diff -Nru linux-2.4.0-test4-plain/Documentation/Configure.help linux-2.4.0-test4-work/Documentation/Configure.help
--- linux-2.4.0-test4-plain/Documentation/Configure.help	Thu Jul 13 18:42:51 2000
+++ linux-2.4.0-test4-work/Documentation/Configure.help	Sun Jul 30 21:56:01 2000
@@ -2010,6 +2010,16 @@
   If you want to compile it as a module, say M here and read
   Documentation/modules.txt.  If unsure, say `N'.
 
+ULOG target support
+CONFIG_IP_NF_TARGET_ULOG
+  This option adds a `ULOG' target, which allows you to create rules in
+  any iptables table. The packet is passed to one or more userspace logging
+  daemon using netlink multicast sockets. Logging is no longer forced to
+  be in syslog, but can be done by any userspace process.
+
+  If you want to compile it as a module, say M here and read
+  Documentation/modules.txt.  If unsure, say `N'.
+
 ipchains (2.2-style) support
 CONFIG_IP_NF_COMPAT_IPCHAINS
   This option places ipchains (with masquerading and redirection
diff -Nru linux-2.4.0-test4-plain/include/linux/netfilter_ipv4/ipt_ULOG.h linux-2.4.0-test4-work/include/linux/netfilter_ipv4/ipt_ULOG.h
--- linux-2.4.0-test4-plain/include/linux/netfilter_ipv4/ipt_ULOG.h	Thu Jan  1 01:00:00 1970
+++ linux-2.4.0-test4-work/include/linux/netfilter_ipv4/ipt_ULOG.h	Sun Jul 30 22:11:07 2000
@@ -0,0 +1,36 @@
+#ifndef _IPT_ULOG_H
+#define _IPT_ULOG_H
+
+#ifdef __KERNEL__
+#include <linux/netdevice.h>
+#endif
+
+#define ULOG_MAC_LEN	80
+
+
+/* just until this is in netfilter.h */
+#ifndef NETLINK_NFLOG
+#define NETLINK_NFLOG 25
+#endif
+
+struct ipt_ulog_info {
+	unsigned char logflags;
+	unsigned int nl_group;
+	char prefix[30];
+};
+
+typedef struct ulog_packet_msg {
+        unsigned long mark;
+        long timestamp_sec;
+        long timestamp_usec;
+        unsigned int hook;
+        char indev_name[IFNAMSIZ];
+        char outdev_name[IFNAMSIZ];
+        size_t data_len;
+	char prefix[30];
+	unsigned char mac_len;
+	unsigned char mac[ULOG_MAC_LEN];
+        unsigned char payload[0];
+} ulog_packet_msg_t;
+
+#endif /*_IPT_ULOG_H*/
diff -Nru linux-2.4.0-test4-plain/net/ipv4/netfilter/Config.in linux-2.4.0-test4-work/net/ipv4/netfilter/Config.in
--- linux-2.4.0-test4-plain/net/ipv4/netfilter/Config.in	Mon Mar 27 20:35:56 2000
+++ linux-2.4.0-test4-work/net/ipv4/netfilter/Config.in	Sun Jul 30 21:47:35 2000
@@ -51,6 +51,7 @@
     dep_tristate '    MARK target support' CONFIG_IP_NF_TARGET_MARK $CONFIG_IP_NF_MANGLE
   fi
   dep_tristate '  LOG target support' CONFIG_IP_NF_TARGET_LOG $CONFIG_IP_NF_IPTABLES
+  dep_tristate '  ULOG target support' CONFIG_IP_NF_TARGET_ULOG $CONFIG_IP_NF_IPTABLES
 fi
 
 # Backwards compatibility modules: only if you don't build in the others.
diff -Nru linux-2.4.0-test4-plain/net/ipv4/netfilter/Makefile linux-2.4.0-test4-work/net/ipv4/netfilter/Makefile
--- linux-2.4.0-test4-plain/net/ipv4/netfilter/Makefile	Mon Mar 27 20:35:56 2000
+++ linux-2.4.0-test4-work/net/ipv4/netfilter/Makefile	Sun Jul 30 22:02:16 2000
@@ -197,6 +197,14 @@
   endif
 endif
 
