
+#lib/pkgconfig/libipq.pc
 #lib/pkgconfig/libiptc.pc
 #lib/pkgconfig/xtables.pc
 lib/xtables
@@ -42,52 +48,62 @@ lib/xtables
 #lib/xtables/libipt_REDIRECT.so
 #lib/xtables/libipt_REJECT.so
 #lib/xtables/libipt_SAME.so
-#lib/xtables/libipt_SET.so
 #lib/xtables/libipt_SNAT.so
 #lib/xtables/libipt_TTL.so
 #lib/xtables/libipt_ULOG.so
-#lib/xtables/libipt_addrtype.so
 #lib/xtables/libipt_ah.so
-#lib/xtables/libipt_ecn.so
 #lib/xtables/libipt_icmp.so
 #lib/xtables/libipt_ipp2p.so
 #lib/xtables/libipt_realm.so
-#lib/xtables/libipt_set.so
 #lib/xtables/libipt_ttl.so
 #lib/xtables/libipt_unclean.so
+#lib/xtables/libxt_AUDIT.so
+#lib/xtables/libxt_CHECKSUM.so
 #lib/xtables/libxt_CLASSIFY.so
 #lib/xtables/libxt_CONNMARK.so
 #lib/xtables/libxt_CONNSECMARK.so
+#lib/xtables/libxt_CT.so
 #lib/xtables/libxt_DSCP.so
+#lib/xtables/libxt_IDLETIMER.so
 #lib/xtables/libxt_IMQ.so
+#lib/xtables/libxt_LED.so
 #lib/xtables/libxt_MARK.so
 #lib/xtables/libxt_NFLOG.so
 #lib/xtables/libxt_NFQUEUE.so
 #lib/xtables/libxt_NOTRACK.so
 #lib/xtables/libxt_RATEEST.so
 #lib/xtables/libxt_SECMARK.so
+#lib/xtables/libxt_SET.so
 #lib/xtables/libxt_TCPMSS.so
 #lib/xtables/libxt_TCPOPTSTRIP.so
+#lib/xtables/libxt_TEE.so
 #lib/xtables/libxt_TOS.so
 #lib/xtables/libxt_TPROXY.so
 #lib/xtables/libxt_TRACE.so
+#lib/xtables/libxt_addrtype.so
 #lib/xtables/libxt_cluster.so
 #lib/xtables/libxt_comment.so
 #lib/xtables/libxt_connbytes.so
 #lib/xtables/libxt_connlimit.so
 #lib/xtables/libxt_connmark.so
 #lib/xtables/libxt_conntrack.so
+#lib/xtables/libxt_cpu.so
+#lib/xtables/libxt_dccp.so
+#lib/xtables/libxt_devgroup.so
 #lib/xtables/libxt_dscp.so
+#lib/xtables/libxt_ecn.so
 #lib/xtables/libxt_esp.so
 #lib/xtables/libxt_hashlimit.so
 #lib/xtables/libxt_helper.so
 #lib/xtables/libxt_iprange.so
+#lib/xtables/libxt_ipvs.so
 #lib/xtables/libxt_layer7.so
 #lib/xtables/libxt_length.so
 #lib/xtables/libxt_limit.so
 #lib/xtables/libxt_mac.so
 #lib/xtables/libxt_mark.so
 #lib/xtables/libxt_multiport.so
+#lib/xtables/libxt_nfacct.so
 #lib/xtables/libxt_osf.so
 #lib/xtables/libxt_owner.so
 #lib/xtables/libxt_physdev.so
@@ -96,7 +112,9 @@ lib/xtables
 #lib/xtables/libxt_quota.so
 #lib/xtables/libxt_rateest.so
 #lib/xtables/libxt_recent.so
+#lib/xtables/libxt_rpfilter.so
 #lib/xtables/libxt_sctp.so
+#lib/xtables/libxt_set.so
 #lib/xtables/libxt_socket.so
 #lib/xtables/libxt_standard.so
 #lib/xtables/libxt_state.so
@@ -108,18 +126,14 @@ lib/xtables
 #lib/xtables/libxt_tos.so
 #lib/xtables/libxt_u32.so
 #lib/xtables/libxt_udp.so
-#sbin/ip6tables
-#sbin/ip6tables-multi
-#sbin/ip6tables-restore
-#sbin/ip6tables-save
+sbin/ip6tables
+sbin/ip6tables-restore
+sbin/ip6tables-save
 sbin/iptables
-sbin/iptables-multi
-#sbin/iptables-restore
-#sbin/iptables-save
-#sbin/iptables-xml
-#usr/include/asm-generic
-#usr/include/asm-generic/errno-base.h
-#usr/include/asm-generic/errno.h
+sbin/iptables-restore
+sbin/iptables-save
+sbin/iptables-xml
+sbin/xtables-multi
 #usr/include/iptables
 #usr/include/iptables.h
 #usr/include/iptables/internal.h
@@ -129,6 +143,7 @@ sbin/iptables-multi
 #usr/include/libiptc/libip6tc.h
 #usr/include/libiptc/libiptc.h
 #usr/include/libiptc/libxtc.h
+#usr/include/libiptc/xtcshared.h
 #usr/include/libipulog
 #usr/include/libipulog/libipulog.h
 #usr/include/libnetfilter_queue
@@ -139,12 +154,9 @@ sbin/iptables-multi
 #usr/include/libnfnetlink/libnfnetlink.h
 #usr/include/libnfnetlink/linux_nfnetlink.h
 #usr/include/libnfnetlink/linux_nfnetlink_compat.h
-#usr/include/linux/netfilter
 #usr/include/linux/netfilter/Kbuild
 #usr/include/linux/netfilter/nf_conntrack_amanda.h
-#usr/include/linux/netfilter/nf_conntrack_common.h
 #usr/include/linux/netfilter/nf_conntrack_dccp.h
-#usr/include/linux/netfilter/nf_conntrack_ftp.h
 #usr/include/linux/netfilter/nf_conntrack_h323.h
 #usr/include/linux/netfilter/nf_conntrack_h323_asn1.h
 #usr/include/linux/netfilter/nf_conntrack_h323_types.h
@@ -152,67 +164,11 @@ sbin/iptables-multi
 #usr/include/linux/netfilter/nf_conntrack_pptp.h
 #usr/include/linux/netfilter/nf_conntrack_proto_gre.h
 #usr/include/linux/netfilter/nf_conntrack_sane.h
-#usr/include/linux/netfilter/nf_conntrack_sctp.h
 #usr/include/linux/netfilter/nf_conntrack_sip.h
-#usr/include/linux/netfilter/nf_conntrack_tcp.h
 #usr/include/linux/netfilter/nf_conntrack_tftp.h
-#usr/include/linux/netfilter/nf_conntrack_tuple_common.h
-#usr/include/linux/netfilter/nfnetlink.h
-#usr/include/linux/netfilter/nfnetlink_compat.h
-#usr/include/linux/netfilter/nfnetlink_conntrack.h
-#usr/include/linux/netfilter/nfnetlink_log.h
-#usr/include/linux/netfilter/nfnetlink_queue.h
-#usr/include/linux/netfilter/x_tables.h
-#usr/include/linux/netfilter/xt_CLASSIFY.h
-#usr/include/linux/netfilter/xt_CONNMARK.h
-#usr/include/linux/netfilter/xt_CONNSECMARK.h
-#usr/include/linux/netfilter/xt_DSCP.h
 #usr/include/linux/netfilter/xt_IMQ.h
-#usr/include/linux/netfilter/xt_LED.h
-#usr/include/linux/netfilter/xt_MARK.h
-#usr/include/linux/netfilter/xt_NFLOG.h
-#usr/include/linux/netfilter/xt_NFQUEUE.h
-#usr/include/linux/netfilter/xt_RATEEST.h
-#usr/include/linux/netfilter/xt_SECMARK.h
-#usr/include/linux/netfilter/xt_TCPMSS.h
-#usr/include/linux/netfilter/xt_TCPOPTSTRIP.h
-#usr/include/linux/netfilter/xt_TPROXY.h
-#usr/include/linux/netfilter/xt_cluster.h
-#usr/include/linux/netfilter/xt_comment.h
-#usr/include/linux/netfilter/xt_connbytes.h
-#usr/include/linux/netfilter/xt_connlimit.h
-#usr/include/linux/netfilter/xt_connmark.h
-#usr/include/linux/netfilter/xt_conntrack.h
-#usr/include/linux/netfilter/xt_dccp.h
-#usr/include/linux/netfilter/xt_dscp.h
-#usr/include/linux/netfilter/xt_esp.h
-#usr/include/linux/netfilter/xt_hashlimit.h
-#usr/include/linux/netfilter/xt_helper.h
-#usr/include/linux/netfilter/xt_iprange.h
 #usr/include/linux/netfilter/xt_layer7.h
-#usr/include/linux/netfilter/xt_length.h
-#usr/include/linux/netfilter/xt_limit.h
-#usr/include/linux/netfilter/xt_mac.h
-#usr/include/linux/netfilter/xt_mark.h
-#usr/include/linux/netfilter/xt_multiport.h
-#usr/include/linux/netfilter/xt_osf.h
-#usr/include/linux/netfilter/xt_owner.h
-#usr/include/linux/netfilter/xt_physdev.h
-#usr/include/linux/netfilter/xt_pkttype.h
-#usr/include/linux/netfilter/xt_policy.h
-#usr/include/linux/netfilter/xt_quota.h
-#usr/include/linux/netfilter/xt_rateest.h
-#usr/include/linux/netfilter/xt_realm.h
-#usr/include/linux/netfilter/xt_recent.h
-#usr/include/linux/netfilter/xt_sctp.h
 #usr/include/linux/netfilter/xt_socket.h
-#usr/include/linux/netfilter/xt_state.h
-#usr/include/linux/netfilter/xt_statistic.h
-#usr/include/linux/netfilter/xt_string.h
-#usr/include/linux/netfilter/xt_tcpmss.h
-#usr/include/linux/netfilter/xt_tcpudp.h
-#usr/include/linux/netfilter/xt_time.h
-#usr/include/linux/netfilter/xt_u32.h
 #usr/include/net/netfilter
 #usr/include/net/netfilter/nf_conntrack_tuple.h
 #usr/include/net/netfilter/nf_nat.h
@@ -234,6 +190,7 @@ usr/lib/libnfnetlink.so.0
