diff options
author | Felix Fietkau <nbd@openwrt.org> | 2015-04-13 22:23:14 +0000 |
---|---|---|
committer | Felix Fietkau <nbd@openwrt.org> | 2015-04-13 22:23:14 +0000 |
commit | d0ba3bb1e24702e472eee2f3a5b7f9e4646b8ff1 (patch) | |
tree | add3d722fc72f04832f496eac303310600fabe23 /target/linux/generic/patches-3.18/610-netfilter_match_bypass_default_checks.patch | |
parent | 87f854059aa3c703a87e08649801b15c93b845e7 (diff) | |
download | upstream-d0ba3bb1e24702e472eee2f3a5b7f9e4646b8ff1.tar.gz upstream-d0ba3bb1e24702e472eee2f3a5b7f9e4646b8ff1.tar.bz2 upstream-d0ba3bb1e24702e472eee2f3a5b7f9e4646b8ff1.zip |
kernel: finally remove layer7 filter support
it has been non-functional for years and caused numerous memleaks and
crashes for people that tried to enable it.
it has no maintained upstream source, and it does not look like it's
going to be fixed any time soon
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 45423
Diffstat (limited to 'target/linux/generic/patches-3.18/610-netfilter_match_bypass_default_checks.patch')
-rw-r--r-- | target/linux/generic/patches-3.18/610-netfilter_match_bypass_default_checks.patch | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/target/linux/generic/patches-3.18/610-netfilter_match_bypass_default_checks.patch b/target/linux/generic/patches-3.18/610-netfilter_match_bypass_default_checks.patch index 358d64b1a1..f652dafd18 100644 --- a/target/linux/generic/patches-3.18/610-netfilter_match_bypass_default_checks.patch +++ b/target/linux/generic/patches-3.18/610-netfilter_match_bypass_default_checks.patch @@ -76,11 +76,10 @@ counters = alloc_counters(table); if (IS_ERR(counters)) -@@ -965,6 +994,14 @@ copy_entries_to_user(unsigned int total_ - ret = -EFAULT; +@@ -966,6 +995,14 @@ copy_entries_to_user(unsigned int total_ goto free_counters; } -+ + + flags = e->ip.flags & IPT_F_MASK; + if (copy_to_user(userptr + off + + offsetof(struct ipt_entry, ip.flags), @@ -88,6 +87,7 @@ + ret = -EFAULT; + goto free_counters; + } - ++ for (i = sizeof(struct ipt_entry); i < e->target_offset; + i += m->u.match_size) { |