Ignore:
Timestamp:
2011-08-06T14:39:31+02:00 (5 years ago)
Author:
nbd
Message:

kernel: add missing checks in the netfilter optimization patch which broke some rules containing only source/destination address checks

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/target/linux/generic/patches-2.6.39/611-netfilter_match_bypass_default_table.patch

    r27840 r27923  
    11--- a/net/ipv4/netfilter/ip_tables.c 
    22+++ b/net/ipv4/netfilter/ip_tables.c 
    3 @@ -316,6 +316,33 @@ struct ipt_entry *ipt_next_entry(const s 
     3@@ -319,6 +319,33 @@ struct ipt_entry *ipt_next_entry(const s 
    44        return (void *)entry + entry->next_offset; 
    55 } 
     
    3535 unsigned int 
    3636 ipt_do_table(struct sk_buff *skb, 
    37 @@ -339,6 +366,23 @@ ipt_do_table(struct sk_buff *skb, 
     37@@ -342,6 +369,23 @@ ipt_do_table(struct sk_buff *skb, 
    3838        ip = ip_hdr(skb); 
    3939        indev = in ? in->name : nulldevname; 
     
    5959         * if it was a normal packet.  All other fragments are treated 
    6060         * normally, except that they will NEVER match rules that ask 
    61 @@ -353,17 +397,6 @@ ipt_do_table(struct sk_buff *skb, 
     61@@ -356,17 +400,6 @@ ipt_do_table(struct sk_buff *skb, 
    6262        acpar.family  = NFPROTO_IPV4; 
    6363        acpar.hooknum = hook; 
Note: See TracChangeset for help on using the changeset viewer.