kernel: add missing checks in the netfilter optimization patch which broke some rules...

[openwrt.git] / target / linux / generic / patches-2.6.39 / 611-netfilter_match_bypass_default_table.patch

diff --git a/target/linux/generic/patches-2.6.39/611-netfilter_match_bypass_default_table.patch b/target/linux/generic/patches-2.6.39/611-netfilter_match_bypass_default_table.patch
index f2004a6..0ea58c9 100644 (file)
--- a/target/linux/generic/patches-2.6.39/611-netfilter_match_bypass_default_table.patch
+++ b/target/linux/generic/patches-2.6.39/611-netfilter_match_bypass_default_table.patch
@@ -1,6 +1,6 @@
 --- a/net/ipv4/netfilter/ip_tables.c
 +++ b/net/ipv4/netfilter/ip_tables.c
-@@ -316,6 +316,33 @@ struct ipt_entry *ipt_next_entry(const s
+@@ -319,6 +319,33 @@ struct ipt_entry *ipt_next_entry(const s
        return (void *)entry + entry->next_offset;
  }
  
@@ -34,7 +34,7 @@
  /* Returns one of the generic firewall policies, like NF_ACCEPT. */
  unsigned int
  ipt_do_table(struct sk_buff *skb,
-@@ -339,6 +366,23 @@ ipt_do_table(struct sk_buff *skb,
+@@ -342,6 +369,23 @@ ipt_do_table(struct sk_buff *skb,
        ip = ip_hdr(skb);
        indev = in ? in->name : nulldevname;
        outdev = out ? out->name : nulldevname;
@@ -58,7 +58,7 @@
        /* We handle fragments by dealing with the first fragment as
         * if it was a normal packet.  All other fragments are treated
         * normally, except that they will NEVER match rules that ask
-@@ -353,17 +397,6 @@ ipt_do_table(struct sk_buff *skb,
+@@ -356,17 +400,6 @@ ipt_do_table(struct sk_buff *skb,
        acpar.family  = NFPROTO_IPV4;
        acpar.hooknum = hook;