summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--target/linux/generic-2.6/patches-2.6.28/120-netfilter_upstream_fixes.patch100
-rw-r--r--target/linux/generic-2.6/patches-2.6.29/120-netfilter_upstream_fixes.patch100
2 files changed, 0 insertions, 200 deletions
diff --git a/target/linux/generic-2.6/patches-2.6.28/120-netfilter_upstream_fixes.patch b/target/linux/generic-2.6/patches-2.6.28/120-netfilter_upstream_fixes.patch
deleted file mode 100644
index 7f2424d..0000000
--- a/target/linux/generic-2.6/patches-2.6.28/120-netfilter_upstream_fixes.patch
+++ /dev/null
@@ -1,100 +0,0 @@
---- a/net/ipv4/netfilter/arp_tables.c
-+++ b/net/ipv4/netfilter/arp_tables.c
-@@ -374,7 +374,9 @@ static int mark_source_chains(struct xt_
- && unconditional(&e->arp)) || visited) {
- unsigned int oldpos, size;
-
-- if (t->verdict < -NF_MAX_VERDICT - 1) {
-+ if ((strcmp(t->target.u.user.name,
-+ ARPT_STANDARD_TARGET) == 0) &&
-+ t->verdict < -NF_MAX_VERDICT - 1) {
- duprintf("mark_source_chains: bad "
- "negative verdict (%i)\n",
- t->verdict);
---- a/net/ipv4/netfilter/ip_tables.c
-+++ b/net/ipv4/netfilter/ip_tables.c
-@@ -74,6 +74,25 @@ do { \
-
- Hence the start of any table is given by get_table() below. */
-
-+static unsigned long ifname_compare(const char *_a, const char *_b,
-+ const unsigned char *_mask)
-+{
-+ const unsigned long *a = (const unsigned long *)_a;
-+ const unsigned long *b = (const unsigned long *)_b;
-+ const unsigned long *mask = (const unsigned long *)_mask;
-+ unsigned long ret;
-+
-+ ret = (a[0] ^ b[0]) & mask[0];
-+ if (IFNAMSIZ > sizeof(unsigned long))
-+ ret |= (a[1] ^ b[1]) & mask[1];
-+ if (IFNAMSIZ > 2 * sizeof(unsigned long))
-+ ret |= (a[2] ^ b[2]) & mask[2];
-+ if (IFNAMSIZ > 3 * sizeof(unsigned long))
-+ ret |= (a[3] ^ b[3]) & mask[3];
-+ BUILD_BUG_ON(IFNAMSIZ > 4 * sizeof(unsigned long));
-+ return ret;
-+}
-+
- /* Returns whether matches rule or not. */
- /* Performance critical - called for every packet */
- static inline bool
-@@ -83,7 +102,6 @@ ip_packet_match(const struct iphdr *ip,
- const struct ipt_ip *ipinfo,
- int isfrag)
- {
-- size_t i;
- unsigned long ret;
-
- #define FWINV(bool, invflg) ((bool) ^ !!(ipinfo->invflags & (invflg)))
-@@ -110,12 +128,7 @@ ip_packet_match(const struct iphdr *ip,
- return false;
- }
-
-- /* Look for ifname matches; this should unroll nicely. */
-- for (i = 0, ret = 0; i < IFNAMSIZ/sizeof(unsigned long); i++) {
-- ret |= (((const unsigned long *)indev)[i]
-- ^ ((const unsigned long *)ipinfo->iniface)[i])
-- & ((const unsigned long *)ipinfo->iniface_mask)[i];
-- }
-+ ret = ifname_compare(indev, ipinfo->iniface, ipinfo->iniface_mask);
-
- if (FWINV(ret != 0, IPT_INV_VIA_IN)) {
- dprintf("VIA in mismatch (%s vs %s).%s\n",
-@@ -124,11 +137,7 @@ ip_packet_match(const struct iphdr *ip,
- return false;
- }
-
-- for (i = 0, ret = 0; i < IFNAMSIZ/sizeof(unsigned long); i++) {
-- ret |= (((const unsigned long *)outdev)[i]
-- ^ ((const unsigned long *)ipinfo->outiface)[i])
-- & ((const unsigned long *)ipinfo->outiface_mask)[i];
-- }
-+ ret = ifname_compare(outdev, ipinfo->outiface, ipinfo->outiface_mask);
