diff options
author | Felix Fietkau <nbd@openwrt.org> | 2011-08-06 12:39:31 +0000 |
---|---|---|
committer | Felix Fietkau <nbd@openwrt.org> | 2011-08-06 12:39:31 +0000 |
commit | ac96ae67316265e65a5cd6bddeffafb29cc2fe68 (patch) | |
tree | 0cd8b3bea10ebaa958c36e6e21671a2673bea04c /target/linux/generic/patches-3.0/611-netfilter_match_bypass_default_table.patch | |
parent | a1d5ad765556b2b18205940fc9f2e237d622e98a (diff) | |
download | master-31e0f0ae-ac96ae67316265e65a5cd6bddeffafb29cc2fe68.tar.gz master-31e0f0ae-ac96ae67316265e65a5cd6bddeffafb29cc2fe68.tar.bz2 master-31e0f0ae-ac96ae67316265e65a5cd6bddeffafb29cc2fe68.zip |
kernel: add missing checks in the netfilter optimization patch which broke some rules containing only source/destination address checks
SVN-Revision: 27923
Diffstat (limited to 'target/linux/generic/patches-3.0/611-netfilter_match_bypass_default_table.patch')
-rw-r--r-- | target/linux/generic/patches-3.0/611-netfilter_match_bypass_default_table.patch | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/target/linux/generic/patches-3.0/611-netfilter_match_bypass_default_table.patch b/target/linux/generic/patches-3.0/611-netfilter_match_bypass_default_table.patch index 113f140123..3cf0e5a32d 100644 --- a/target/linux/generic/patches-3.0/611-netfilter_match_bypass_default_table.patch +++ b/target/linux/generic/patches-3.0/611-netfilter_match_bypass_default_table.patch @@ -1,6 +1,6 @@ --- a/net/ipv4/netfilter/ip_tables.c +++ b/net/ipv4/netfilter/ip_tables.c -@@ -307,6 +307,33 @@ struct ipt_entry *ipt_next_entry(const s +@@ -310,6 +310,33 @@ struct ipt_entry *ipt_next_entry(const s return (void *)entry + entry->next_offset; } @@ -34,7 +34,7 @@ /* Returns one of the generic firewall policies, like NF_ACCEPT. */ unsigned int ipt_do_table(struct sk_buff *skb, -@@ -331,6 +358,25 @@ ipt_do_table(struct sk_buff *skb, +@@ -334,6 +361,25 @@ ipt_do_table(struct sk_buff *skb, ip = ip_hdr(skb); indev = in ? in->name : nulldevname; outdev = out ? out->name : nulldevname; @@ -60,7 +60,7 @@ /* We handle fragments by dealing with the first fragment as * if it was a normal packet. All other fragments are treated * normally, except that they will NEVER match rules that ask -@@ -345,18 +391,6 @@ ipt_do_table(struct sk_buff *skb, +@@ -348,18 +394,6 @@ ipt_do_table(struct sk_buff *skb, acpar.family = NFPROTO_IPV4; acpar.hooknum = hook; |