 usr/lib/libnfnetlink.so.0.2.0
 #usr/lib/pkgconfig/libnetfilter_queue.pc
 #usr/lib/pkgconfig/libnfnetlink.pc
+#usr/share/man/man1/iptables-xml.1
 #usr/share/man/man3/ipq_create_handle.3
 #usr/share/man/man3/ipq_destroy_handle.3
 #usr/share/man/man3/ipq_errstr.3
@@ -250,5 +207,4 @@ usr/lib/libnfnetlink.so.0.2.0
 #usr/share/man/man8/ip6tables.8
 #usr/share/man/man8/iptables-restore.8
 #usr/share/man/man8/iptables-save.8
-#usr/share/man/man8/iptables-xml.8
 #usr/share/man/man8/iptables.8
diff --git a/lfs/iptables b/lfs/iptables
index 6d36990..33a00e4 100644
--- a/lfs/iptables
+++ b/lfs/iptables
@@ -24,7 +24,7 @@
include Config
-VER        = 1.4.6
+VER        = 1.4.14
THISAPP    = iptables-$(VER)
 DL_FILE    = $(THISAPP).tar.bz2
@@ -45,7 +45,7 @@ netfilter-layer7-v2.22.tar.gz 		= $(URL_IPFIRE)/netfilter-layer7-v2.22.tar.gz
 libnfnetlink-1.0.0.tar.bz2		= $(URL_IPFIRE)/libnfnetlink-1.0.0.tar.bz2
 libnetfilter_queue-0.0.17.tar.bz2	= $(URL_IPFIRE)/libnetfilter_queue-0.0.17.tar.bz2
-$(DL_FILE)_MD5 = c67cf30e281a924def6426be0973df56
+$(DL_FILE)_MD5 = 5ab24ad683f76689cfe7e0c73f44855d
 netfilter-layer7-v2.22.tar.gz_MD5 = 98dff8a3d5a31885b73341633f69501f
 libnfnetlink-1.0.0.tar.bz2_MD5 = 016fdec8389242615024c529acc1adb8
 libnetfilter_queue-0.0.17.tar.bz2_MD5 = 2cde35e678ead3a8f9eb896bf807a159
@@ -89,11 +89,11 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
                     ./extensions/
# ipp2p 0.8.2-pomng
-	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/iptables-1.4.6-ipp2p-0.8.2-pomng.patch
+	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/iptables-1.4.14-ipp2p-0.8.2-ipfire.patch
# imq
-	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/iptables-1.4.6-imq_test1.patch
-	chmod +x $(DIR_APP)/extensions/.IMQ-test*
+	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/iptables-1.4.12-IMQ-test4.diff
+#	chmod +x $(DIR_APP)/extensions/.IMQ-test*
cd $(DIR_APP) && ./configure  --prefix=/usr --with-ksource=/usr/src/linux \
    			    --libdir=/lib --includedir=/usr/include --enable-libipq \
diff --git a/lfs/miniupnpd b/lfs/miniupnpd
index 470fc28..c7ba937 100644
--- a/lfs/miniupnpd
+++ b/lfs/miniupnpd
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007  Michael Tremer & Christian Schmidt                      #
+# Copyright (C) 2007-2012  IPFire Team  info@ipfire.org                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -32,7 +32,7 @@ DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = miniupnpd
-PAK_VER    = 0
+PAK_VER    = 1
###############################################################################
 # Top-level Rules
@@ -76,6 +76,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
    @$(PREBUILD)
    @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
    cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/miniupnpd-iptcrdr.patch
+	cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/miniupnpd-1.4_use_XT_ALIGN.patch
    cd $(DIR_APP) && make -f Makefile.linux \
    	CFLAGS="$(CFLAGS) -DIPTABLES_143 -I/usr/src/linux/include"
diff --git a/src/patches/iptables-1.4.12-IMQ-test4.diff b/src/patches/iptables-1.4.12-IMQ-test4.diff
new file mode 100644
index 0000000..5ce17e1
--- /dev/null
+++ b/src/patches/iptables-1.4.12-IMQ-test4.diff
@@ -0,0 +1,141 @@
+diff -Naur iptables-1.4.12.1/extensions/libxt_IMQ.c iptables-1.4.12.1-imq/extensions/libxt_IMQ.c
+--- iptables-1.4.12.1/extensions/libxt_IMQ.c	1970-01-01 02:00:00.000000000 +0200
++++ iptables-1.4.12.1-imq/extensions/libxt_IMQ.c	2011-09-30 13:53:21.000000000 +0300
+@@ -0,0 +1,105 @@
++/* Shared library add-on to iptables to add IMQ target support. */
++#include <stdio.h>
++#include <string.h>
++#include <stdlib.h>
++#include <getopt.h>
++
++#include <xtables.h>
++#include <linux/netfilter/x_tables.h>
++#include <linux/netfilter/xt_IMQ.h>
++
++/* Function which prints out usage message. */
++static void IMQ_help(void)
++{
++	printf(
++"IMQ target options:\n"
++"  --todev <N>		enqueue to imq<N>, defaults to 0\n");
++
++}
++
++static struct option IMQ_opts[] = {
++	{ "todev", 1, 0, '1' },
++	{ 0 }
++};
++
++/* Initialize the target. */
++static void IMQ_init(struct xt_entry_target *t)
++{
++	struct xt_imq_info *mr = (struct xt_imq_info*)t->data;
++
++	mr->todev = 0;
++}
++
++/* Function which parses command options; returns true if it
++   ate an option */
++static int IMQ_parse(int c, char **argv, int invert, unsigned int *flags,
++      const void *entry, struct xt_entry_target **target)
++{
++	struct xt_imq_info *mr = (struct xt_imq_info*)(*target)->data;
++	
++	switch(c) {
++	case '1':
++/*		if (xtables_check_inverse(optarg, &invert, NULL, 0, argv))
++			xtables_error(PARAMETER_PROBLEM,
++				   "Unexpected `!' after --todev");
++*/
++		mr->todev=atoi(optarg);
++		break;
++
++	default:
++		return 0;
++	}
++	return 1;
++}
++
++/* Prints out the targinfo. */
++static void IMQ_print(const void *ip,
++      const struct xt_entry_target *target,
++      int numeric)
++{
++	struct xt_imq_info *mr = (struct xt_imq_info*)target->data;
++
++	printf("IMQ: todev %u ", mr->todev);
++}
++
++/* Saves the union ipt_targinfo in parsable form to stdout. */
++static void IMQ_save(const void *ip, const struct xt_entry_target *target)
++{
++	struct xt_imq_info *mr = (struct xt_imq_info*)target->data;
++
++	printf(" --todev %u", mr->todev);
++}
++
++static struct xtables_target imq_target = {
++	.name		= "IMQ",
++	.version	= XTABLES_VERSION,
++	.family		= NFPROTO_IPV4,
++	.size		= XT_ALIGN(sizeof(struct xt_imq_info)),
++	.userspacesize	= XT_ALIGN(sizeof(struct xt_imq_info)),
++	.help		= IMQ_help,
++	.init		= IMQ_init,
++	.parse		= IMQ_parse,
++	.print		= IMQ_print,
++	.save		= IMQ_save,
++	.extra_opts	= IMQ_opts,
++};
++
++static struct xtables_target imq_target6 = {
++	.name		= "IMQ",
++	.version	= XTABLES_VERSION,
++	.family		= NFPROTO_IPV6,
++	.size		= XT_ALIGN(sizeof(struct xt_imq_info)),
++	.userspacesize	= XT_ALIGN(sizeof(struct xt_imq_info)),
++	.help		= IMQ_help,
++	.init		= IMQ_init,
++	.parse		= IMQ_parse,
++	.print		= IMQ_print,
++	.save		= IMQ_save,
++	.extra_opts	= IMQ_opts,
++};
++
++// void __attribute((constructor)) nf_ext_init(void){
++void _init(void){
++	xtables_register_target(&imq_target);
++	xtables_register_target(&imq_target6);
++}
+diff -Naur iptables-1.4.12.1/extensions/libxt_IMQ.man iptables-1.4.12.1-imq/extensions/libxt_IMQ.man
+--- iptables-1.4.12.1/extensions/libxt_IMQ.man	1970-01-01 02:00:00.000000000 +0200
++++ iptables-1.4.12.1-imq/extensions/libxt_IMQ.man	2011-09-30 13:53:21.000000000 +0300
+@@ -0,0 +1,15 @@
++This target is used to redirect the traffic to the IMQ driver and you can apply
++QoS rules like HTB or CBQ.
++For example you can select only traffic comming from a specific interface or
++is going out on a specific interface.
++Also it permits to capture the traffic BEFORE NAT in the case of outgoing traffic
++or AFTER NAT in the case of incomming traffic.
