--- a/net/ipv4/netfilter/ip_tables.c
+++ b/net/ipv4/netfilter/ip_tables.c
-@@ -316,6 +316,33 @@ struct ipt_entry *ipt_next_entry(const s
+@@ -319,6 +319,33 @@ struct ipt_entry *ipt_next_entry(const s
return (void *)entry + entry->next_offset;
}
/* Returns one of the generic firewall policies, like NF_ACCEPT. */
unsigned int
ipt_do_table(struct sk_buff *skb,
-@@ -339,6 +366,23 @@ ipt_do_table(struct sk_buff *skb,
+@@ -342,6 +369,23 @@ ipt_do_table(struct sk_buff *skb,
ip = ip_hdr(skb);
indev = in ? in->name : nulldevname;
outdev = out ? out->name : nulldevname;
/* We handle fragments by dealing with the first fragment as
* if it was a normal packet. All other fragments are treated
* normally, except that they will NEVER match rules that ask
-@@ -353,17 +397,6 @@ ipt_do_table(struct sk_buff *skb,
+@@ -356,17 +400,6 @@ ipt_do_table(struct sk_buff *skb,
acpar.family = NFPROTO_IPV4;
acpar.hooknum = hook;