netfilter: fix ABI breakage caused by the netfilter match optimization (fixes #5628)
authorFelix Fietkau <nbd@openwrt.org>
Sun, 28 Mar 2010 19:05:59 +0000 (19:05 +0000)
committerFelix Fietkau <nbd@openwrt.org>
Sun, 28 Mar 2010 19:05:59 +0000 (19:05 +0000)
SVN-Revision: 20552

target/linux/generic-2.6/patches-2.6.30/110-netfilter_match_speedup.patch
target/linux/generic-2.6/patches-2.6.31/110-netfilter_match_speedup.patch
target/linux/generic-2.6/patches-2.6.32/110-netfilter_match_speedup.patch
target/linux/generic-2.6/patches-2.6.33/110-netfilter_match_speedup.patch
target/linux/generic-2.6/patches-2.6.34/110-netfilter_match_speedup.patch

index 950a432..926966c 100644 (file)
        /* For return from builtin chain */
        back = get_entry(table_base, private->underflow[hook]);
  
+@@ -976,6 +1015,7 @@ copy_entries_to_user(unsigned int total_
+               unsigned int i;
+               const struct ipt_entry_match *m;
+               const struct ipt_entry_target *t;
++              u8 flags;
+               e = (struct ipt_entry *)(loc_cpu_entry + off);
+               if (copy_to_user(userptr + off
+@@ -986,6 +1026,14 @@ copy_entries_to_user(unsigned int total_
+                       goto free_counters;
+               }
++              flags = e->ip.flags & ~IPT_F_NO_DEF_MATCH;
++              if (copy_to_user(userptr + off
++                               + offsetof(struct ipt_entry, ip.flags),
++                               &flags, sizeof(flags)) != 0) {
++                      ret = -EFAULT;
++                      goto free_counters;
++              }
++
+               for (i = sizeof(struct ipt_entry);
+                    i < e->target_offset;
+                    i += m->u.match_size) {
index 3dd1145..d6c113a 100644 (file)
        /* For return from builtin chain */
        back = get_entry(table_base, private->underflow[hook]);
  
+@@ -978,6 +1017,7 @@ copy_entries_to_user(unsigned int total_
+               unsigned int i;
+               const struct ipt_entry_match *m;
+               const struct ipt_entry_target *t;
++              u8 flags;
+               e = (struct ipt_entry *)(loc_cpu_entry + off);
+               if (copy_to_user(userptr + off
+@@ -988,6 +1028,14 @@ copy_entries_to_user(unsigned int total_
+                       goto free_counters;
+               }
++              flags = e->ip.flags & ~IPT_F_NO_DEF_MATCH;
++              if (copy_to_user(userptr + off
++                               + offsetof(struct ipt_entry, ip.flags),
++                               &flags, sizeof(flags)) != 0) {
++                      ret = -EFAULT;
++                      goto free_counters;
++              }
++
+               for (i = sizeof(struct ipt_entry);
+                    i < e->target_offset;
+                    i += m->u.match_size) {
index 2f4c7a2..a9eb108 100644 (file)
        /* For return from builtin chain */
        back = get_entry(table_base, private->underflow[hook]);
  
+@@ -992,6 +1031,7 @@ copy_entries_to_user(unsigned int total_
+               unsigned int i;
+               const struct ipt_entry_match *m;
+               const struct ipt_entry_target *t;
++              u8 flags;
+               e = (struct ipt_entry *)(loc_cpu_entry + off);
+               if (copy_to_user(userptr + off
+@@ -1002,6 +1042,14 @@ copy_entries_to_user(unsigned int total_
+                       goto free_counters;
+               }
++              flags = e->ip.flags & ~IPT_F_NO_DEF_MATCH;
++              if (copy_to_user(userptr + off
++                               + offsetof(struct ipt_entry, ip.flags),
++                               &flags, sizeof(flags)) != 0) {
++                      ret = -EFAULT;
++                      goto free_counters;
++              }
++
+               for (i = sizeof(struct ipt_entry);
+                    i < e->target_offset;
+                    i += m->u.match_size) {
index 69344a9..e99c6db 100644 (file)
        /* For return from builtin chain */
        back = get_entry(table_base, private->underflow[hook]);
  
+@@ -992,6 +1031,7 @@ copy_entries_to_user(unsigned int total_
+               unsigned int i;
+               const struct ipt_entry_match *m;
+               const struct ipt_entry_target *t;
++              u8 flags;
+               e = (struct ipt_entry *)(loc_cpu_entry + off);
+               if (copy_to_user(userptr + off
+@@ -1002,6 +1042,14 @@ copy_entries_to_user(unsigned int total_
+                       goto free_counters;
+               }
++              flags = e->ip.flags & ~IPT_F_NO_DEF_MATCH;
++              if (copy_to_user(userptr + off
++                               + offsetof(struct ipt_entry, ip.flags),
++                               &flags, sizeof(flags)) != 0) {
++                      ret = -EFAULT;
++                      goto free_counters;
++              }
++
+               for (i = sizeof(struct ipt_entry);
+                    i < e->target_offset;
+                    i += m->u.match_size) {
index 69344a9..e99c6db 100644 (file)
        /* For return from builtin chain */
        back = get_entry(table_base, private->underflow[hook]);
  
+@@ -992,6 +1031,7 @@ copy_entries_to_user(unsigned int total_
+               unsigned int i;
+               const struct ipt_entry_match *m;
+               const struct ipt_entry_target *t;
++              u8 flags;
+               e = (struct ipt_entry *)(loc_cpu_entry + off);
+               if (copy_to_user(userptr + off
+@@ -1002,6 +1042,14 @@ copy_entries_to_user(unsigned int total_
+                       goto free_counters;
+               }
++              flags = e->ip.flags & ~IPT_F_NO_DEF_MATCH;
++              if (copy_to_user(userptr + off
++                               + offsetof(struct ipt_entry, ip.flags),
++                               &flags, sizeof(flags)) != 0) {
++                      ret = -EFAULT;
++                      goto free_counters;
++              }
++
+               for (i = sizeof(struct ipt_entry);
+                    i < e->target_offset;
+                    i += m->u.match_size) {