++.TP
++\fB--to-dev\fP \fIvalue\fP
++Set the IMQ interface where to send this traffic
++.TP
++Example:
++.TP
++Redirect incomming traffic from interface eth0 to imq0 and outgoing traffic to imq1:
++iptables -t mangle -A FORWARD -i eth0 -j IMQ --to-dev 0
++iptables -t mangle -A FORWARD -o eth0 -j IMQ --to-dev 1
+diff -Naur iptables-1.4.12.1/include/linux/netfilter/xt_IMQ.h iptables-1.4.12.1-imq/include/linux/netfilter/xt_IMQ.h
+--- iptables-1.4.12.1/include/linux/netfilter/xt_IMQ.h	1970-01-01 02:00:00.000000000 +0200
++++ iptables-1.4.12.1-imq/include/linux/netfilter/xt_IMQ.h	2011-09-30 13:53:21.000000000 +0300
+@@ -0,0 +1,9 @@
++#ifndef _XT_IMQ_H
++#define _XT_IMQ_H
++
++struct xt_imq_info {
++	unsigned int todev;     /* target imq device */
++};
++
++#endif /* _XT_IMQ_H */
++
diff --git a/src/patches/iptables-1.4.14-ipp2p-0.8.2-ipfire.patch b/src/patches/iptables-1.4.14-ipp2p-0.8.2-ipfire.patch
new file mode 100644
index 0000000..9a11eb5
--- /dev/null
+++ b/src/patches/iptables-1.4.14-ipp2p-0.8.2-ipfire.patch
@@ -0,0 +1,481 @@
+diff -Naur iptables-1.4.6.org/extensions/.ipp2p-test iptables-1.4.6/extensions/.ipp2p-test
+--- iptables-1.4.6.org/extensions/.ipp2p-test	1970-01-01 01:00:00.000000000 +0100
++++ iptables-1.4.6/extensions/.ipp2p-test	2010-02-13 20:02:52.000000000 +0100
+@@ -0,0 +1,2 @@
++#! /bin/sh
++[ -f $KERNEL_DIR/include/linux/netfilter_ipv4/ipt_ipp2p.h ] && echo ipp2p
+diff -Naur iptables-1.4.6.org/extensions/libipt_ipp2p.c iptables-1.4.6/extensions/libipt_ipp2p.c
+--- iptables-1.4.6.org/extensions/libipt_ipp2p.c	1970-01-01 01:00:00.000000000 +0100
++++ iptables-1.4.6/extensions/libipt_ipp2p.c	2010-02-13 20:02:52.000000000 +0100
+@@ -0,0 +1,424 @@
++#include <stdio.h>
++#include <netdb.h>
++#include <string.h>
++#include <stdlib.h>
++#include <getopt.h>
++#include <ctype.h>
++
++#include <iptables.h>
++
++#include <linux/netfilter_ipv4/ipt_ipp2p.h>
++
++#ifndef XTABLES_VERSION
++#define XTABLES_VERSION IPTABLES_VERSION
++#endif
++
++#ifdef IPT_LIB_DIR
++#define xtables_target iptables_target
++#define xtables_register_target register_target
++#endif
++
++static void
++help(void)
++{
++    printf(
++    "IPP2P v%s options:\n"
++    " --ipp2p	Grab all known p2p packets\n"
++    " --edk		[TCP&UDP]	All known eDonkey/eMule/Overnet packets\n"
++    " --dc		[TCP] 		All known Direct Connect packets\n"
++    " --kazaa	[TCP&UDP] 	All known KaZaA packets\n"
++    " --gnu		[TCP&UDP]	All known Gnutella packets\n"
++    " --bit		[TCP&UDP]	All known BitTorrent packets\n"
++    " --apple	[TCP] 		All known AppleJuice packets\n"
++    " --winmx	[TCP] 		All known WinMX\n"
++    " --soul		[TCP] 		All known SoulSeek\n"
++    " --ares		[TCP] 		All known Ares\n\n"
++    " EXPERIMENTAL protocols (please send feedback to: ipp2p@ipp2p.org) :\n"
++    " --mute		[TCP]		All known Mute packets\n"
++    " --waste	[TCP]		All known Waste packets\n"
++    " --xdcc		[TCP]		All known XDCC packets (only xdcc login)\n\n"
++    " DEBUG SUPPPORT, use only if you know why\n"
++    " --debug		Generate kernel debug output, THIS WILL SLOW DOWN THE FILTER\n"
++    "\nNote that the follwing options will have the same meaning:\n"
++    " '--ipp2p' is equal to '--edk --dc --kazaa --gnu --bit --apple --winmx --soul --ares'\n"
++    "\nIPP2P was intended for TCP only. Due to increasing usage of UDP we needed to change this.\n"
++    "You can now use -p udp to search UDP packets only or without -p switch to search UDP and TCP packets.\n"
++    "\nSee README included with this package for more details or visit http://www.ipp2p.org%5Cn"
++    "\nExamples:\n"
++    " iptables -A FORWARD -m ipp2p --ipp2p -j MARK --set-mark 0x01\n"
++    " iptables -A FORWARD -p udp -m ipp2p --kazaa --bit -j DROP\n"
++    " iptables -A FORWARD -p tcp -m ipp2p --edk --soul -j DROP\n\n"
++    , IPP2P_VERSION);
++}
++
++static struct option opts[] = {
++        { "ipp2p", 0, 0, '1' },
++        { "edk", 0, 0, '2' },	
++	{ "dc", 0, 0, '7' },
++	{ "gnu", 0, 0, '9' },
++	{ "kazaa", 0, 0, 'a' },
++	{ "bit", 0, 0, 'b' },
++	{ "apple", 0, 0, 'c' },	
++	{ "soul", 0, 0, 'd' },	
++	{ "winmx", 0, 0, 'e' },	
++	{ "ares", 0, 0, 'f' },
++	{ "mute", 0, 0, 'g' },
++	{ "waste", 0, 0, 'h' },
++	{ "xdcc", 0, 0, 'i' },
++	{ "debug", 0, 0, 'j' },
++        {0}
++};
++
++
++static void
++#ifdef _XTABLES_H
++init(struct xt_entry_match *m)
++#else
++init(struct ipt_entry_match *t, unsigned int *nfcache)
++#endif
++{
++    struct ipt_p2p_info *info = (struct ipt_p2p_info *)m->data;
++
++#ifndef _XTABLES_H
++    *nfcache |= NFC_UNKNOWN;
++#endif
++
++    /*init the module with default values*/
++    info->cmd = 0;
++    info->debug = 0;
++
++}
++
++
++static int
++parse(int c, char **argv, int invert, unsigned int *flags,
++#ifdef _XTABLES_H
++      const void *entry, struct xt_entry_match **match)
++#else
++      const struct ipt_entry *entry, unsigned int *nfcache, struct ipt_entry_match **match)
++#endif
++{
++    struct ipt_p2p_info *info = (struct ipt_p2p_info *)(*match)->data;
++    
++    switch (c) {
++	case '1':		/*cmd: ipp2p*/
++	    if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P)
++		    xtables_error(PARAMETER_PROBLEM,
++				"ipp2p: `--ipp2p' may only be "
++				"specified once!");
++
++/*	    if ((*flags & SHORT_HAND_DATA) == SHORT_HAND_DATA)
++		    xtables_error(PARAMETER_PROBLEM,
++				"ipp2p: `--ipp2p-data' may only be "
++				"specified alone!");
++*/
++
++	    if ((*flags) != 0)
++		    xtables_error(PARAMETER_PROBLEM,
++				"ipp2p: `--ipp2p' may only be "
++				"specified alone!");
++	    if (invert) xtables_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!");
++	    *flags += SHORT_HAND_IPP2P;
++	    info->cmd = *flags;
++	    break;
++	    
++	case '2':		/*cmd: edk*/
++	    if ((*flags & IPP2P_EDK) == IPP2P_EDK)
++		    xtables_error(PARAMETER_PROBLEM,
++				"ipp2p: `--edk' may only be "
++				"specified once");
++	    if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P)
++		    xtables_error(PARAMETER_PROBLEM,
++				"ipp2p: `--ipp2p' may only be "
++				"specified alone!");
++/*	    if ((*flags & SHORT_HAND_DATA) == SHORT_HAND_DATA)
++		    xtables_error(PARAMETER_PROBLEM,
++				"ipp2p: `--ipp2p-data' may only be "
++				"specified alone!");*/
++            if ((*flags & IPP2P_DATA_EDK) == IPP2P_DATA_EDK)
++            xtables_error(PARAMETER_PROBLEM,
++                                "ipp2p: use `--edk' OR `--edk-data' but not both of them!");
++	    if (invert) xtables_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!");
++	    *flags += IPP2P_EDK;
++	    info->cmd = *flags;	    
++	    break;
++
++
++	case '7':		/*cmd: dc*/
++            if ((*flags & IPP2P_DC) == IPP2P_DC)
++            xtables_error(PARAMETER_PROBLEM,
++                                "ipp2p: `--dc' may only be "
++                                "specified once!");
++	    if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P)
++		    xtables_error(PARAMETER_PROBLEM,
++				"ipp2p: `--ipp2p' may only be "
++				"specified alone!");
++/*	    if ((*flags & SHORT_HAND_DATA) == SHORT_HAND_DATA)
++		    xtables_error(PARAMETER_PROBLEM,
++				"ipp2p: `--ipp2p-data' may only be "
++				"specified alone!");*/
++            if ((*flags & IPP2P_DATA_DC) == IPP2P_DATA_DC)
++            xtables_error(PARAMETER_PROBLEM,
++                                "ipp2p: use `--dc' OR `--dc-data' but not both of them!");
++	    if (invert) xtables_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!");
++            *flags += IPP2P_DC;
++	    info->cmd = *flags;
++	    break;
++
++
++	case '9':		/*cmd: gnu*/
++            if ((*flags & IPP2P_GNU) == IPP2P_GNU)
++            xtables_error(PARAMETER_PROBLEM,
++                                "ipp2p: `--gnu' may only be "
++                                "specified once!");
++/*	    if ((*flags & SHORT_HAND_DATA) == SHORT_HAND_DATA)
++		    xtables_error(PARAMETER_PROBLEM,
++				"ipp2p: `--ipp2p-data' may only be "
++				"specified alone!");*/
++	    if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P)
++		    xtables_error(PARAMETER_PROBLEM,
++				"ipp2p: `--ipp2p' may only be "
++				"specified alone!");
++            if ((*flags & IPP2P_DATA_GNU) == IPP2P_DATA_GNU)
++            xtables_error(PARAMETER_PROBLEM,
++                                "ipp2p: use `--gnu' OR `--gnu-data' but not both of them!");
++	    if (invert) xtables_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!");
++            *flags += IPP2P_GNU;
++	    info->cmd = *flags;
++	    break;
++
++	case 'a':		/*cmd: kazaa*/
++            if ((*flags & IPP2P_KAZAA) == IPP2P_KAZAA)
++            xtables_error(PARAMETER_PROBLEM,
++                                "ipp2p: `--kazaa' may only be "
++                                "specified once!");
++/*	    if ((*flags & SHORT_HAND_DATA) == SHORT_HAND_DATA)
++		    xtables_error(PARAMETER_PROBLEM,
++				"ipp2p: `--ipp2p-data' may only be "
++				"specified alone!");*/
++	    if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P)
++		    xtables_error(PARAMETER_PROBLEM,
++				"ipp2p: `--ipp2p' may only be "
++				"specified alone!");
++            if ((*flags & IPP2P_DATA_KAZAA) == IPP2P_DATA_KAZAA)
++            xtables_error(PARAMETER_PROBLEM,
++                                "ipp2p: use `--kazaa' OR `--kazaa-data' but not both of them!");
++	    if (invert) xtables_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!");
++            *flags += IPP2P_KAZAA;
++	    info->cmd = *flags;
++	    break;																											
++
++	case 'b':		/*cmd: bit*/
++            if ((*flags & IPP2P_BIT) == IPP2P_BIT)
++            xtables_error(PARAMETER_PROBLEM,
++                                "ipp2p: `--bit' may only be "
++                                "specified once!");
++	    if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P)
++		    xtables_error(PARAMETER_PROBLEM,
++				"ipp2p: `--ipp2p' may only be "
++				"specified alone!");
