diff options
author | nbd <nbd@3c298f89-4303-0410-b956-a3cf2f4a3e73> | 2011-08-06 12:39:31 +0000 |
---|---|---|
committer | nbd <nbd@3c298f89-4303-0410-b956-a3cf2f4a3e73> | 2011-08-06 12:39:31 +0000 |
commit | 8b822f607126efb80d7420380280a27d8a7f3444 (patch) | |
tree | 7c63f722b1fcb6f396384be5599dd67bfe7febfd /target/linux/generic/patches-2.6.39/611-netfilter_match_bypass_default_table.patch | |
parent | e7f46930ad438bcaab518fe2ed28e2ea2497885d (diff) |
kernel: add missing checks in the netfilter optimization patch which broke some rules containing only source/destination address checks
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@27923 3c298f89-4303-0410-b956-a3cf2f4a3e73
Diffstat (limited to 'target/linux/generic/patches-2.6.39/611-netfilter_match_bypass_default_table.patch')
-rw-r--r-- | target/linux/generic/patches-2.6.39/611-netfilter_match_bypass_default_table.patch | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/target/linux/generic/patches-2.6.39/611-netfilter_match_bypass_default_table.patch b/target/linux/generic/patches-2.6.39/611-netfilter_match_bypass_default_table.patch index f2004a6b1..0ea58c95d 100644 --- a/target/linux/generic/patches-2.6.39/611-netfilter_match_bypass_default_table.patch +++ b/target/linux/generic/patches-2.6.39/611-netfilter_match_bypass_default_table.patch @@ -1,6 +1,6 @@ --- a/net/ipv4/netfilter/ip_tables.c +++ b/net/ipv4/netfilter/ip_tables.c -@@ -316,6 +316,33 @@ struct ipt_entry *ipt_next_entry(const s +@@ -319,6 +319,33 @@ struct ipt_entry *ipt_next_entry(const s return (void *)entry + entry->next_offset; } @@ -34,7 +34,7 @@ /* Returns one of the generic firewall policies, like NF_ACCEPT. */ unsigned int ipt_do_table(struct sk_buff *skb, -@@ -339,6 +366,23 @@ ipt_do_table(struct sk_buff *skb, +@@ -342,6 +369,23 @@ ipt_do_table(struct sk_buff *skb, ip = ip_hdr(skb); indev = in ? in->name : nulldevname; outdev = out ? out->name : nulldevname; @@ -58,7 +58,7 @@ /* We handle fragments by dealing with the first fragment as * if it was a normal packet. All other fragments are treated * normally, except that they will NEVER match rules that ask -@@ -353,17 +397,6 @@ ipt_do_table(struct sk_buff *skb, +@@ -356,17 +400,6 @@ ipt_do_table(struct sk_buff *skb, acpar.family = NFPROTO_IPV4; acpar.hooknum = hook; |