projects
/
openwrt
/
staging
/
chunkeey.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
1b890c9
)
netfilter: add a check for ip proto in netfilter_match_speedup patches (closes: ...
author
Nicolas Thill
<nico@openwrt.org>
Sun, 3 May 2009 16:34:02 +0000
(16:34 +0000)
committer
Nicolas Thill
<nico@openwrt.org>
Sun, 3 May 2009 16:34:02 +0000
(16:34 +0000)
SVN-Revision: 15574
target/linux/generic-2.6/patches-2.6.28/110-netfilter_match_speedup.patch
patch
|
blob
|
history
target/linux/generic-2.6/patches-2.6.29/110-netfilter_match_speedup.patch
patch
|
blob
|
history
target/linux/generic-2.6/patches-2.6.30/110-netfilter_match_speedup.patch
patch
|
blob
|
history
diff --git
a/target/linux/generic-2.6/patches-2.6.28/110-netfilter_match_speedup.patch
b/target/linux/generic-2.6/patches-2.6.28/110-netfilter_match_speedup.patch
index a8a49ec65e85aab370697db3fd5462f9f13dcd85..2bdbe0703d65119cbddc7b048d6d3e50831df34f 100644
(file)
--- a/
target/linux/generic-2.6/patches-2.6.28/110-netfilter_match_speedup.patch
+++ b/
target/linux/generic-2.6/patches-2.6.28/110-netfilter_match_speedup.patch
@@
-20,7
+20,7
@@
if (FWINV((ip->saddr&ipinfo->smsk.s_addr) != ipinfo->src.s_addr,
IPT_INV_SRCIP)
|| FWINV((ip->daddr&ipinfo->dmsk.s_addr) != ipinfo->dst.s_addr,
if (FWINV((ip->saddr&ipinfo->smsk.s_addr) != ipinfo->src.s_addr,
IPT_INV_SRCIP)
|| FWINV((ip->daddr&ipinfo->dmsk.s_addr) != ipinfo->dst.s_addr,
-@@ -151,13 +154,3
2
@@ ip_packet_match(const struct iphdr *ip,
+@@ -151,13 +154,3
5
@@ ip_packet_match(const struct iphdr *ip,
return false;
}
return false;
}
@@
-45,6
+45,9
@@
+ IPT_INV_VIA_OUT))
+ goto has_match_rules;
+
+ IPT_INV_VIA_OUT))
+ goto has_match_rules;
+
++ if (FWINV(ip->proto, IPT_INV_PROTO))
++ goto has_match_rules;
++
+ if (FWINV(ip->flags&IPT_F_FRAG, IPT_INV_FRAG))
+ goto has_match_rules;
+
+ if (FWINV(ip->flags&IPT_F_FRAG, IPT_INV_FRAG))
+ goto has_match_rules;
+
@@
-55,7
+58,7
@@
duprintf("Unknown flag bits set: %08X\n",
ip->flags & ~IPT_F_MASK);
return false;
duprintf("Unknown flag bits set: %08X\n",
ip->flags & ~IPT_F_MASK);
return false;
-@@ -167,6 +1
89
,8 @@ ip_checkentry(const struct ipt_ip *ip)
+@@ -167,6 +1
92
,8 @@ ip_checkentry(const struct ipt_ip *ip)
ip->invflags & ~IPT_INV_MASK);
return false;
}
ip->invflags & ~IPT_INV_MASK);
return false;
}
@@
-64,7
+67,7
@@
return true;
}
return true;
}
-@@ -214,7 +2
38
,6 @@ unconditional(const struct ipt_ip *ip)
+@@ -214,7 +2
41
,6 @@ unconditional(const struct ipt_ip *ip)
return 0;
return 1;
return 0;
return 1;
diff --git
a/target/linux/generic-2.6/patches-2.6.29/110-netfilter_match_speedup.patch
b/target/linux/generic-2.6/patches-2.6.29/110-netfilter_match_speedup.patch
index fddf81c3e70171246710bbed13d1016b00451a84..5bb51bad03b47c82fe057853e9bba1e28dc28ca0 100644
(file)
--- a/
target/linux/generic-2.6/patches-2.6.29/110-netfilter_match_speedup.patch
+++ b/
target/linux/generic-2.6/patches-2.6.29/110-netfilter_match_speedup.patch
@@
-20,7
+20,7
@@
if (FWINV((ip->saddr&ipinfo->smsk.s_addr) != ipinfo->src.s_addr,
IPT_INV_SRCIP)
|| FWINV((ip->daddr&ipinfo->dmsk.s_addr) != ipinfo->dst.s_addr,