++	    if (invert) xtables_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!");
++            *flags += IPP2P_BIT;
++	    info->cmd = *flags;
++	    break;																											
++
++	case 'c':		/*cmd: apple*/
++            if ((*flags & IPP2P_APPLE) == IPP2P_APPLE)
++            xtables_error(PARAMETER_PROBLEM,
++                                "ipp2p: `--apple' may only be "
++                                "specified once!");
++	    if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P)
++		    xtables_error(PARAMETER_PROBLEM,
++				"ipp2p: `--ipp2p' may only be "
++				"specified alone!");
++	    if (invert) xtables_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!");
++            *flags += IPP2P_APPLE;
++	    info->cmd = *flags;
++	    break;																											
++
++
++	case 'd':		/*cmd: soul*/
++            if ((*flags & IPP2P_SOUL) == IPP2P_SOUL)
++            xtables_error(PARAMETER_PROBLEM,
++                                "ipp2p: `--soul' may only be "
++                                "specified once!");
++	    if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P)
++		    xtables_error(PARAMETER_PROBLEM,
++				"ipp2p: `--ipp2p' may only be "
++				"specified alone!");
++	    if (invert) xtables_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!");
++            *flags += IPP2P_SOUL;
++	    info->cmd = *flags;
++	    break;																											
++
++
++	case 'e':		/*cmd: winmx*/
++            if ((*flags & IPP2P_WINMX) == IPP2P_WINMX)
++            xtables_error(PARAMETER_PROBLEM,
++                                "ipp2p: `--winmx' may only be "
++                                "specified once!");
++	    if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P)
++		    xtables_error(PARAMETER_PROBLEM,
++				"ipp2p: `--ipp2p' may only be "
++				"specified alone!");
++	    if (invert) xtables_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!");
++            *flags += IPP2P_WINMX;
++	    info->cmd = *flags;
++	    break;																											
++
++	case 'f':		/*cmd: ares*/
++            if ((*flags & IPP2P_ARES) == IPP2P_ARES)
++            xtables_error(PARAMETER_PROBLEM,
++                                "ipp2p: `--ares' may only be "
++                                "specified once!");
++	    if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P)
++		    xtables_error(PARAMETER_PROBLEM,
++				"ipp2p: `--ipp2p' may only be "
++				"specified alone!");
++	    if (invert) xtables_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!");
++            *flags += IPP2P_ARES;
++	    info->cmd = *flags;
++	    break;																											
++	
++	case 'g':		/*cmd: mute*/
++            if ((*flags & IPP2P_MUTE) == IPP2P_MUTE)
++            xtables_error(PARAMETER_PROBLEM,
++                                "ipp2p: `--mute' may only be "
++                                "specified once!");
++	    if (invert) xtables_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!");
++            *flags += IPP2P_MUTE;
++	    info->cmd = *flags;
++	    break;																											
++	case 'h':		/*cmd: waste*/
++            if ((*flags & IPP2P_WASTE) == IPP2P_WASTE)
++            xtables_error(PARAMETER_PROBLEM,
++                                "ipp2p: `--waste' may only be "
++                                "specified once!");
++	    if (invert) xtables_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!");
++            *flags += IPP2P_WASTE;
++	    info->cmd = *flags;
++	    break;																											
++	case 'i':		/*cmd: xdcc*/
++            if ((*flags & IPP2P_XDCC) == IPP2P_XDCC)
++            xtables_error(PARAMETER_PROBLEM,
++                                "ipp2p: `--ares' may only be "
++                                "specified once!");
++	    if (invert) xtables_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!");
++            *flags += IPP2P_XDCC;
++	    info->cmd = *flags;
++	    break;																											
++
++	case 'j':		/*cmd: debug*/
++	    if (invert) xtables_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!");
++	    info->debug = 1;
++	    break;																											
++
++	default:
++//            xtables_error(PARAMETER_PROBLEM,
++//	    "\nipp2p-parameter problem: for ipp2p usage type: iptables -m ipp2p --help\n");
++	    return 0;
++    }
++    return 1;
++}
++
++
++static void
++final_check(unsigned int flags)
++{
++    if (!flags)
++            xtables_error(PARAMETER_PROBLEM,
++	    "\nipp2p-parameter problem: for ipp2p usage type: iptables -m ipp2p --help\n");
++}
++
++static void
++#ifdef _XTABLES_H
++print(const void *ip,
++      const struct xt_entry_match *match,
++#else
++print(const struct ipt_ip *ip,
++      const struct ipt_entry_match *match,
++#endif
++	int numeric)
++{
++    struct ipt_p2p_info *info = (struct ipt_p2p_info *)match->data;
++    
++    printf("ipp2p v%s", IPP2P_VERSION);
++    if ((info->cmd & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P) printf(" --ipp2p");
++//    if ((info->cmd & SHORT_HAND_DATA) == SHORT_HAND_DATA) printf(" --ipp2p-data");
++    if ((info->cmd & IPP2P_KAZAA) == IPP2P_KAZAA) printf(" --kazaa");
++//    if ((info->cmd & IPP2P_DATA_KAZAA) == IPP2P_DATA_KAZAA) printf(" --kazaa-data");
++//    if ((info->cmd & IPP2P_DATA_GNU) == IPP2P_DATA_GNU) printf(" --gnu-data");
++    if ((info->cmd & IPP2P_GNU) == IPP2P_GNU) printf(" --gnu");
++    if ((info->cmd & IPP2P_EDK) == IPP2P_EDK) printf(" --edk");
++//    if ((info->cmd & IPP2P_DATA_EDK) == IPP2P_DATA_EDK) printf(" --edk-data");
++//    if ((info->cmd & IPP2P_DATA_DC) == IPP2P_DATA_DC) printf(" --dc-data");
++    if ((info->cmd & IPP2P_DC) == IPP2P_DC) printf(" --dc");
++    if ((info->cmd & IPP2P_BIT) == IPP2P_BIT) printf(" --bit");
++    if ((info->cmd & IPP2P_APPLE) == IPP2P_APPLE) printf(" --apple");
++    if ((info->cmd & IPP2P_SOUL) == IPP2P_SOUL) printf(" --soul");
++    if ((info->cmd & IPP2P_WINMX) == IPP2P_WINMX) printf(" --winmx");
++    if ((info->cmd & IPP2P_ARES) == IPP2P_ARES) printf(" --ares");
++    if ((info->cmd & IPP2P_MUTE) == IPP2P_MUTE) printf(" --mute");
++    if ((info->cmd & IPP2P_WASTE) == IPP2P_WASTE) printf(" --waste");
++    if ((info->cmd & IPP2P_XDCC) == IPP2P_XDCC) printf(" --xdcc");
++    if (info->debug != 0) printf(" --debug");
++    printf(" ");
++}
++
++static void
++#ifdef _XTABLES_H
++save(const void *ip,
++     const struct xt_entry_match *match)
++#else
++save(const struct ipt_ip *ip,
++     const struct ipt_entry_match *match)
++#endif
++{
++    struct ipt_p2p_info *info = (struct ipt_p2p_info *)match->data;
++    
++    if ((info->cmd & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P) printf("--ipp2p ");
++//    if ((info->cmd & SHORT_HAND_DATA) == SHORT_HAND_DATA) printf("--ipp2p-data ");
++    if ((info->cmd & IPP2P_KAZAA) == IPP2P_KAZAA) printf("--kazaa ");
++//    if ((info->cmd & IPP2P_DATA_KAZAA) == IPP2P_DATA_KAZAA) printf("--kazaa-data ");
++//    if ((info->cmd & IPP2P_DATA_GNU) == IPP2P_DATA_GNU) printf("--gnu-data ");
++    if ((info->cmd & IPP2P_GNU) == IPP2P_GNU) printf("--gnu ");
++    if ((info->cmd & IPP2P_EDK) == IPP2P_EDK) printf("--edk ");
++//    if ((info->cmd & IPP2P_DATA_EDK) == IPP2P_DATA_EDK) printf("--edk-data ");
++//    if ((info->cmd & IPP2P_DATA_DC) == IPP2P_DATA_DC) printf("--dc-data ");
++    if ((info->cmd & IPP2P_DC) == IPP2P_DC) printf("--dc ");
++    if ((info->cmd & IPP2P_BIT) == IPP2P_BIT) printf("--bit ");
++    if ((info->cmd & IPP2P_APPLE) == IPP2P_APPLE) printf("--apple ");
++    if ((info->cmd & IPP2P_SOUL) == IPP2P_SOUL) printf("--soul ");
++    if ((info->cmd & IPP2P_WINMX) == IPP2P_WINMX) printf("--winmx ");
++    if ((info->cmd & IPP2P_ARES) == IPP2P_ARES) printf("--ares ");
++    if ((info->cmd & IPP2P_MUTE) == IPP2P_MUTE) printf(" --mute");
++    if ((info->cmd & IPP2P_WASTE) == IPP2P_WASTE) printf(" --waste");
++    if ((info->cmd & IPP2P_XDCC) == IPP2P_XDCC) printf(" --xdcc");
++    if (info->debug != 0) printf("--debug ");
++}
++
++		
++static 
++struct xtables_match ipp2p= 
++{ 
++    .next           = NULL,
++    .name           = "ipp2p",
++    .version        = XTABLES_VERSION,
++    .size           = XT_ALIGN(sizeof(struct ipt_p2p_info)),
++    .userspacesize  = XT_ALIGN(sizeof(struct ipt_p2p_info)),
++    .help           = &help,
++    .init           = &init,
++    .parse          = &parse,
++    .final_check    = &final_check,
++    .print          = &print,
++    .save           = &save,
++    .extra_opts     = opts
++};
++					    
++
++
++void _init(void)
++{
++    xtables_register_match(&ipp2p);
++}
++
+diff -Naur iptables-1.4.6.org/extensions/libipt_ipp2p.man iptables-1.4.6/extensions/libipt_ipp2p.man
+--- iptables-1.4.6.org/extensions/libipt_ipp2p.man	1970-01-01 01:00:00.000000000 +0100
++++ iptables-1.4.6/extensions/libipt_ipp2p.man	2010-02-13 20:02:52.000000000 +0100
+@@ -0,0 +1,43 @@
++This module matches certain packets in P2P flows. It is not
++designed to match all packets belonging to a P2P connection - 
++use IPP2P together with CONNMARK for this purpose. Also visit
++http://www.ipp2p.org for detailed information.
++
++Use it together with -p tcp or -p udp to search these protocols
++only or without -p switch to search packets of both protocols.
++
++IPP2P provides the following options:
++.TP
++.B "--edk "
++Matches as many eDonkey/eMule packets as possible.
++.TP
++.B "--kazaa "
++Matches as many KaZaA packets as possible.
++.TP
++.B "--gnu "
++Matches as many Gnutella packets as possible.
++.TP
++.B "--dc "
++Matches as many Direct Connect packets as possible.
++.TP
++.B "--bit "
++Matches BitTorrent packets.
++.TP
++.B "--apple "
++Matches AppleJuice packets.
++.TP
++.B "--soul "
++Matches some SoulSeek packets. Considered as beta, use careful!
++.TP
++.B "--winmx "
++Matches some WinMX packets. Considered as beta, use careful!
++.TP
++.B "--ares "
++Matches Ares and AresLite packets. Use together with -j DROP only.
