diff options
author | Nicolas Thill <nico@openwrt.org> | 2009-05-03 16:34:02 +0000 |
---|---|---|
committer | Nicolas Thill <nico@openwrt.org> | 2009-05-03 16:34:02 +0000 |
commit | e30ebf29ca8970990c0b574f72774ea1ad183de4 (patch) | |
tree | 0328549038415a849de206427b77fa906089bb74 /target/linux/generic-2.6/patches-2.6.30 | |
parent | 1b890c945c3276ca6cad230fe7349a9a4b5f0c23 (diff) | |
download | upstream-e30ebf29ca8970990c0b574f72774ea1ad183de4.tar.gz upstream-e30ebf29ca8970990c0b574f72774ea1ad183de4.tar.bz2 upstream-e30ebf29ca8970990c0b574f72774ea1ad183de4.zip |
netfilter: add a check for ip proto in netfilter_match_speedup patches (closes: #5041)
SVN-Revision: 15574
Diffstat (limited to 'target/linux/generic-2.6/patches-2.6.30')
-rw-r--r-- | target/linux/generic-2.6/patches-2.6.30/110-netfilter_match_speedup.patch | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/target/linux/generic-2.6/patches-2.6.30/110-netfilter_match_speedup.patch b/target/linux/generic-2.6/patches-2.6.30/110-netfilter_match_speedup.patch index 22f0a4341c..be15d349cf 100644 --- a/target/linux/generic-2.6/patches-2.6.30/110-netfilter_match_speedup.patch +++ b/target/linux/generic-2.6/patches-2.6.30/110-netfilter_match_speedup.patch @@ -20,7 +20,7 @@ if (FWINV((ip->saddr&ipinfo->smsk.s_addr) != ipinfo->src.s_addr, IPT_INV_SRCIP) || FWINV((ip->daddr&ipinfo->dmsk.s_addr) != ipinfo->dst.s_addr, -@@ -137,13 +140,32 @@ ip_packet_match(const struct iphdr *ip, +@@ -137,13 +140,35 @@ ip_packet_match(const struct iphdr *ip, return false; } @@ -45,6 +45,9 @@ + IPT_INV_VIA_OUT)) + goto has_match_rules; + ++ if (FWINV(ip->proto, IPT_INV_PROTO)) ++ goto has_match_rules; ++ + if (FWINV(ip->flags&IPT_F_FRAG, IPT_INV_FRAG)) + goto has_match_rules; + @@ -55,7 +58,7 @@ duprintf("Unknown flag bits set: %08X\n", ip->flags & ~IPT_F_MASK); return false; -@@ -153,6 +175,8 @@ ip_checkentry(const struct ipt_ip *ip) +@@ -153,6 +178,8 @@ ip_checkentry(const struct ipt_ip *ip) ip->invflags & ~IPT_INV_MASK); return false; } @@ -64,7 +67,7 @@ return true; } -@@ -200,7 +224,6 @@ unconditional(const struct ipt_ip *ip) +@@ -200,7 +227,6 @@ unconditional(const struct ipt_ip *ip) return 0; return 1; |