aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorFelix Fietkau <nbd@openwrt.org>2010-03-28 19:05:59 +0000
committerFelix Fietkau <nbd@openwrt.org>2010-03-28 19:05:59 +0000
commit489fb5eceb1e9c522c259a08e1e15f54a866212f (patch)
treee32a90b95edd227a4ab9647fa233b83faebb55b8
parent3ac4dbb0b86ecd005c067151e5b9705dd82974d6 (diff)
downloadupstream-489fb5eceb1e9c522c259a08e1e15f54a866212f.tar.gz
upstream-489fb5eceb1e9c522c259a08e1e15f54a866212f.tar.bz2
upstream-489fb5eceb1e9c522c259a08e1e15f54a866212f.zip
netfilter: fix ABI breakage caused by the netfilter match optimization (fixes #5628)
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@20552 3c298f89-4303-0410-b956-a3cf2f4a3e73
-rw-r--r--target/linux/generic-2.6/patches-2.6.30/110-netfilter_match_speedup.patch23
-rw-r--r--target/linux/generic-2.6/patches-2.6.31/110-netfilter_match_speedup.patch23
-rw-r--r--target/linux/generic-2.6/patches-2.6.32/110-netfilter_match_speedup.patch23
-rw-r--r--target/linux/generic-2.6/patches-2.6.33/110-netfilter_match_speedup.patch23
-rw-r--r--target/linux/generic-2.6/patches-2.6.34/110-netfilter_match_speedup.patch23
5 files changed, 115 insertions, 0 deletions
diff --git a/target/linux/generic-2.6/patches-2.6.30/110-netfilter_match_speedup.patch b/target/linux/generic-2.6/patches-2.6.30/110-netfilter_match_speedup.patch
index 950a432959..926966ced0 100644
--- a/target/linux/generic-2.6/patches-2.6.30/110-netfilter_match_speedup.patch
+++ b/target/linux/generic-2.6/patches-2.6.30/110-netfilter_match_speedup.patch
@@ -119,3 +119,26 @@
/* For return from builtin chain */
back = get_entry(table_base, private->underflow[hook]);
+@@ -976,6 +1015,7 @@ copy_entries_to_user(unsigned int total_
+ unsigned int i;
+ const struct ipt_entry_match *m;
+ const struct ipt_entry_target *t;
++ u8 flags;
+
+ e = (struct ipt_entry *)(loc_cpu_entry + off);
+ if (copy_to_user(userptr + off
+@@ -986,6 +1026,14 @@ copy_entries_to_user(unsigned int total_
+ goto free_counters;
+ }
+
++ flags = e->ip.flags & ~IPT_F_NO_DEF_MATCH;
++ if (copy_to_user(userptr + off
++ + offsetof(struct ipt_entry, ip.flags),
++ &flags, sizeof(flags)) != 0) {
++ ret = -EFAULT;
++ goto free_counters;
++ }
++
+ for (i = sizeof(struct ipt_entry);
+ i < e->target_offset;
+ i += m->u.match_size) {
diff --git a/target/linux/generic-2.6/patches-2.6.31/110-netfilter_match_speedup.patch b/target/linux/generic-2.6/patches-2.6.31/110-netfilter_match_speedup.patch
index 3dd114522a..d6c113aa3e 100644
--- a/target/linux/generic-2.6/patches-2.6.31/110-netfilter_match_speedup.patch
+++ b/target/linux/generic-2.6/patches-2.6.31/110-netfilter_match_speedup.patch
@@ -119,3 +119,26 @@
/* For return from builtin chain */
back = get_entry(table_base, private->underflow[hook]);
+@@ -978,6 +1017,7 @@ copy_entries_to_user(unsigned int total_
+ unsigned int i;
+ const struct ipt_entry_match *m;
+ const struct ipt_entry_target *t;
++ u8 flags;
+
+ e = (struct ipt_entry *)(loc_cpu_entry + off);
+ if (copy_to_user(userptr + off
+@@ -988,6 +1028,14 @@ copy_entries_to_user(unsigned int total_
+ goto free_counters;
+ }
+
++ flags = e->ip.flags & ~IPT_F_NO_DEF_MATCH;
++ if (copy_to_user(userptr + off
++ + offsetof(struct ipt_entry, ip.flags),
++ &flags, sizeof(flags)) != 0) {
++ ret = -EFAULT;
++ goto free_counters;
++ }
++
+ for (i = sizeof(struct ipt_entry);
+ i < e->target_offset;
