diff options
author | nico <nico@3c298f89-4303-0410-b956-a3cf2f4a3e73> | 2009-05-03 22:16:03 +0000 |
---|---|---|
committer | nico <nico@3c298f89-4303-0410-b956-a3cf2f4a3e73> | 2009-05-03 22:16:03 +0000 |
commit | 9a56640661c38cdfa1ab1eb93b8fcaa7f4f6d40a (patch) | |
tree | 9b9f058000aaf9ce98ffae1bba542ef12e41db18 | |
parent | 5cffa2bddbb29ab023d84d108f7c9cf8b0855221 (diff) |
[kernel] remove netfilter_upstream_fixes patches, not needed anymore after kernel recent updates since they have been, well, fixed upstream :)
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@15576 3c298f89-4303-0410-b956-a3cf2f4a3e73
-rw-r--r-- | target/linux/generic-2.6/patches-2.6.28/120-netfilter_upstream_fixes.patch | 100 | ||||
-rw-r--r-- | target/linux/generic-2.6/patches-2.6.29/120-netfilter_upstream_fixes.patch | 100 |
2 files changed, 0 insertions, 200 deletions
diff --git a/target/linux/generic-2.6/patches-2.6.28/120-netfilter_upstream_fixes.patch b/target/linux/generic-2.6/patches-2.6.28/120-netfilter_upstream_fixes.patch deleted file mode 100644 index 7f2424d9d..000000000 --- a/target/linux/generic-2.6/patches-2.6.28/120-netfilter_upstream_fixes.patch +++ /dev/null @@ -1,100 +0,0 @@ ---- a/net/ipv4/netfilter/arp_tables.c -+++ b/net/ipv4/netfilter/arp_tables.c -@@ -374,7 +374,9 @@ static int mark_source_chains(struct xt_ - && unconditional(&e->arp)) || visited) { - unsigned int oldpos, size; - -- if (t->verdict < -NF_MAX_VERDICT - 1) { -+ if ((strcmp(t->target.u.user.name, -+ ARPT_STANDARD_TARGET) == 0) && -+ t->verdict < -NF_MAX_VERDICT - 1) { - duprintf("mark_source_chains: bad " - "negative verdict (%i)\n", - t->verdict); ---- a/net/ipv4/netfilter/ip_tables.c -+++ b/net/ipv4/netfilter/ip_tables.c -@@ -74,6 +74,25 @@ do { \ - - Hence the start of any table is given by get_table() below. */ - -+static unsigned long ifname_compare(const char *_a, const char *_b, -+ const unsigned char *_mask) -+{ -+ const unsigned long *a = (const unsigned long *)_a; -+ const unsigned long *b = (const unsigned long *)_b; -+ const unsigned long *mask = (const unsigned long *)_mask; -+ unsigned long ret; -+ -+ ret = (a[0] ^ b[0]) & mask[0]; -+ if (IFNAMSIZ > sizeof(unsigned long)) -+ ret |= (a[1] ^ b[1]) & mask[1]; -+ if (IFNAMSIZ > 2 * sizeof(unsigned long)) -+ ret |= (a[2] ^ b[2]) & mask[2]; -+ if (IFNAMSIZ > 3 * sizeof(unsigned long)) -+ ret |= (a[3] ^ b[3]) & mask[3]; -+ BUILD_BUG_ON(IFNAMSIZ > 4 * sizeof(unsigned long)); -+ return ret; -+} -+ - /* Returns whether matches rule or not. */ - /* Performance critical - called for every packet */ - static inline bool -@@ -83,7 +102,6 @@ ip_packet_match(const struct iphdr *ip, - const struct ipt_ip *ipinfo, - int isfrag) - { -- size_t i; - unsigned long ret; - - #define FWINV(bool, invflg) ((bool) ^ !!