5 files changed, 115 insertions, 0 deletions

diff --git a/target/linux/generic-2.6/patches-2.6.30/110-netfilter_match_speedup.patch b/target/linux/generic-2.6/patches-2.6.30/110-netfilter_match_speedup.patch
index 950a43295..926966ced 100644
--- a/target/linux/generic-2.6/patches-2.6.30/110-netfilter_match_speedup.patch
+++ b/target/linux/generic-2.6/patches-2.6.30/110-netfilter_match_speedup.patch
@@ -119,3 +119,26 @@
  	/* For return from builtin chain */
  	back = get_entry(table_base, private->underflow[hook]);
  
+@@ -976,6 +1015,7 @@ copy_entries_to_user(unsigned int total_
+ 		unsigned int i;
+ 		const struct ipt_entry_match *m;
+ 		const struct ipt_entry_target *t;
++		u8 flags;
+ 
+ 		e = (struct ipt_entry *)(loc_cpu_entry + off);
+ 		if (copy_to_user(userptr + off
+@@ -986,6 +1026,14 @@ copy_entries_to_user(unsigned int total_
+ 			goto free_counters;
+ 		}
+ 
++		flags = e->ip.flags & ~IPT_F_NO_DEF_MATCH;
++		if (copy_to_user(userptr + off
++				 + offsetof(struct ipt_entry, ip.flags),
++				 &flags, sizeof(flags)) != 0) {
++			ret = -EFAULT;
++			goto free_counters;
++		}
++
+ 		for (i = sizeof(struct ipt_entry);
+ 		     i < e->target_offset;
+ 		     i += m->u.match_size) {
diff --git a/target/linux/generic-2.6/patches-2.6.31/110-netfilter_match_speedup.patch b/target/linux/generic-2.6/patches-2.6.31/110-netfilter_match_speedup.patch
index 3dd114522..d6c113aa3 100644
--- a/target/linux/generic-2.6/patches-2.6.31/110-netfilter_match_speedup.patch
+++ b/target/linux/generic-2.6/patches-2.6.31/110-netfilter_match_speedup.patch
@@ -119,3 +119,26 @@
  	/* For return from builtin chain */
  	back = get_entry(table_base, private->underflow[hook]);
  
+@@ -978,6 +1017,7 @@ copy_entries_to_user(unsigned int total_
+ 		unsigned int i;
+ 		const struct ipt_entry_match *m;
+ 		const struct ipt_entry_target *t;
++		u8 flags;
+ 
+ 		e = (struct ipt_entry *)(loc_cpu_entry + off);
+ 		if (copy_to_user(userptr + off
+@@ -988,6 +1028,14 @@ copy_entries_to_user(unsigned int total_
+ 			goto free_counters;
+ 		}
+ 
++		flags = e->ip.flags & ~IPT_F_NO_DEF_MATCH;
++		if (copy_to_user(userptr + off
++				 + offsetof(struct ipt_entry, ip.flags),
++				 &flags, sizeof(flags)) != 0) {
++			ret = -EFAULT;
++			goto free_counters;
++		}
++
+ 		for (i = sizeof(struct ipt_entry);
+ 		     i < e->target_offset;
+ 		     i += m->u.match_size) {
diff --git a/target/linux/generic-2.6/patches-2.6.32/110-netfilter_match_speedup.patch b/target/linux/generic-2.6/patches-2.6.32/110-netfilter_match_speedup.patch
index 2f4c7a292..a9eb1089f 100644
--- a/target/linux/generic-2.6/patches-2.6.32/110-netfilter_match_speedup.patch
+++ b/target/linux/generic-2.6/patches-2.6.32/110-netfilter_match_speedup.patch
@@ -119,3 +119,26 @@
  	/* For return from builtin chain */
  	back = get_entry(table_base, private->underflow[hook]);
  