if (FWINV((ip->saddr&ipinfo->smsk.s_addr) != ipinfo->src.s_addr,
IPT_INV_SRCIP)
|| FWINV((ip->daddr&ipinfo->dmsk.s_addr) != ipinfo->dst.s_addr,
-@@ -147,13 +150,3
2
@@ ip_packet_match(const struct iphdr *ip,
+@@ -147,13 +150,3
5
@@ ip_packet_match(const struct iphdr *ip,
return false;
}
return false;
}
@@
-45,6
+45,9
@@
+ IPT_INV_VIA_OUT))
+ goto has_match_rules;
+
+ IPT_INV_VIA_OUT))
+ goto has_match_rules;
+
++ if (FWINV(ip->proto, IPT_INV_PROTO))
++ goto has_match_rules;
++
+ if (FWINV(ip->flags&IPT_F_FRAG, IPT_INV_FRAG))
+ goto has_match_rules;
+
+ if (FWINV(ip->flags&IPT_F_FRAG, IPT_INV_FRAG))
+ goto has_match_rules;
+
@@
-55,7
+58,7
@@
duprintf("Unknown flag bits set: %08X\n",
ip->flags & ~IPT_F_MASK);
return false;
duprintf("Unknown flag bits set: %08X\n",
ip->flags & ~IPT_F_MASK);
return false;
-@@ -163,6 +18
5
,8 @@ ip_checkentry(const struct ipt_ip *ip)
+@@ -163,6 +18
8
,8 @@ ip_checkentry(const struct ipt_ip *ip)
ip->invflags & ~IPT_INV_MASK);
return false;
}
ip->invflags & ~IPT_INV_MASK);
return false;
}
@@
-64,7
+67,7
@@
return true;
}
return true;
}
-@@ -210,7 +23
4
,6 @@ unconditional(const struct ipt_ip *ip)
+@@ -210,7 +23
7
,6 @@ unconditional(const struct ipt_ip *ip)
return 0;
return 1;
return 0;
return 1;
diff --git
a/target/linux/generic-2.6/patches-2.6.30/110-netfilter_match_speedup.patch
b/target/linux/generic-2.6/patches-2.6.30/110-netfilter_match_speedup.patch
index 22f0a4341c4252464c6bfea07bbb33a48df0696f..be15d349cfc423fb54e96419d13b5abac23dcbe5 100644
(file)
--- a/
target/linux/generic-2.6/patches-2.6.30/110-netfilter_match_speedup.patch
+++ b/
target/linux/generic-2.6/patches-2.6.30/110-netfilter_match_speedup.patch
@@
-20,7
+20,7
@@
if (FWINV((ip->saddr&ipinfo->smsk.s_addr) != ipinfo->src.s_addr,
IPT_INV_SRCIP)
|| FWINV((ip->daddr&ipinfo->dmsk.s_addr) != ipinfo->dst.s_addr,
if (FWINV((ip->saddr&ipinfo->smsk.s_addr) != ipinfo->src.s_addr,
IPT_INV_SRCIP)
|| FWINV((ip->daddr&ipinfo->dmsk.s_addr) != ipinfo->dst.s_addr,
-@@ -137,13 +140,3
2
@@ ip_packet_match(const struct iphdr *ip,
+@@ -137,13 +140,3
5
@@ ip_packet_match(const struct iphdr *ip,
return false;
}
return false;
}
@@
-45,6
+45,9
@@
+ IPT_INV_VIA_OUT))
+ goto has_match_rules;
+
+ IPT_INV_VIA_OUT))
+ goto has_match_rules;
+
++ if (FWINV(ip->proto, IPT_INV_PROTO))
++ goto has_match_rules;
++
+ if (FWINV(ip->flags&IPT_F_FRAG, IPT_INV_FRAG))
+ goto has_match_rules;
+
+ if (FWINV(ip->flags&IPT_F_FRAG, IPT_INV_FRAG))
+ goto has_match_rules;
+
@@
-55,7
+58,7
@@
duprintf("Unknown flag bits set: %08X\n",
ip->flags & ~IPT_F_MASK);
return false;
duprintf("Unknown flag bits set: %08X\n",
ip->flags & ~IPT_F_MASK);
return false;
-@@ -153,6 +17
5
,8 @@ ip_checkentry(const struct ipt_ip *ip)
+@@ -153,6 +17
8
,8 @@ ip_checkentry(const struct ipt_ip *ip)
ip->invflags & ~IPT_INV_MASK);
return false;
}
ip->invflags & ~IPT_INV_MASK);
return false;
}
@@
-64,7
+67,7
@@
return true;
}
return true;
}
-@@ -200,7 +22
4
,6 @@ unconditional(const struct ipt_ip *ip)
+@@ -200,7 +22
7
,6 @@ unconditional(const struct ipt_ip *ip)
return 0;
return 1;
return 0;
return 1;