Changeset 28734


Ignore:
Timestamp:
2011-11-03T21:02:31+01:00 (6 years ago)
Author:
nbd
Message:

kernel: merge regression fixes for the netfilter patches to the 3.1 kernel patches (patch by tripolar)

Location:
trunk/target/linux/generic/patches-3.1
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • trunk/target/linux/generic/patches-3.1/610-netfilter_match_bypass_default_checks.patch

    r27940 r28734  
    2121                  IPT_INV_SRCIP) || 
    2222            FWINV((ip->daddr&ipinfo->dmsk.s_addr) != ipinfo->dst.s_addr, 
    23 @@ -134,6 +137,26 @@ ip_packet_match(const struct iphdr *ip, 
     23@@ -134,6 +137,29 @@ ip_packet_match(const struct iphdr *ip, 
    2424        return true; 
    2525 } 
     
    3939+               return; 
    4040+ 
     41+       if (ip->smsk.s_addr || ip->dmsk.s_addr) 
     42+               return; 
     43+ 
    4144+       if (ip->proto) 
    4245+               return; 
     
    4851 ip_checkentry(const struct ipt_ip *ip) 
    4952 { 
    50 @@ -561,7 +584,7 @@ static void cleanup_match(struct xt_entr 
     53@@ -561,7 +587,7 @@ static void cleanup_match(struct xt_entr 
    5154 } 
    5255  
     
    5760        const struct xt_entry_target *t; 
    5861  
    59 @@ -570,6 +593,8 @@ check_entry(const struct ipt_entry *e, c 
     62@@ -570,6 +596,8 @@ check_entry(const struct ipt_entry *e, c 
    6063                return -EINVAL; 
    6164        } 
     
    6669            e->next_offset) 
    6770                return -EINVAL; 
    68 @@ -931,6 +956,7 @@ copy_entries_to_user(unsigned int total_ 
     71@@ -931,6 +959,7 @@ copy_entries_to_user(unsigned int total_ 
    6972        const struct xt_table_info *private = table->private; 
    7073        int ret = 0; 
     
    7477        counters = alloc_counters(table); 
    7578        if (IS_ERR(counters)) 
    76 @@ -961,6 +987,14 @@ copy_entries_to_user(unsigned int total_ 
     79@@ -961,6 +990,14 @@ copy_entries_to_user(unsigned int total_ 
    7780                        ret = -EFAULT; 
    7881                        goto free_counters; 
  • trunk/target/linux/generic/patches-3.1/611-netfilter_match_bypass_default_table.patch

    r27940 r28734  
    11--- a/net/ipv4/netfilter/ip_tables.c 
    22+++ b/net/ipv4/netfilter/ip_tables.c 
    3 @@ -307,6 +307,33 @@ struct ipt_entry *ipt_next_entry(const s 
     3@@ -310,6 +310,33 @@ struct ipt_entry *ipt_next_entry(const s 
    44        return (void *)entry + entry->next_offset; 
    55 } 
     
    3535 unsigned int 
    3636 ipt_do_table(struct sk_buff *skb, 
    37 @@ -331,6 +358,25 @@ ipt_do_table(struct sk_buff *skb, 
     37@@ -334,6 +361,25 @@ ipt_do_table(struct sk_buff *skb, 
    3838        ip = ip_hdr(skb); 
    3939        indev = in ? in->name : nulldevname; 
     
    6161         * if it was a normal packet.  All other fragments are treated 
    6262         * normally, except that they will NEVER match rules that ask 
    63 @@ -345,18 +391,6 @@ ipt_do_table(struct sk_buff *skb, 
     63@@ -348,18 +394,6 @@ ipt_do_table(struct sk_buff *skb, 
    6464        acpar.family  = NFPROTO_IPV4; 
    6565        acpar.hooknum = hook; 
  • trunk/target/linux/generic/patches-3.1/612-netfilter_match_reduce_memory_access.patch

    r27940 r28734  
    1010                  IPT_INV_SRCIP) || 
    1111-           FWINV((ip->daddr&ipinfo->dmsk.s_addr) != ipinfo->dst.s_addr, 
    12 +           FWINV(ipinfo->smsk.s_addr && 
     12+           FWINV(ipinfo->dmsk.s_addr && 
    1313+                 (ip->daddr&ipinfo->dmsk.s_addr) != ipinfo->dst.s_addr, 
    1414                  IPT_INV_DSTIP)) { 
Note: See TracChangeset for help on using the changeset viewer.