+@@ -992,6 +1031,7 @@ copy_entries_to_user(unsigned int total_
+ 		unsigned int i;
+ 		const struct ipt_entry_match *m;
+ 		const struct ipt_entry_target *t;
++		u8 flags;
+ 
+ 		e = (struct ipt_entry *)(loc_cpu_entry + off);
+ 		if (copy_to_user(userptr + off
+@@ -1002,6 +1042,14 @@ copy_entries_to_user(unsigned int total_
+ 			goto free_counters;
+ 		}
+ 
++		flags = e->ip.flags & ~IPT_F_NO_DEF_MATCH;
++		if (copy_to_user(userptr + off
++				 + offsetof(struct ipt_entry, ip.flags),
++				 &flags, sizeof(flags)) != 0) {
++			ret = -EFAULT;
++			goto free_counters;
++		}
++
+ 		for (i = sizeof(struct ipt_entry);
+ 		     i < e->target_offset;
+ 		     i += m->u.match_size) {
diff --git a/target/linux/generic-2.6/patches-2.6.33/110-netfilter_match_speedup.patch b/target/linux/generic-2.6/patches-2.6.33/110-netfilter_match_speedup.patch
index 69344a91f..e99c6db4d 100644
--- a/target/linux/generic-2.6/patches-2.6.33/110-netfilter_match_speedup.patch
+++ b/target/linux/generic-2.6/patches-2.6.33/110-netfilter_match_speedup.patch
@@ -119,3 +119,26 @@
  	/* For return from builtin chain */
  	back = get_entry(table_base, private->underflow[hook]);
  
+@@ -992,6 +1031,7 @@ copy_entries_to_user(unsigned int total_
+ 		unsigned int i;
+ 		const struct ipt_entry_match *m;
+ 		const struct ipt_entry_target *t;
++		u8 flags;
+ 
+ 		e = (struct ipt_entry *)(loc_cpu_entry + off);
+ 		if (copy_to_user(userptr + off
+@@ -1002,6 +1042,14 @@ copy_entries_to_user(unsigned int total_
+ 			goto free_counters;
+ 		}
+ 
++		flags = e->ip.flags & ~IPT_F_NO_DEF_MATCH;
++		if (copy_to_user(userptr + off
++				 + offsetof(struct ipt_entry, ip.flags),
++				 &flags, sizeof(flags)) != 0) {
++			ret = -EFAULT;
++			goto free_counters;
++		}
++
+ 		for (i = sizeof(struct ipt_entry);
+ 		     i < e->target_offset;
+ 		     i += m->u.match_size) {
diff --git a/target/linux/generic-2.6/patches-2.6.34/110-netfilter_match_speedup.patch b/target/linux/generic-2.6/patches-2.6.34/110-netfilter_match_speedup.patch
index 69344a91f..e99c6db4d 100644
--- a/target/linux/generic-2.6/patches-2.6.34/110-netfilter_match_speedup.patch
+++ b/target/linux/generic-2.6/patches-2.6.34/110-netfilter_match_speedup.patch
@@ -119,3 +119,26 @@
  	/* For return from builtin chain */
  	back = get_entry(table_base, private->underflow[hook]);
  
+@@ -992,6 +1031,7 @@ copy_entries_to_user(unsigned int total_
+ 		unsigned int i;
+ 		const struct ipt_entry_match *m;
+ 		const struct ipt_entry_target *t;
++		u8 flags;
+ 
+ 		e = (struct ipt_entry *)(loc_cpu_entry + off);
+ 		if (copy_to_user(userptr + off
+@@ -1002,6 +1042,14 @@ copy_entries_to_user(unsigned int total_
+ 			goto free_counters;
+ 		}
+ 
++		flags = e->ip.flags & ~IPT_F_NO_DEF_MATCH;
++		if (copy_to_user(userptr + off
++				 + offsetof(struct ipt_entry, ip.flags),
++				 &flags, sizeof(flags)) != 0) {
++			ret = -EFAULT;
++			goto free_counters;
++		}
++
+ 		for (i = sizeof(struct ipt_entry);
+ 		     i < e->target_offset;
+ 		     i += m->u.match_size) {