++.TP
++.B "--ipp2p "
++Short hand for: --edk --kazaa --gnu --dc
++.TP
++.B "--debug "
++Prints some information about each hit into kernel logfile. May 
++produce huge logfiles so beware!
diff --git a/src/patches/iptables-1.4.6-errorno_includes.patch b/src/patches/iptables-1.4.6-errorno_includes.patch
deleted file mode 100644
index a25c5a3..0000000
--- a/src/patches/iptables-1.4.6-errorno_includes.patch
+++ /dev/null
@@ -1,170 +0,0 @@
-diff -Naur include.org/asm/errno.h include/asm/errno.h
---- include.org/asm/errno.h	2010-02-12 18:21:40.000000000 +0100
-+++ include/asm/errno.h	2010-02-12 18:19:41.000000000 +0100
-@@ -5,4 +5,8 @@
-  #include <linux/errno.h>
- #endif
- 
-+#ifndef _ASM_GENERIC_ERRNO_H
-+ #include <asm-generic/errno.h>
-+#endif
-+
- #endif
-diff -Naur include.org/asm-generic/errno-base.h include/asm-generic/errno-base.h
---- include.org/asm-generic/errno-base.h	1970-01-01 01:00:00.000000000 +0100
-+++ include/asm-generic/errno-base.h	2010-02-09 13:57:19.000000000 +0100
-@@ -0,0 +1,39 @@
-+#ifndef _ASM_GENERIC_ERRNO_BASE_H
-+#define _ASM_GENERIC_ERRNO_BASE_H
-+
-+#define	EPERM		 1	/* Operation not permitted */
-+#define	ENOENT		 2	/* No such file or directory */
-+#define	ESRCH		 3	/* No such process */
-+#define	EINTR		 4	/* Interrupted system call */
-+#define	EIO		 5	/* I/O error */
-+#define	ENXIO		 6	/* No such device or address */
-+#define	E2BIG		 7	/* Argument list too long */
-+#define	ENOEXEC		 8	/* Exec format error */
-+#define	EBADF		 9	/* Bad file number */
-+#define	ECHILD		10	/* No child processes */
-+#define	EAGAIN		11	/* Try again */
-+#define	ENOMEM		12	/* Out of memory */
-+#define	EACCES		13	/* Permission denied */
-+#define	EFAULT		14	/* Bad address */
-+#define	ENOTBLK		15	/* Block device required */
-+#define	EBUSY		16	/* Device or resource busy */
-+#define	EEXIST		17	/* File exists */
-+#define	EXDEV		18	/* Cross-device link */
-+#define	ENODEV		19	/* No such device */
-+#define	ENOTDIR		20	/* Not a directory */
-+#define	EISDIR		21	/* Is a directory */
-+#define	EINVAL		22	/* Invalid argument */
-+#define	ENFILE		23	/* File table overflow */
-+#define	EMFILE		24	/* Too many open files */
-+#define	ENOTTY		25	/* Not a typewriter */
-+#define	ETXTBSY		26	/* Text file busy */
-+#define	EFBIG		27	/* File too large */
-+#define	ENOSPC		28	/* No space left on device */
-+#define	ESPIPE		29	/* Illegal seek */
-+#define	EROFS		30	/* Read-only file system */
-+#define	EMLINK		31	/* Too many links */
-+#define	EPIPE		32	/* Broken pipe */
-+#define	EDOM		33	/* Math argument out of domain of func */
-+#define	ERANGE		34	/* Math result not representable */
-+
-+#endif
-diff -Naur include.org/asm-generic/errno.h include/asm-generic/errno.h
---- include.org/asm-generic/errno.h	1970-01-01 01:00:00.000000000 +0100
-+++ include/asm-generic/errno.h	2010-02-09 13:57:19.000000000 +0100
-@@ -0,0 +1,111 @@
-+#ifndef _ASM_GENERIC_ERRNO_H
-+#define _ASM_GENERIC_ERRNO_H
-+
-+#include <asm-generic/errno-base.h>
-+
-+#define	EDEADLK		35	/* Resource deadlock would occur */
-+#define	ENAMETOOLONG	36	/* File name too long */
-+#define	ENOLCK		37	/* No record locks available */
-+#define	ENOSYS		38	/* Function not implemented */
-+#define	ENOTEMPTY	39	/* Directory not empty */
-+#define	ELOOP		40	/* Too many symbolic links encountered */
-+#define	EWOULDBLOCK	EAGAIN	/* Operation would block */
-+#define	ENOMSG		42	/* No message of desired type */
-+#define	EIDRM		43	/* Identifier removed */
-+#define	ECHRNG		44	/* Channel number out of range */
-+#define	EL2NSYNC	45	/* Level 2 not synchronized */
-+#define	EL3HLT		46	/* Level 3 halted */
-+#define	EL3RST		47	/* Level 3 reset */
-+#define	ELNRNG		48	/* Link number out of range */
-+#define	EUNATCH		49	/* Protocol driver not attached */
-+#define	ENOCSI		50	/* No CSI structure available */
-+#define	EL2HLT		51	/* Level 2 halted */
-+#define	EBADE		52	/* Invalid exchange */
-+#define	EBADR		53	/* Invalid request descriptor */
-+#define	EXFULL		54	/* Exchange full */
-+#define	ENOANO		55	/* No anode */
-+#define	EBADRQC		56	/* Invalid request code */
-+#define	EBADSLT		57	/* Invalid slot */
-+
-+#define	EDEADLOCK	EDEADLK
-+
-+#define	EBFONT		59	/* Bad font file format */
-+#define	ENOSTR		60	/* Device not a stream */
-+#define	ENODATA		61	/* No data available */
-+#define	ETIME		62	/* Timer expired */
-+#define	ENOSR		63	/* Out of streams resources */
-+#define	ENONET		64	/* Machine is not on the network */
-+#define	ENOPKG		65	/* Package not installed */
-+#define	EREMOTE		66	/* Object is remote */
-+#define	ENOLINK		67	/* Link has been severed */
-+#define	EADV		68	/* Advertise error */
-+#define	ESRMNT		69	/* Srmount error */
-+#define	ECOMM		70	/* Communication error on send */
-+#define	EPROTO		71	/* Protocol error */
-+#define	EMULTIHOP	72	/* Multihop attempted */
-+#define	EDOTDOT		73	/* RFS specific error */
-+#define	EBADMSG		74	/* Not a data message */
-+#define	EOVERFLOW	75	/* Value too large for defined data type */
-+#define	ENOTUNIQ	76	/* Name not unique on network */
-+#define	EBADFD		77	/* File descriptor in bad state */
-+#define	EREMCHG		78	/* Remote address changed */
-+#define	ELIBACC		79	/* Can not access a needed shared library */
-+#define	ELIBBAD		80	/* Accessing a corrupted shared library */
-+#define	ELIBSCN		81	/* .lib section in a.out corrupted */
-+#define	ELIBMAX		82	/* Attempting to link in too many shared libraries */
-+#define	ELIBEXEC	83	/* Cannot exec a shared library directly */
-+#define	EILSEQ		84	/* Illegal byte sequence */
-+#define	ERESTART	85	/* Interrupted system call should be restarted */
-+#define	ESTRPIPE	86	/* Streams pipe error */
-+#define	EUSERS		87	/* Too many users */
-+#define	ENOTSOCK	88	/* Socket operation on non-socket */
-+#define	EDESTADDRREQ	89	/* Destination address required */
-+#define	EMSGSIZE	90	/* Message too long */
-+#define	EPROTOTYPE	91	/* Protocol wrong type for socket */
-+#define	ENOPROTOOPT	92	/* Protocol not available */
-+#define	EPROTONOSUPPORT	93	/* Protocol not supported */
-+#define	ESOCKTNOSUPPORT	94	/* Socket type not supported */
-+#define	EOPNOTSUPP	95	/* Operation not supported on transport endpoint */
-+#define	EPFNOSUPPORT	96	/* Protocol family not supported */
-+#define	EAFNOSUPPORT	97	/* Address family not supported by protocol */
-+#define	EADDRINUSE	98	/* Address already in use */
-+#define	EADDRNOTAVAIL	99	/* Cannot assign requested address */
-+#define	ENETDOWN	100	/* Network is down */
-+#define	ENETUNREACH	101	/* Network is unreachable */
-+#define	ENETRESET	102	/* Network dropped connection because of reset */
-+#define	ECONNABORTED	103	/* Software caused connection abort */
-+#define	ECONNRESET	104	/* Connection reset by peer */
-+#define	ENOBUFS		105	/* No buffer space available */
-+#define	EISCONN		106	/* Transport endpoint is already connected */
-+#define	ENOTCONN	107	/* Transport endpoint is not connected */
-+#define	ESHUTDOWN	108	/* Cannot send after transport endpoint shutdown */
-+#define	ETOOMANYREFS	109	/* Too many references: cannot splice */
-+#define	ETIMEDOUT	110	/* Connection timed out */
-+#define	ECONNREFUSED	111	/* Connection refused */
-+#define	EHOSTDOWN	112	/* Host is down */
-+#define	EHOSTUNREACH	113	/* No route to host */
-+#define	EALREADY	114	/* Operation already in progress */
-+#define	EINPROGRESS	115	/* Operation now in progress */
-+#define	ESTALE		116	/* Stale NFS file handle */
-+#define	EUCLEAN		117	/* Structure needs cleaning */
-+#define	ENOTNAM		118	/* Not a XENIX named type file */
-+#define	ENAVAIL		119	/* No XENIX semaphores available */
-+#define	EISNAM		120	/* Is a named type file */
-+#define	EREMOTEIO	121	/* Remote I/O error */
-+#define	EDQUOT		122	/* Quota exceeded */
-+
-+#define	ENOMEDIUM	123	/* No medium found */
-+#define	EMEDIUMTYPE	124	/* Wrong medium type */
-+#define	ECANCELED	125	/* Operation Canceled */
-+#define	ENOKEY		126	/* Required key not available */
-+#define	EKEYEXPIRED	127	/* Key has expired */
-+#define	EKEYREVOKED	128	/* Key has been revoked */
-+#define	EKEYREJECTED	129	/* Key was rejected by service */
-+
-+/* for robust mutexes */
-+#define	EOWNERDEAD	130	/* Owner died */
-+#define	ENOTRECOVERABLE	131	/* State not recoverable */
-+
-+#define ERFKILL		132	/* Operation not possible due to RF-kill */
-+
-+#endif
diff --git a/src/patches/iptables-1.4.6-imq_test1.patch b/src/patches/iptables-1.4.6-imq_test1.patch
deleted file mode 100644
index 2b4fb79..0000000
--- a/src/patches/iptables-1.4.6-imq_test1.patch
+++ /dev/null
@@ -1,126 +0,0 @@
-diff -Naurw iptables-1.4.1/extensions/.IMQ-testx iptables-1.4.1.imq/extensions/.IMQ-testx
---- iptables-1.4.1/extensions/.IMQ-testx	1969-12-31 21:00:00.000000000 -0300
-+++ iptables-1.4.1.imq/extensions/.IMQ-testx	2008-06-24 22:20:06.000000000 -0300
-@@ -0,0 +1,3 @@
-+#!/bin/sh
-+# True if IMQ target patch is applied.