(ipinfo->invflags & (invflg))) -@@ -110,12 +128,7 @@ ip_packet_match(const struct iphdr *ip, - return false; - } - -- /* Look for ifname matches; this should unroll nicely. */ -- for (i = 0, ret = 0; i < IFNAMSIZ/sizeof(unsigned long); i++) { -- ret |= (((const unsigned long *)indev)[i] -- ^ ((const unsigned long *)ipinfo->iniface)[i]) -- & ((const unsigned long *)ipinfo->iniface_mask)[i]; -- } -+ ret = ifname_compare(indev, ipinfo->iniface, ipinfo->iniface_mask); - - if (FWINV(ret != 0, IPT_INV_VIA_IN)) { - dprintf("VIA in mismatch (%s vs %s).%s\n", -@@ -124,11 +137,7 @@ ip_packet_match(const struct iphdr *ip, - return false; - } - -- for (i = 0, ret = 0; i < IFNAMSIZ/sizeof(unsigned long); i++) { -- ret |= (((const unsigned long *)outdev)[i] -- ^ ((const unsigned long *)ipinfo->outiface)[i]) -- & ((const unsigned long *)ipinfo->outiface_mask)[i]; -- } -+ ret = ifname_compare(outdev, ipinfo->outiface, ipinfo->outiface_mask); - - if (FWINV(ret != 0, IPT_INV_VIA_OUT)) { - dprintf("VIA out mismatch (%s vs %s).%s\n", -@@ -523,7 +532,9 @@ mark_source_chains(struct xt_table_info - && unconditional(&e->ip)) || visited) { - unsigned int oldpos, size; - -- if (t->verdict < -NF_MAX_VERDICT - 1) { -+ if ((strcmp(t->target.u.user.name, -+ IPT_STANDARD_TARGET) == 0) && -+ t->verdict < -NF_MAX_VERDICT - 1) { - duprintf("mark_source_chains: bad " - "negative verdict (%i)\n", - t->verdict); ---- a/net/ipv6/netfilter/ip6_tables.c -+++ b/net/ipv6/netfilter/ip6_tables.c -@@ -525,7 +525,9 @@ mark_source_chains(struct xt_table_info - && unconditional(&e->ipv6)) || visited) { - unsigned int oldpos, size; - -- if (t->verdict < -NF_MAX_VERDICT - 1) { -+ if ((strcmp(t->target.u.user.name, -+ IP6T_STANDARD_TARGET) == 0) && -+ t->verdict < -NF_MAX_VERDICT - 1) { - duprintf("mark_source_chains: bad " - "negative verdict (%i)\n", - t->verdict); diff --git a/target/linux/generic-2.6/patches-2.6.29/120-netfilter_upstream_fixes.patch b/target/linux/generic-2.6/patches-2.6.29/120-netfilter_upstream_fixes.patch deleted file mode 100644 index 03df291ce..000000000 --- a/target/linux/generic-2.6/patches-2.6.29/120-netfilter_upstream_fixes.patch +++ /dev/null @@ -1,100 +0,0 @@ ---- a/net/ipv4/netfilter/arp_tables.c -+++ b/net/ipv4/netfilter/arp_tables.c -@@ -374,7 +374,9 @@ static int mark_source_chains(struct xt_ - && unconditional(&e->arp)) || visited) { - unsigned int oldpos, size; - -- if (t->verdict < -NF_MAX_VERDICT - 1) { -+ if ((strcmp(t->target.u.user.name, -+ ARPT_STANDARD_TARGET) == 0) && -+ t->verdict < -NF_MAX_VERDICT - 1) { - duprintf("mark_source_chains: bad " - "negative verdict (%i)\n", - t->verdict); ---- a/net/ipv4/netfilter/ip_tables.c -+++ b/net/ipv4/netfilter/ip_tables.c -@@ -74,6 +74,25 @@ do { \ - - Hence the start of any table is given by get_table() below. */ - -+static unsigned