From ac96ae67316265e65a5cd6bddeffafb29cc2fe68 Mon Sep 17 00:00:00 2001 From: Felix Fietkau Date: Sat, 6 Aug 2011 12:39:31 +0000 Subject: kernel: add missing checks in the netfilter optimization patch which broke some rules containing only source/destination address checks SVN-Revision: 27923 --- .../patches-3.0/611-netfilter_match_bypass_default_table.patch | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'target/linux/generic/patches-3.0/611-netfilter_match_bypass_default_table.patch') diff --git a/target/linux/generic/patches-3.0/611-netfilter_match_bypass_default_table.patch b/target/linux/generic/patches-3.0/611-netfilter_match_bypass_default_table.patch index 113f140123..3cf0e5a32d 100644 --- a/target/linux/generic/patches-3.0/611-netfilter_match_bypass_default_table.patch +++ b/target/linux/generic/patches-3.0/611-netfilter_match_bypass_default_table.patch @@ -1,6 +1,6 @@ --- a/net/ipv4/netfilter/ip_tables.c +++ b/net/ipv4/netfilter/ip_tables.c -@@ -307,6 +307,33 @@ struct ipt_entry *ipt_next_entry(const s +@@ -310,6 +310,33 @@ struct ipt_entry *ipt_next_entry(const s return (void *)entry + entry->next_offset; } @@ -34,7 +34,7 @@ /* Returns one of the generic firewall policies, like NF_ACCEPT. */ unsigned int ipt_do_table(struct sk_buff *skb, -@@ -331,6 +358,25 @@ ipt_do_table(struct sk_buff *skb, +@@ -334,6 +361,25 @@ ipt_do_table(struct sk_buff *skb, ip = ip_hdr(skb); indev = in ? in->name : nulldevname; outdev = out ? out->name : nulldevname; @@ -60,7 +60,7 @@ /* We handle fragments by dealing with the first fragment as * if it was a normal packet. All other fragments are treated * normally, except that they will NEVER match rules that ask -@@ -345,18 +391,6 @@ ipt_do_table(struct sk_buff *skb, +@@ -348,18 +394,6 @@ ipt_do_table(struct sk_buff *skb, acpar.family = NFPROTO_IPV4; acpar.hooknum = hook; -- cgit v1.2.3