-+[ -f $KERNEL_DIR/include/linux/netfilter/xt_IMQ.h ] && echo IMQ
-diff -Naurw iptables-1.4.1/extensions/libxt_IMQ.c iptables-1.4.1.imq/extensions/libxt_IMQ.c
---- iptables-1.4.1/extensions/libxt_IMQ.c	1969-12-31 21:00:00.000000000 -0300
-+++ iptables-1.4.1.imq/extensions/libxt_IMQ.c	2008-06-24 22:31:02.000000000 -0300
-@@ -0,0 +1,103 @@
-+/* Shared library add-on to iptables to add IMQ target support. */
-+#include <stdio.h>
-+#include <string.h>
-+#include <stdlib.h>
-+#include <getopt.h>
-+
-+#include <xtables.h>
-+#include <linux/netfilter/x_tables.h>
-+#include <linux/netfilter/xt_IMQ.h>
-+
-+/* Function which prints out usage message. */
-+static void IMQ_help(void)
-+{
-+	printf(
-+"IMQ target options:\n"
-+"  --todev <N>		enqueue to imq<N>, defaults to 0\n");
-+
-+}
-+
-+static struct option IMQ_opts[] = {
-+	{ "todev", 1, 0, '1' },
-+	{ 0 }
-+};
-+
-+/* Initialize the target. */
-+static void IMQ_init(struct xt_entry_target *t)
-+{
-+	struct xt_imq_info *mr = (struct xt_imq_info*)t->data;
-+
-+	mr->todev = 0;
-+}
-+
-+/* Function which parses command options; returns true if it
-+   ate an option */
-+static int IMQ_parse(int c, char **argv, int invert, unsigned int *flags,
-+      const void *entry, struct xt_entry_target **target)
-+{
-+	struct xt_imq_info *mr = (struct xt_imq_info*)(*target)->data;
-+	
-+	switch(c) {
-+	case '1':
-+		if (xtables_check_inverse(optarg, &invert, NULL, 0, argv))
-+			xtables_error(PARAMETER_PROBLEM,
-+				   "Unexpected `!' for --todev");
-+		mr->todev=atoi(optarg);
-+		break;
-+	default:
-+		return 0;
-+	}
-+	return 1;
-+}
-+
-+/* Prints out the targinfo. */
-+static void IMQ_print(const void *ip,
-+      const struct xt_entry_target *target,
-+      int numeric)
-+{
-+	struct xt_imq_info *mr = (struct xt_imq_info*)target->data;
-+
-+	printf("IMQ: todev %u ", mr->todev);
-+}
-+
-+/* Saves the union ipt_targinfo in parsable form to stdout. */
-+static void IMQ_save(const void *ip, const struct xt_entry_target *target)
-+{
-+	struct xt_imq_info *mr = (struct xt_imq_info*)target->data;
-+
-+	printf("--todev %u", mr->todev);
-+}
-+
-+static struct xtables_target imq_target = {
-+	.name		= "IMQ",
-+	.version	= XTABLES_VERSION,
-+	.family		= NFPROTO_IPV4,
-+	.size		= XT_ALIGN(sizeof(struct xt_imq_info)),
-+	.userspacesize	= XT_ALIGN(sizeof(struct xt_imq_info)),
-+	.help		= IMQ_help,
-+	.init		= IMQ_init,
-+	.parse		= IMQ_parse,
-+	.print		= IMQ_print,
-+	.save		= IMQ_save,
-+	.extra_opts	= IMQ_opts,
-+};
-+
-+static struct xtables_target imq_target6 = {
-+	.name		= "IMQ",
-+	.version	= XTABLES_VERSION,
-+	.family		= NFPROTO_IPV6,
-+	.size		= XT_ALIGN(sizeof(struct xt_imq_info)),
-+	.userspacesize	= XT_ALIGN(sizeof(struct xt_imq_info)),
-+	.help		= IMQ_help,
-+	.init		= IMQ_init,
-+	.parse		= IMQ_parse,
-+	.print		= IMQ_print,
-+	.save		= IMQ_save,
-+	.extra_opts	= IMQ_opts,
-+};
-+
-+// void __attribute((constructor)) nf_ext_init(void){
-+void _init(void){
-+	xtables_register_target(&imq_target);
-+	xtables_register_target(&imq_target6);
-+}
---- iptables-1.4.1.1/include/linux/netfilter/xt_IMQ.h	1970-01-01 02:00:00.000000000 +0200
-+++ iptables-1.4.1.1.new/include/linux/netfilter/xt_IMQ.h	2008-08-05 00:41:28.000000000 +0300
-@@ -0,0 +1,9 @@
-+#ifndef _XT_IMQ_H
-+#define _XT_IMQ_H
-+
-+struct xt_imq_info {
-+	unsigned int todev;     /* target imq device */
-+};
-+
-+#endif /* _XT_IMQ_H */
-+
diff --git a/src/patches/iptables-1.4.6-ipp2p-0.8.2-pomng.patch b/src/patches/iptables-1.4.6-ipp2p-0.8.2-pomng.patch
deleted file mode 100644
index 68e44b1..0000000
--- a/src/patches/iptables-1.4.6-ipp2p-0.8.2-pomng.patch
+++ /dev/null
@@ -1,481 +0,0 @@
-diff -Naur iptables-1.4.6.org/extensions/.ipp2p-test iptables-1.4.6/extensions/.ipp2p-test
---- iptables-1.4.6.org/extensions/.ipp2p-test	1970-01-01 01:00:00.000000000 +0100
-+++ iptables-1.4.6/extensions/.ipp2p-test	2010-02-13 20:02:52.000000000 +0100
-@@ -0,0 +1,2 @@
-+#! /bin/sh
-+[ -f $KERNEL_DIR/include/linux/netfilter_ipv4/ipt_ipp2p.h ] && echo ipp2p
-diff -Naur iptables-1.4.6.org/extensions/libipt_ipp2p.c iptables-1.4.6/extensions/libipt_ipp2p.c
---- iptables-1.4.6.org/extensions/libipt_ipp2p.c	1970-01-01 01:00:00.000000000 +0100
-+++ iptables-1.4.6/extensions/libipt_ipp2p.c	2010-02-13 20:02:52.000000000 +0100
-@@ -0,0 +1,424 @@
-+#include <stdio.h>
-+#include <netdb.h>
-+#include <string.h>
-+#include <stdlib.h>
-+#include <getopt.h>
-+#include <ctype.h>
-+
-+#include <iptables.h>
-+
-+#include <linux/netfilter_ipv4/ipt_ipp2p.h>
-+
-+#ifndef XTABLES_VERSION
-+#define XTABLES_VERSION IPTABLES_VERSION
-+#endif
-+
-+#ifdef IPT_LIB_DIR
-+#define xtables_target iptables_target
-+#define xtables_register_target register_target
-+#endif
-+
-+static void
-+help(void)
-+{
-+    printf(
-+    "IPP2P v%s options:\n"
-+    " --ipp2p	Grab all known p2p packets\n"
-+    " --edk		[TCP&UDP]	All known eDonkey/eMule/Overnet packets\n"
-+    " --dc		[TCP] 		All known Direct Connect packets\n"
-+    " --kazaa	[TCP&UDP] 	All known KaZaA packets\n"
-+    " --gnu		[TCP&UDP]	All known Gnutella packets\n"
-+    " --bit		[TCP&UDP]	All known BitTorrent packets\n"
-+    " --apple	[TCP] 		All known AppleJuice packets\n"
-+    " --winmx	[TCP] 		All known WinMX\n"
-+    " --soul		[TCP] 		All known SoulSeek\n"
-+    " --ares		[TCP] 		All known Ares\n\n"
-+    " EXPERIMENTAL protocols (please send feedback to: ipp2p@ipp2p.org) :\n"
-+    " --mute		[TCP]		All known Mute packets\n"
-+    " --waste	[TCP]		All known Waste packets\n"
-+    " --xdcc		[TCP]		All known XDCC packets (only xdcc login)\n\n"
-+    " DEBUG SUPPPORT, use only if you know why\n"
-+    " --debug		Generate kernel debug output, THIS WILL SLOW DOWN THE FILTER\n"
-+    "\nNote that the follwing options will have the same meaning:\n"
-+    " '--ipp2p' is equal to '--edk --dc --kazaa --gnu --bit --apple --winmx --soul --ares'\n"
-+    "\nIPP2P was intended for TCP only. Due to increasing usage of UDP we needed to change this.\n"
-+    "You can now use -p udp to search UDP packets only or without -p switch to search UDP and TCP packets.\n"
-+    "\nSee README included with this package for more details or visit http://www.ipp2p.org%5Cn"
-+    "\nExamples:\n"
-+    " iptables -A FORWARD -m ipp2p --ipp2p -j MARK --set-mark 0x01\n"
-+    " iptables -A FORWARD -p udp -m ipp2p --kazaa --bit -j DROP\n"
-+    " iptables -A FORWARD -p tcp -m ipp2p --edk --soul -j DROP\n\n"
-+    , IPP2P_VERSION);
-+}
-+
-+static struct option opts[] = {
-+        { "ipp2p", 0, 0, '1' },
-+        { "edk", 0, 0, '2' },	
-+	{ "dc", 0, 0, '7' },
-+	{ "gnu", 0, 0, '9' },
-+	{ "kazaa", 0, 0, 'a' },
-+	{ "bit", 0, 0, 'b' },
-+	{ "apple", 0, 0, 'c' },	
-+	{ "soul", 0, 0, 'd' },	
-+	{ "winmx", 0, 0, 'e' },	
-+	{ "ares", 0, 0, 'f' },
-+	{ "mute", 0, 0, 'g' },
-+	{ "waste", 0, 0, 'h' },
-+	{ "xdcc", 0, 0, 'i' },
-+	{ "debug", 0, 0, 'j' },
-+        {0}
-+};
-+
-+
-+static void
-+#ifdef _XTABLES_H
-+init(struct xt_entry_match *m)
-+#else
-+init(struct ipt_entry_match *t, unsigned int *nfcache)
-+#endif
-+{
-+    struct ipt_p2p_info *info = (struct ipt_p2p_info *)m->data;
-+
-+#ifndef _XTABLES_H
-+    *nfcache |= NFC_UNKNOWN;
-+#endif
-+
-+    /*init the module with default values*/
-+    info->cmd = 0;
-+    info->debug = 0;
-+
-+}
-+
-+
-+static int
-+parse(int c, char **argv, int invert, unsigned int *flags,
-+#ifdef _XTABLES_H
-+      const void *entry, struct xt_entry_match **match)
-+#else
-+      const struct ipt_entry *entry, unsigned int *nfcache, struct ipt_entry_match **match)
-+#endif
-+{
-+    struct ipt_p2p_info *info = (struct ipt_p2p_info *)(*match)->data;
-+    
-+    switch (c) {
-+	case '1':		/*cmd: ipp2p*/
-+	    if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P)
-+		    xtables_error(PARAMETER_PROBLEM,
-+				"ipp2p: `--ipp2p' may only be "
-+				"specified once!");
-+
-+/*	    if ((*flags & SHORT_HAND_DATA) == SHORT_HAND_DATA)
-+		    xtables_error(PARAMETER_PROBLEM,
-+				"ipp2p: `--ipp2p-data' may only be "
-+				"specified alone!");
-+*/
-+
-+	    if ((*flags) != 0)
-+		    xtables_error(PARAMETER_PROBLEM,
-+				"ipp2p: `--ipp2p' may only be "
-+				"specified alone!");
-+	    if (invert) xtables_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!");
-+	    *flags += SHORT_HAND_IPP2P;
-+	    info->cmd = *flags;
-+	    break;