+ifeq ($(CONFIG_IP_NF_TARGET_ULOG),y)
+O_OBJS += ipt_ULOG.o
+else
+  ifeq ($(CONFIG_IP_NF_TARGET_ULOG),m)
+  M_OBJS += ipt_ULOG.o
+  endif
+endif
+
 ifeq ($(CONFIG_IP_NF_COMPAT_IPCHAINS),y)
 O_OBJS += ipchains_core.o $(IP_NF_COMPAT_LAYER)
 else
diff -Nru linux-2.4.0-test4-plain/net/ipv4/netfilter/ipt_ULOG.c linux-2.4.0-test4-work/net/ipv4/netfilter/ipt_ULOG.c
--- linux-2.4.0-test4-plain/net/ipv4/netfilter/ipt_ULOG.c	Thu Jan  1 01:00:00 1970
+++ linux-2.4.0-test4-work/net/ipv4/netfilter/ipt_ULOG.c	Sun Jul 30 21:45:44 2000
@@ -0,0 +1,136 @@
+/* 
+ * netfilter module for userspace packet logging daemons
+ *
+ * (C) 2000 by Harald Welte <laforge@sunbeam.franken.de>
+ * 
+ * Released under the terms of the GPL
+ */
+
+#include <linux/module.h>
+#include <linux/version.h>
+#include <linux/config.h>
+#include <linux/socket.h>
+#include <linux/skbuff.h>
+#include <linux/kernel.h>
+#include <linux/netlink.h>
+#include <linux/netdevice.h>
+#include <linux/mm.h>
+#include <linux/netfilter_ipv4/ip_tables.h>
+#include <linux/netfilter_ipv4/ipt_ULOG.h>
+
+#define NETLINK_NFLOG 	25
+#define ULOG_NL_EVENT	111
+
+#if 1
+#define DEBUGP	printk
+#else
+#define DEBUGP(format, args ...)
+#endif
+
+struct sock *nflognl;
+
+static void nflog_rcv(struct sock *sk, int len)
+{
+	printk("nflog_rcv: did receive netlink message ?!?\n");
+}
+
+static unsigned int ipt_ulog_target(
+	struct sk_buff **pskb,
+	unsigned int hooknum,
+	const struct net_device *in,
+	const struct net_device *out,
+	const void *targinfo,
+	void *userinfo)
+{
+	ulog_packet_msg_t *pm;
+	size_t size;
+	struct sk_buff *nlskb;
+	unsigned char *old_tail;
+	struct nlmsghdr *nlh;
+	struct ipt_ulog_info *loginfo = (struct ipt_ulog_info *)targinfo;
+
+	/* calculate the size of the skb needed */
+
+	size = NLMSG_SPACE(sizeof(*pm) + (*pskb)->len);
+	nlskb = alloc_skb(size, GFP_ATOMIC);
+	if (!nlskb)
+		goto nlmsg_failure;
+	
+	old_tail = nlskb->tail;
+	nlh = NLMSG_PUT(nlskb, 0, 0, ULOG_NL_EVENT, size - sizeof(*nlh));
+	pm = NLMSG_DATA(nlh);
+	
+	/* copy hook, prefix, timestamp, payload, etc. */
+
+	pm->data_len = (*pskb)->len;
+	pm->timestamp_sec = (*pskb)->stamp.tv_sec;
+	pm->timestamp_usec = (*pskb)->stamp.tv_usec;
+	pm->mark = (*pskb)->nfmark;
+	pm->hook = hooknum;
+	if (loginfo->prefix)
+		strcpy(pm->prefix, loginfo->prefix);
+
+	if (in && !out)
+	{
+		if ((*pskb)->dev && (*pskb)->dev->hard_header_len > 0 
+			&& (*pskb)->dev->hard_header_len <= ULOG_MAC_LEN)
+		{
+			memcpy(pm->mac, (*pskb)->mac.raw, (*pskb)->dev->hard_header_len);
+			pm->mac_len = (*pskb)->dev->hard_header_len;
+		}
+
+	}
+/*
+	if (in) strcpy(pm->indev_name, in->name);
+	else pm->indev_name[0] = '\0';
+*/
+	if ((*pskb)->len)
+		memcpy(pm->payload, (*pskb)->data, (*pskb)->len);
+	nlh->nlmsg_len = nlskb->tail - old_tail;
+	NETLINK_CB(nlskb).dst_groups = loginfo->nl_group;
+	DEBUGP("ipt_ULOG: going to throw out a packet to netlink groupmask %u\n", loginfo->nl_group);
+	netlink_broadcast(nflognl, nlskb, 0, loginfo->nl_group, GFP_ATOMIC);
+
+	return IPT_CONTINUE;
+
+nlmsg_failure:
+	if (nlskb)
+		kfree(nlskb);	
+	printk("ipt_ULOG: Error building netlink message\n");
+	return IPT_CONTINUE;
+
+}
+
+static int ipt_ulog_checkentry(
+	const char *tablename,
+	const struct ipt_entry *e,
+	void *targinfo,
+	unsigned int targinfosize,
+	unsigned int hookmask)
+{
+	return 1;
+}
+	
+
+static struct ipt_target ipt_ulog_reg =
+  { { NULL, NULL }, "ULOG", ipt_ulog_target, ipt_ulog_checkentry, NULL,
+	THIS_MODULE };
+
+static int __init init(void)
+{
+	DEBUGP("ipt_ULOG: init module\n");
+	nflognl = netlink_kernel_create(NETLINK_NFLOG, nflog_rcv);
+	if (ipt_register_target(&ipt_ulog_reg))
+		return -EINVAL;
+
+	return 0;
+}
+
+static void __exit fini(void)
+{       
+	DEBUGP("ipt_ULOG: cleanup_module\n");
+	ipt_unregister_target(&ipt_ulog_reg);
+}
+
+module_init(init);
+module_exit(fini);