long ifname_compare(const char *_a, const char *_b, -+ const unsigned char *_mask) -+{ -+ const unsigned long *a = (const unsigned long *)_a; -+ const unsigned long *b = (const unsigned long *)_b; -+ const unsigned long *mask = (const unsigned long *)_mask; -+ unsigned long ret; -+ -+ ret = (a[0] ^ b[0]) & mask[0]; -+ if (IFNAMSIZ > sizeof(unsigned long)) -+ ret |= (a[1] ^ b[1]) & mask[1]; -+ if (IFNAMSIZ > 2 * sizeof(unsigned long)) -+ ret |= (a[2] ^ b[2]) & mask[2]; -+ if (IFNAMSIZ > 3 * sizeof(unsigned long)) -+ ret |= (a[3] ^ b[3]) & mask[3]; -+ BUILD_BUG_ON(IFNAMSIZ > 4 * sizeof(unsigned long)); -+ return ret; -+} -+ - /* Returns whether matches rule or not. */ - /* Performance critical - called for every packet */ - static inline bool -@@ -83,7 +102,6 @@ ip_packet_match(const struct iphdr *ip, - const struct ipt_ip *ipinfo, - int isfrag) - { -- size_t i; - unsigned long ret; - - #define FWINV(bool, invflg) ((bool) ^ !!(ipinfo->invflags & (invflg))) -@@ -106,12 +124,7 @@ ip_packet_match(const struct iphdr *ip, - return false; - } - -- /* Look for ifname matches; this should unroll nicely. */ -- for (i = 0, ret = 0; i < IFNAMSIZ/sizeof(unsigned long); i++) { -- ret |= (((const unsigned long *)indev)[i] -- ^ ((const unsigned long *)ipinfo->iniface)[i]) -- & ((const unsigned long *)ipinfo->iniface_mask)[i]; -- } -+ ret = ifname_compare(indev, ipinfo->iniface, ipinfo->iniface_mask); - - if (FWINV(ret != 0, IPT_INV_VIA_IN)) { - dprintf("VIA in mismatch (%s vs %s).%s\n", -@@ -120,11 +133,7 @@ ip_packet_match(const struct iphdr *ip, - return false; - } - -- for (i = 0, ret = 0; i < IFNAMSIZ/sizeof(unsigned long); i++) { -- ret |= (((const unsigned long *)outdev)[i] -- ^ ((const unsigned long *)ipinfo->outiface)[i]) -- & ((const unsigned long *)ipinfo->outiface_mask)[i]; -- } -+ ret = ifname_compare(outdev, ipinfo->outiface, ipinfo->outiface_mask); - - if (FWINV(ret != 0, IPT_INV_VIA_OUT)) { - dprintf("VIA out mismatch (%s vs %s).%s\n", -@@ -519,7 +528,9 @@ mark_source_chains(struct xt_table_info - && unconditional(&e->ip)) || visited) { - unsigned int oldpos, size; - -- if (t->verdict < -NF_MAX_VERDICT - 1) { -+ if ((strcmp(t->target.u.user.name, -+ IPT_STANDARD_TARGET) == 0) && -+ t->verdict < -NF_MAX_VERDICT - 1) { - duprintf("mark_source_chains: bad " - "negative verdict (%i)\n", - t->verdict); ---- a/net/ipv6/netfilter/ip6_tables.c -+++ b/net/ipv6/netfilter/ip6_tables.c -@@ -525,7 +525,9 @@ mark_source_chains(struct xt_table_info - && unconditional(&e->ipv6)) || visited) { - unsigned int oldpos, size; - -- if (t->verdict < -NF_MAX_VERDICT - 1) { -+ if ((strcmp(t->target.u.user.name, -+ IP6T_STANDARD_TARGET) == 0) && -+ t->verdict < -NF_MAX_VERDICT - 1) { - duprintf("mark_source_chains: bad " - "negative verdict (%i)\n", - t->verdict); |