-+	    
-+	case '2':		/*cmd: edk*/
-+	    if ((*flags & IPP2P_EDK) == IPP2P_EDK)
-+		    xtables_error(PARAMETER_PROBLEM,
-+				"ipp2p: `--edk' may only be "
-+				"specified once");
-+	    if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P)
-+		    xtables_error(PARAMETER_PROBLEM,
-+				"ipp2p: `--ipp2p' may only be "
-+				"specified alone!");
-+/*	    if ((*flags & SHORT_HAND_DATA) == SHORT_HAND_DATA)
-+		    xtables_error(PARAMETER_PROBLEM,
-+				"ipp2p: `--ipp2p-data' may only be "
-+				"specified alone!");*/
-+            if ((*flags & IPP2P_DATA_EDK) == IPP2P_DATA_EDK)
-+            xtables_error(PARAMETER_PROBLEM,
-+                                "ipp2p: use `--edk' OR `--edk-data' but not both of them!");
-+	    if (invert) xtables_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!");
-+	    *flags += IPP2P_EDK;
-+	    info->cmd = *flags;	    
-+	    break;
-+
-+
-+	case '7':		/*cmd: dc*/
-+            if ((*flags & IPP2P_DC) == IPP2P_DC)
-+            xtables_error(PARAMETER_PROBLEM,
-+                                "ipp2p: `--dc' may only be "
-+                                "specified once!");
-+	    if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P)
-+		    xtables_error(PARAMETER_PROBLEM,
-+				"ipp2p: `--ipp2p' may only be "
-+				"specified alone!");
-+/*	    if ((*flags & SHORT_HAND_DATA) == SHORT_HAND_DATA)
-+		    xtables_error(PARAMETER_PROBLEM,
-+				"ipp2p: `--ipp2p-data' may only be "
-+				"specified alone!");*/
-+            if ((*flags & IPP2P_DATA_DC) == IPP2P_DATA_DC)
-+            xtables_error(PARAMETER_PROBLEM,
-+                                "ipp2p: use `--dc' OR `--dc-data' but not both of them!");
-+	    if (invert) xtables_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!");
-+            *flags += IPP2P_DC;
-+	    info->cmd = *flags;
-+	    break;
-+
-+
-+	case '9':		/*cmd: gnu*/
-+            if ((*flags & IPP2P_GNU) == IPP2P_GNU)
-+            xtables_error(PARAMETER_PROBLEM,
-+                                "ipp2p: `--gnu' may only be "
-+                                "specified once!");
-+/*	    if ((*flags & SHORT_HAND_DATA) == SHORT_HAND_DATA)
-+		    xtables_error(PARAMETER_PROBLEM,
-+				"ipp2p: `--ipp2p-data' may only be "
-+				"specified alone!");*/
-+	    if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P)
-+		    xtables_error(PARAMETER_PROBLEM,
-+				"ipp2p: `--ipp2p' may only be "
-+				"specified alone!");
-+            if ((*flags & IPP2P_DATA_GNU) == IPP2P_DATA_GNU)
-+            xtables_error(PARAMETER_PROBLEM,
-+                                "ipp2p: use `--gnu' OR `--gnu-data' but not both of them!");
-+	    if (invert) xtables_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!");
-+            *flags += IPP2P_GNU;
-+	    info->cmd = *flags;
-+	    break;
-+
-+	case 'a':		/*cmd: kazaa*/
-+            if ((*flags & IPP2P_KAZAA) == IPP2P_KAZAA)
-+            xtables_error(PARAMETER_PROBLEM,
-+                                "ipp2p: `--kazaa' may only be "
-+                                "specified once!");
-+/*	    if ((*flags & SHORT_HAND_DATA) == SHORT_HAND_DATA)
-+		    xtables_error(PARAMETER_PROBLEM,
-+				"ipp2p: `--ipp2p-data' may only be "
-+				"specified alone!");*/
-+	    if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P)
-+		    xtables_error(PARAMETER_PROBLEM,
-+				"ipp2p: `--ipp2p' may only be "
-+				"specified alone!");
-+            if ((*flags & IPP2P_DATA_KAZAA) == IPP2P_DATA_KAZAA)
-+            xtables_error(PARAMETER_PROBLEM,
-+                                "ipp2p: use `--kazaa' OR `--kazaa-data' but not both of them!");
-+	    if (invert) xtables_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!");
-+            *flags += IPP2P_KAZAA;
-+	    info->cmd = *flags;
-+	    break;																											
-+
-+	case 'b':		/*cmd: bit*/
-+            if ((*flags & IPP2P_BIT) == IPP2P_BIT)
-+            xtables_error(PARAMETER_PROBLEM,
-+                                "ipp2p: `--bit' may only be "
-+                                "specified once!");
-+	    if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P)
-+		    xtables_error(PARAMETER_PROBLEM,
-+				"ipp2p: `--ipp2p' may only be "
-+				"specified alone!");
-+	    if (invert) xtables_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!");
-+            *flags += IPP2P_BIT;
-+	    info->cmd = *flags;
-+	    break;																											
-+
-+	case 'c':		/*cmd: apple*/
-+            if ((*flags & IPP2P_APPLE) == IPP2P_APPLE)
-+            xtables_error(PARAMETER_PROBLEM,
-+                                "ipp2p: `--apple' may only be "
-+                                "specified once!");
-+	    if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P)
-+		    xtables_error(PARAMETER_PROBLEM,
-+				"ipp2p: `--ipp2p' may only be "
-+				"specified alone!");
-+	    if (invert) xtables_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!");
-+            *flags += IPP2P_APPLE;
-+	    info->cmd = *flags;
-+	    break;																											
-+
-+
-+	case 'd':		/*cmd: soul*/
-+            if ((*flags & IPP2P_SOUL) == IPP2P_SOUL)
-+            xtables_error(PARAMETER_PROBLEM,
-+                                "ipp2p: `--soul' may only be "
-+                                "specified once!");
-+	    if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P)
-+		    xtables_error(PARAMETER_PROBLEM,
-+				"ipp2p: `--ipp2p' may only be "
-+				"specified alone!");
-+	    if (invert) xtables_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!");
-+            *flags += IPP2P_SOUL;
-+	    info->cmd = *flags;
-+	    break;																											
-+
-+
-+	case 'e':		/*cmd: winmx*/
-+            if ((*flags & IPP2P_WINMX) == IPP2P_WINMX)
-+            xtables_error(PARAMETER_PROBLEM,
-+                                "ipp2p: `--winmx' may only be "
-+                                "specified once!");
-+	    if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P)
-+		    xtables_error(PARAMETER_PROBLEM,
-+				"ipp2p: `--ipp2p' may only be "
-+				"specified alone!");
-+	    if (invert) xtables_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!");
-+            *flags += IPP2P_WINMX;
-+	    info->cmd = *flags;
-+	    break;																											
-+
-+	case 'f':		/*cmd: ares*/
-+            if ((*flags & IPP2P_ARES) == IPP2P_ARES)
-+            xtables_error(PARAMETER_PROBLEM,
-+                                "ipp2p: `--ares' may only be "
-+                                "specified once!");
-+	    if ((*flags & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P)
-+		    xtables_error(PARAMETER_PROBLEM,
-+				"ipp2p: `--ipp2p' may only be "
-+				"specified alone!");
-+	    if (invert) xtables_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!");
-+            *flags += IPP2P_ARES;
-+	    info->cmd = *flags;
-+	    break;																											
-+	
-+	case 'g':		/*cmd: mute*/
-+            if ((*flags & IPP2P_MUTE) == IPP2P_MUTE)
-+            xtables_error(PARAMETER_PROBLEM,
-+                                "ipp2p: `--mute' may only be "
-+                                "specified once!");
-+	    if (invert) xtables_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!");
-+            *flags += IPP2P_MUTE;
-+	    info->cmd = *flags;
-+	    break;																											
-+	case 'h':		/*cmd: waste*/
-+            if ((*flags & IPP2P_WASTE) == IPP2P_WASTE)
-+            xtables_error(PARAMETER_PROBLEM,
-+                                "ipp2p: `--waste' may only be "
-+                                "specified once!");
-+	    if (invert) xtables_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!");
-+            *flags += IPP2P_WASTE;
-+	    info->cmd = *flags;
-+	    break;																											
-+	case 'i':		/*cmd: xdcc*/
-+            if ((*flags & IPP2P_XDCC) == IPP2P_XDCC)
-+            xtables_error(PARAMETER_PROBLEM,
-+                                "ipp2p: `--ares' may only be "
-+                                "specified once!");
-+	    if (invert) xtables_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!");
-+            *flags += IPP2P_XDCC;
-+	    info->cmd = *flags;
-+	    break;																											
-+
-+	case 'j':		/*cmd: debug*/
