projects / openwrt / svn-archive / archive.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
rename target/linux/generic-2.6 to generic
[openwrt/svn-archive/archive.git] / target / linux / generic-2.6 / patches-2.6.32 / 110-netfilter_match_speedup.patch
diff --git a/target/linux/generic-2.6/patches-2.6.32/110-netfilter_match_speedup.patch b/target/linux/generic-2.6/patches-2.6.32/110-netfilter_match_speedup.patch
deleted file mode 100644 (file)
index a9eb108..0000000
--- a/target/linux/generic-2.6/patches-2.6.32/110-netfilter_match_speedup.patch
+++ /dev/null
@@ -1,144 +0,0 @@
---- a/include/linux/netfilter_ipv4/ip_tables.h
-+++ b/include/linux/netfilter_ipv4/ip_tables.h
-@@ -62,6 +62,7 @@ struct ipt_ip {
- #define IPT_F_FRAG            0x01    /* Set if rule is a fragment rule */
- #define IPT_F_GOTO            0x02    /* Set if jump is a goto */
- #define IPT_F_MASK            0x03    /* All possible flag bits mask. */
-+#define IPT_F_NO_DEF_MATCH    0x80    /* Internal: no default match rules present */
- /* Values for "inv" field in struct ipt_ip. */
- #define IPT_INV_VIA_IN                0x01    /* Invert the sense of IN IFACE. */
---- a/net/ipv4/netfilter/ip_tables.c
-+++ b/net/ipv4/netfilter/ip_tables.c
-@@ -88,6 +88,9 @@ ip_packet_match(const struct iphdr *ip,
- #define FWINV(bool, invflg) ((bool) ^ !!(ipinfo->invflags & (invflg)))
-+      if (ipinfo->flags & IPT_F_NO_DEF_MATCH)
-+              return true;
-+
-       if (FWINV((ip->saddr&ipinfo->smsk.s_addr) != ipinfo->src.s_addr,
-                 IPT_INV_SRCIP)
-           || FWINV((ip->daddr&ipinfo->dmsk.s_addr) != ipinfo->dst.s_addr,
-@@ -138,13 +141,35 @@ ip_packet_match(const struct iphdr *ip,
-               return false;
-       }
-+#undef FWINV
-       return true;
- }
- static bool
--ip_checkentry(const struct ipt_ip *ip)
-+ip_checkentry(struct ipt_ip *ip)
- {
--      if (ip->flags & ~IPT_F_MASK) {
-+#define FWINV(bool, invflg) ((bool) || (ip->invflags & (invflg)))
-+
-+      if (FWINV(ip->smsk.s_addr, IPT_INV_SRCIP) ||
-+              FWINV(ip->dmsk.s_addr, IPT_INV_DSTIP))
-+              goto has_match_rules;
-+
-+      if (FWINV(!!((const unsigned long *)ip->iniface_mask)[0],
-+              IPT_INV_VIA_IN) ||
-+          FWINV(!!((const unsigned long *)ip->outiface_mask)[0],
-+              IPT_INV_VIA_OUT))
-+              goto has_match_rules;
-+
-+      if (FWINV(ip->proto, IPT_INV_PROTO))
-+              goto has_match_rules;
-+
-+      if (FWINV(ip->flags&IPT_F_FRAG, IPT_INV_FRAG))
-+              goto has_match_rules;
-+
-+      ip->flags |= IPT_F_NO_DEF_MATCH;
-+
-+has_match_rules:
-+      if (ip->flags & ~(IPT_F_MASK|IPT_F_NO_DEF_MATCH)) {
-               duprintf("Unknown flag bits set: %08X\n",
-                        ip->flags & ~IPT_F_MASK);
-               return false;
-@@ -154,6 +179,8 @@ ip_checkentry(const struct ipt_ip *ip)
-                        ip->invflags & ~IPT_INV_MASK);
-               return false;
-       }
-+
-+#undef FWINV
-       return true;
- }
-@@ -196,7 +223,6 @@ static inline bool unconditional(const s
-       static const struct ipt_ip uncond;
-       return memcmp(ip, &uncond, sizeof(uncond)) == 0;
--#undef FWINV
- }
- #if defined(CONFIG_NETFILTER_XT_TARGET_TRACE) || \
-@@ -321,8 +347,28 @@ ipt_do_table(struct sk_buff *skb,
-       struct xt_match_param mtpar;
-       struct xt_target_param tgpar;
--      /* Initialization */
-       ip = ip_hdr(skb);
-+
-+      IP_NF_ASSERT(table->valid_hooks & (1 << hook));
-+      xt_info_rdlock_bh();
-+      private = table->private;
-+      table_base = private->entries[smp_processor_id()];
-+      e = get_entry(table_base, private->hook_entry[hook]);
-+
-+      if (e->target_offset <= sizeof(struct ipt_entry) &&
-+              (e->ip.flags & IPT_F_NO_DEF_MATCH)) {
-+                      struct ipt_entry_target *t = ipt_get_target(e);
-+                      if (!t->u.kernel.target->target) {
-+                              int v = ((struct ipt_standard_target *)t)->verdict;
-+                              if ((v < 0) && (v != IPT_RETURN)) {
-+                                      ADD_COUNTER(e->counters, ntohs(ip->tot_len), 1);
-+                                      xt_info_rdunlock_bh();
-+                                      return (unsigned)(-v) - 1;
-+                              }
-+                      }
-+      }
-+
-+      /* Initialization */
-       indev = in ? in->name : nulldevname;
-       outdev = out ? out->name : nulldevname;
-       /* We handle fragments by dealing with the first fragment as
-@@ -339,13 +385,6 @@ ipt_do_table(struct sk_buff *skb,
-       mtpar.family  = tgpar.family = NFPROTO_IPV4;
-       mtpar.hooknum = tgpar.hooknum = hook;
--      IP_NF_ASSERT(table->valid_hooks & (1 << hook));
--      xt_info_rdlock_bh();
--      private = table->private;
--      table_base = private->entries[smp_processor_id()];
--
--      e = get_entry(table_base, private->hook_entry[hook]);
--
-       /* For return from builtin chain */
-       back = get_entry(table_base, private->underflow[hook]);
-@@ -992,6 +1031,7 @@ copy_entries_to_user(unsigned int total_
-               unsigned int i;
-               const struct ipt_entry_match *m;
-               const struct ipt_entry_target *t;
-+              u8 flags;
-               e = (struct ipt_entry *)(loc_cpu_entry + off);
-               if (copy_to_user(userptr + off
-@@ -1002,6 +1042,14 @@ copy_entries_to_user(unsigned int total_
-                       goto free_counters;
-               }
-+              flags = e->ip.flags & ~IPT_F_NO_DEF_MATCH;
-+              if (copy_to_user(userptr + off
-+                               + offsetof(struct ipt_entry, ip.flags),
-+                               &flags, sizeof(flags)) != 0) {
-+                      ret = -EFAULT;
-+                      goto free_counters;
-+              }
-+
-               for (i = sizeof(struct ipt_entry);
-                    i < e->target_offset;
-                    i += m->u.match_size) {
OpenWrt SVN history