Ignore:
Timestamp:
2011-08-06T14:39:31+02:00 (5 years ago)
Author:
nbd
Message:

kernel: add missing checks in the netfilter optimization patch which broke some rules containing only source/destination address checks

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/target/linux/generic/patches-3.0/611-netfilter_match_bypass_default_table.patch

    r27840 r27923  
    11--- a/net/ipv4/netfilter/ip_tables.c 
    22+++ b/net/ipv4/netfilter/ip_tables.c 
    3 @@ -307,6 +307,33 @@ struct ipt_entry *ipt_next_entry(const s 
     3@@ -310,6 +310,33 @@ struct ipt_entry *ipt_next_entry(const s 
    44        return (void *)entry + entry->next_offset; 
    55 } 
     
    3535 unsigned int 
    3636 ipt_do_table(struct sk_buff *skb, 
    37 @@ -331,6 +358,25 @@ ipt_do_table(struct sk_buff *skb, 
     37@@ -334,6 +361,25 @@ ipt_do_table(struct sk_buff *skb, 
    3838        ip = ip_hdr(skb); 
    3939        indev = in ? in->name : nulldevname; 
     
    6161         * if it was a normal packet.  All other fragments are treated 
    6262         * normally, except that they will NEVER match rules that ask 
    63 @@ -345,18 +391,6 @@ ipt_do_table(struct sk_buff *skb, 
     63@@ -348,18 +394,6 @@ ipt_do_table(struct sk_buff *skb, 
    6464        acpar.family  = NFPROTO_IPV4; 
    6565        acpar.hooknum = hook; 
Note: See TracChangeset for help on using the changeset viewer.