-+	    if (invert) xtables_error(PARAMETER_PROBLEM, "ipp2p: invert [!] is not allowed!");
-+	    info->debug = 1;
-+	    break;																											
-+
-+	default:
-+//            xtables_error(PARAMETER_PROBLEM,
-+//	    "\nipp2p-parameter problem: for ipp2p usage type: iptables -m ipp2p --help\n");
-+	    return 0;
-+    }
-+    return 1;
-+}
-+
-+
-+static void
-+final_check(unsigned int flags)
-+{
-+    if (!flags)
-+            xtables_error(PARAMETER_PROBLEM,
-+	    "\nipp2p-parameter problem: for ipp2p usage type: iptables -m ipp2p --help\n");
-+}
-+
-+static void
-+#ifdef _XTABLES_H
-+print(const void *ip,
-+      const struct xt_entry_match *match,
-+#else
-+print(const struct ipt_ip *ip,
-+      const struct ipt_entry_match *match,
-+#endif
-+	int numeric)
-+{
-+    struct ipt_p2p_info *info = (struct ipt_p2p_info *)match->data;
-+    
-+    printf("ipp2p v%s", IPP2P_VERSION);
-+    if ((info->cmd & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P) printf(" --ipp2p");
-+//    if ((info->cmd & SHORT_HAND_DATA) == SHORT_HAND_DATA) printf(" --ipp2p-data");
-+    if ((info->cmd & IPP2P_KAZAA) == IPP2P_KAZAA) printf(" --kazaa");
-+//    if ((info->cmd & IPP2P_DATA_KAZAA) == IPP2P_DATA_KAZAA) printf(" --kazaa-data");
-+//    if ((info->cmd & IPP2P_DATA_GNU) == IPP2P_DATA_GNU) printf(" --gnu-data");
-+    if ((info->cmd & IPP2P_GNU) == IPP2P_GNU) printf(" --gnu");
-+    if ((info->cmd & IPP2P_EDK) == IPP2P_EDK) printf(" --edk");
-+//    if ((info->cmd & IPP2P_DATA_EDK) == IPP2P_DATA_EDK) printf(" --edk-data");
-+//    if ((info->cmd & IPP2P_DATA_DC) == IPP2P_DATA_DC) printf(" --dc-data");
-+    if ((info->cmd & IPP2P_DC) == IPP2P_DC) printf(" --dc");
-+    if ((info->cmd & IPP2P_BIT) == IPP2P_BIT) printf(" --bit");
-+    if ((info->cmd & IPP2P_APPLE) == IPP2P_APPLE) printf(" --apple");
-+    if ((info->cmd & IPP2P_SOUL) == IPP2P_SOUL) printf(" --soul");
-+    if ((info->cmd & IPP2P_WINMX) == IPP2P_WINMX) printf(" --winmx");
-+    if ((info->cmd & IPP2P_ARES) == IPP2P_ARES) printf(" --ares");
-+    if ((info->cmd & IPP2P_MUTE) == IPP2P_MUTE) printf(" --mute");
-+    if ((info->cmd & IPP2P_WASTE) == IPP2P_WASTE) printf(" --waste");
-+    if ((info->cmd & IPP2P_XDCC) == IPP2P_XDCC) printf(" --xdcc");
-+    if (info->debug != 0) printf(" --debug");
-+    printf(" ");
-+}
-+
-+static void
-+#ifdef _XTABLES_H
-+save(const void *ip,
-+     const struct xt_entry_match *match)
-+#else
-+save(const struct ipt_ip *ip,
-+     const struct ipt_entry_match *match)
-+#endif
-+{
-+    struct ipt_p2p_info *info = (struct ipt_p2p_info *)match->data;
-+    
-+    if ((info->cmd & SHORT_HAND_IPP2P) == SHORT_HAND_IPP2P) printf("--ipp2p ");
-+//    if ((info->cmd & SHORT_HAND_DATA) == SHORT_HAND_DATA) printf("--ipp2p-data ");
-+    if ((info->cmd & IPP2P_KAZAA) == IPP2P_KAZAA) printf("--kazaa ");
-+//    if ((info->cmd & IPP2P_DATA_KAZAA) == IPP2P_DATA_KAZAA) printf("--kazaa-data ");
-+//    if ((info->cmd & IPP2P_DATA_GNU) == IPP2P_DATA_GNU) printf("--gnu-data ");
-+    if ((info->cmd & IPP2P_GNU) == IPP2P_GNU) printf("--gnu ");
-+    if ((info->cmd & IPP2P_EDK) == IPP2P_EDK) printf("--edk ");
-+//    if ((info->cmd & IPP2P_DATA_EDK) == IPP2P_DATA_EDK) printf("--edk-data ");
-+//    if ((info->cmd & IPP2P_DATA_DC) == IPP2P_DATA_DC) printf("--dc-data ");
-+    if ((info->cmd & IPP2P_DC) == IPP2P_DC) printf("--dc ");
-+    if ((info->cmd & IPP2P_BIT) == IPP2P_BIT) printf("--bit ");
-+    if ((info->cmd & IPP2P_APPLE) == IPP2P_APPLE) printf("--apple ");
-+    if ((info->cmd & IPP2P_SOUL) == IPP2P_SOUL) printf("--soul ");
-+    if ((info->cmd & IPP2P_WINMX) == IPP2P_WINMX) printf("--winmx ");
-+    if ((info->cmd & IPP2P_ARES) == IPP2P_ARES) printf("--ares ");
-+    if ((info->cmd & IPP2P_MUTE) == IPP2P_MUTE) printf(" --mute");
-+    if ((info->cmd & IPP2P_WASTE) == IPP2P_WASTE) printf(" --waste");
-+    if ((info->cmd & IPP2P_XDCC) == IPP2P_XDCC) printf(" --xdcc");
-+    if (info->debug != 0) printf("--debug ");
-+}
-+
-+		
-+static 
-+struct xtables_match ipp2p= 
-+{ 
-+    .next           = NULL,
-+    .name           = "ipp2p",
-+    .version        = XTABLES_VERSION,
-+    .size           = IPT_ALIGN(sizeof(struct ipt_p2p_info)),
-+    .userspacesize  = IPT_ALIGN(sizeof(struct ipt_p2p_info)),
-+    .help           = &help,
-+    .init           = &init,
-+    .parse          = &parse,
-+    .final_check    = &final_check,
-+    .print          = &print,
-+    .save           = &save,
-+    .extra_opts     = opts
-+};
-+					    
-+
-+
-+void _init(void)
-+{
-+    xtables_register_match(&ipp2p);
-+}
-+
-diff -Naur iptables-1.4.6.org/extensions/libipt_ipp2p.man iptables-1.4.6/extensions/libipt_ipp2p.man
---- iptables-1.4.6.org/extensions/libipt_ipp2p.man	1970-01-01 01:00:00.000000000 +0100
-+++ iptables-1.4.6/extensions/libipt_ipp2p.man	2010-02-13 20:02:52.000000000 +0100
-@@ -0,0 +1,43 @@
-+This module matches certain packets in P2P flows. It is not
-+designed to match all packets belonging to a P2P connection - 
-+use IPP2P together with CONNMARK for this purpose. Also visit
-+http://www.ipp2p.org for detailed information.
-+
-+Use it together with -p tcp or -p udp to search these protocols
-+only or without -p switch to search packets of both protocols.
-+
-+IPP2P provides the following options:
-+.TP
-+.B "--edk "
-+Matches as many eDonkey/eMule packets as possible.
-+.TP
-+.B "--kazaa "
-+Matches as many KaZaA packets as possible.
-+.TP
-+.B "--gnu "
-+Matches as many Gnutella packets as possible.
-+.TP
-+.B "--dc "
-+Matches as many Direct Connect packets as possible.
-+.TP
-+.B "--bit "
-+Matches BitTorrent packets.
-+.TP
-+.B "--apple "
-+Matches AppleJuice packets.
-+.TP
-+.B "--soul "
-+Matches some SoulSeek packets. Considered as beta, use careful!
-+.TP
-+.B "--winmx "
-+Matches some WinMX packets. Considered as beta, use careful!
-+.TP
-+.B "--ares "
-+Matches Ares and AresLite packets. Use together with -j DROP only.
-+.TP
-+.B "--ipp2p "
-+Short hand for: --edk --kazaa --gnu --dc
-+.TP
-+.B "--debug "
-+Prints some information about each hit into kernel logfile. May 
-+produce huge logfiles so beware!
diff --git a/src/patches/miniupnpd-1.4_use_XT_ALIGN.patch b/src/patches/miniupnpd-1.4_use_XT_ALIGN.patch
new file mode 100644
index 0000000..8c33222
--- /dev/null
+++ b/src/patches/miniupnpd-1.4_use_XT_ALIGN.patch
@@ -0,0 +1,47 @@
+diff -Naur miniupnpd-1.4.org/netfilter/iptcrdr.c miniupnpd-1.4/netfilter/iptcrdr.c
+--- miniupnpd-1.4.org/netfilter/iptcrdr.c	2009-10-10 21:19:41.000000000 +0200
++++ miniupnpd-1.4/netfilter/iptcrdr.c	2012-07-29 16:09:42.640363971 +0200
+@@ -443,8 +443,8 @@
+ 	struct ipt_entry_match *match;
+ 	struct ipt_tcp * tcpinfo;
+ 	size_t size;
+-	size =   IPT_ALIGN(sizeof(struct ipt_entry_match))
+-	       + IPT_ALIGN(sizeof(struct ipt_tcp));
++	size =   XT_ALIGN(sizeof(struct ipt_entry_match))
++	       + XT_ALIGN(sizeof(struct ipt_tcp));
+ 	match = calloc(1, size);
+ 	match->u.match_size = size;
+ 	strncpy(match->u.user.name, "tcp", IPT_FUNCTION_MAXNAMELEN);
+@@ -462,8 +462,8 @@
+ 	struct ipt_entry_match *match;
+ 	struct ipt_udp * udpinfo;
+ 	size_t size;
+-	size =   IPT_ALIGN(sizeof(struct ipt_entry_match))
+-	       + IPT_ALIGN(sizeof(struct ipt_udp));
++	size =   XT_ALIGN(sizeof(struct ipt_entry_match))
++	       + XT_ALIGN(sizeof(struct ipt_udp));
+ 	match = calloc(1, size);
+ 	match->u.match_size = size;
+ 	strncpy(match->u.user.name, "udp", IPT_FUNCTION_MAXNAMELEN);
+@@ -483,8 +483,8 @@
+ 	struct ip_nat_range * range;
+ 	size_t size;
+ 
+-	size =   IPT_ALIGN(sizeof(struct ipt_entry_target))
+-	       + IPT_ALIGN(sizeof(struct ip_nat_multi_range));
++	size =   XT_ALIGN(sizeof(struct ipt_entry_target))
++	       + XT_ALIGN(sizeof(struct ip_nat_multi_range));
+ 	target = calloc(1, size);
+ 	target->u.target_size = size;
+ 	strncpy(target->u.user.name, "DNAT", IPT_FUNCTION_MAXNAMELEN);
+@@ -614,8 +614,8 @@
+ {
+ 	struct ipt_entry_target * target = NULL;
+ 	size_t size;
+-	size =   IPT_ALIGN(sizeof(struct ipt_entry_target))
+-	       + IPT_ALIGN(sizeof(int));
++	size =   XT_ALIGN(sizeof(struct ipt_entry_target))
++	       + XT_ALIGN(sizeof(int));
+ 	target = calloc(1, size);
+ 	target->u.user.target_size = size;
+ 	strncpy(target->u.user.name, "ACCEPT", IPT_FUNCTION_MAXNAMELEN);
hooks/post-receive
--
IPFire 2.x development tree

    