+ i += m->u.match_size) {
diff --git a/target/linux/generic-2.6/patches-2.6.32/110-netfilter_match_speedup.patch b/target/linux/generic-2.6/patches-2.6.32/110-netfilter_match_speedup.patch
index 2f4c7a2922..a9eb1089f5 100644
--- a/target/linux/generic-2.6/patches-2.6.32/110-netfilter_match_speedup.patch
+++ b/target/linux/generic-2.6/patches-2.6.32/110-netfilter_match_speedup.patch
@@ -119,3 +119,26 @@
/* For return from builtin chain */
back = get_entry(table_base, private->underflow[hook]);
+@@ -992,6 +1031,7 @@ copy_entries_to_user(unsigned int total_
+ unsigned int i;
+ const struct ipt_entry_match *m;
+ const struct ipt_entry_target *t;
++ u8 flags;
+
+ e = (struct ipt_entry *)(loc_cpu_entry + off);
+ if (copy_to_user(userptr + off
+@@ -1002,6 +1042,14 @@ copy_entries_to_user(unsigned int total_
+ goto free_counters;
+ }
+
++ flags = e->ip.flags & ~IPT_F_NO_DEF_MATCH;
++ if (copy_to_user(userptr + off
++ + offsetof(struct ipt_entry, ip.flags),
++ &flags, sizeof(flags)) != 0) {
++ ret = -EFAULT;
++ goto free_counters;
++ }
++
+ for (i = sizeof(struct ipt_entry);
+ i < e->target_offset;
+ i += m->u.match_size) {
diff --git a/target/linux/generic-2.6/patches-2.6.33/110-netfilter_match_speedup.patch b/target/linux/generic-2.6/patches-2.6.33/110-netfilter_match_speedup.patch
index 69344a91fa..e99c6db4d1 100644
--- a/target/linux/generic-2.6/patches-2.6.33/110-netfilter_match_speedup.patch
+++ b/target/linux/generic-2.6/patches-2.6.33/110-netfilter_match_speedup.patch
@@ -119,3 +119,26 @@
/* For return from builtin chain */
back = get_entry(table_base, private->underflow[hook]);
+@@ -992,6 +1031,7 @@ copy_entries_to_user(unsigned int total_
+ unsigned int i;
+ const struct ipt_entry_match *m;
+ const struct ipt_entry_target *t;
++ u8 flags;
+
+ e = (struct ipt_entry *)(loc_cpu_entry + off);
+ if (copy_to_user(userptr + off
+@@ -1002,6 +1042,14 @@ copy_entries_to_user(unsigned int total_
+ goto free_counters;
+ }
+
++ flags = e->ip.flags & ~IPT_F_NO_DEF_MATCH;
++ if (copy_to_user(userptr + off
++ + offsetof(struct ipt_entry, ip.flags),
++ &flags, sizeof(flags)) != 0) {
++ ret = -EFAULT;
++ goto free_counters;
++ }
++
+ for (i = sizeof(struct ipt_entry);
+ i < e->target_offset;
+ i += m->u.match_size) {
diff --git a/target/linux/generic-2.6/patches-2.6.34/110-netfilter_match_speedup.patch b/target/linux/generic-2.6/patches-2.6.34/110-netfilter_match_speedup.patch
index 69344a91fa..e99c6db4d1 100644
--- a/target/linux/generic-2.6/patches-2.6.34/110-netfilter_match_speedup.patch
+++ b/target/linux/generic-2.6/patches-2.6.34/110-netfilter_match_speedup.patch
@@ -119,3 +119,26 @@
/* For return from builtin chain */
back = get_entry(table_base, private->underflow[hook]);
+@@ -992,6 +1031,7 @@ copy_entries_to_user(unsigned int total_
+ unsigned int i;
+ const struct ipt_entry_match *m;
+ const struct ipt_entry_target *t;
++ u8 flags;
+
+ e = (struct ipt_entry *)(loc_cpu_entry + off);
+ if (copy_to_user(userptr + off
+@@ -1002,6 +1042,14 @@ copy_entries_to_user(unsigned int total_
+ goto free_counters;
+ }
+
++ flags = e->ip.flags & ~IPT_F_NO_DEF_MATCH;
++ if (copy_to_user(userptr + off
++ + offsetof(struct ipt_entry, ip.flags),
++ &flags, sizeof(flags)) != 0) {
++ ret = -EFAULT;
++ goto free_counters;
++ }
++
+ for (i = sizeof(struct ipt_entry);
+ i < e->target_offset;
+ i += m->u.match_size) {