-
- if (FWINV(ret != 0, IPT_INV_VIA_OUT)) {
- dprintf("VIA out mismatch (%s vs %s).%s\n",
-@@ -523,7 +532,9 @@ mark_source_chains(struct xt_table_info
- && unconditional(&e->ip)) || visited) {
- unsigned int oldpos, size;
-
-- if (t->verdict < -NF_MAX_VERDICT - 1) {
-+ if ((strcmp(t->target.u.user.name,
-+ IPT_STANDARD_TARGET) == 0) &&
-+ t->verdict < -NF_MAX_VERDICT - 1) {
- duprintf("mark_source_chains: bad "
- "negative verdict (%i)\n",
- t->verdict);
---- a/net/ipv6/netfilter/ip6_tables.c
-+++ b/net/ipv6/netfilter/ip6_tables.c
-@@ -525,7 +525,9 @@ mark_source_chains(struct xt_table_info
- && unconditional(&e->ipv6)) || visited) {
- unsigned int oldpos, size;
-
-- if (t->verdict < -NF_MAX_VERDICT - 1) {
-+ if ((strcmp(t->target.u.user.name,
-+ IP6T_STANDARD_TARGET) == 0) &&
-+ t->verdict < -NF_MAX_VERDICT - 1) {
- duprintf("mark_source_chains: bad "
- "negative verdict (%i)\n",
- t->verdict);
diff --git a/target/linux/generic-2.6/patches-2.6.29/120-netfilter_upstream_fixes.patch b/target/linux/generic-2.6/patches-2.6.29/120-netfilter_upstream_fixes.patch
deleted file mode 100644
index 03df291..0000000
--- a/target/linux/generic-2.6/patches-2.6.29/120-netfilter_upstream_fixes.patch
+++ /dev/null
@@ -1,100 +0,0 @@
---- a/net/ipv4/netfilter/arp_tables.c
-+++ b/net/ipv4/netfilter/arp_tables.c
-@@ -374,7 +374,9 @@ static int mark_source_chains(struct xt_
- && unconditional(&e->arp)) || visited) {
- unsigned int oldpos, size;
-
-- if (t->verdict < -NF_MAX_VERDICT - 1) {
-+ if ((strcmp(t->target.u.user.name,
-+ ARPT_STANDARD_TARGET) == 0) &&
-+ t->verdict < -NF_MAX_VERDICT - 1) {
- duprintf("mark_source_chains: bad "
- "negative verdict (%i)\n",
- t->verdict);
---- a/net/ipv4/netfilter/ip_tables.c
-+++ b/net/ipv4/netfilter/ip_tables.c
-@@ -74,6 +74,25 @@ do { \
-
- Hence the start of any table is given by get_table() below. */
-
-+static unsigned long ifname_compare(const char *_a, const char *_b,
-+ const unsigned char *_mask)
-+{
-+ const unsigned long *a = (const unsigned long *)_a;
-+ const unsigned long *b = (const unsigned long *)_b;
-+ const unsigned long *mask = (const unsigned long *)_mask;
-+ unsigned long ret;
-+
-+ ret = (a[0] ^ b[0]) & mask[0];
-+ if (IFNAMSIZ > sizeof(unsigned long))
-+ ret |= (a[1] ^ b[1]) & mask[1];
-+ if (IFNAMSIZ > 2 * sizeof(unsigned long))
-+ ret |= (a[2] ^ b[2]) & mask[2];
-+ if (IFNAMSIZ > 3 * sizeof(unsigned long))
-+ ret |= (a[3] ^ b[3]) & mask[3];
-+ BUILD_BUG_ON(IFNAMSIZ > 4 * sizeof(unsigned long));
-+ return ret;
-+}
-+
- /* Returns whether matches rule or not. */
- /* Performance critical - called for every packet */
- static inline bool
-@@ -83,7 +102,6 @@ ip_packet_match(const struct iphdr *ip,
- const struct ipt_ip *ipinfo,
- int isfrag)
- {
-- size_t i;
- unsigned long ret;
-
- #define FWINV(bool, invflg) ((bool) ^ !!(ipinfo->invflags & (invflg)))
-@@ -106,12 +124,7 @@ ip_packet_match(const struct iphdr *ip,
- return false;
- }
-
-- /* Look for ifname matches; this should unroll nicely. */
-- for (i = 0, ret = 0; i < IFNAMSIZ/sizeof(unsigned long); i++) {
-- ret |= (((const unsigned long *)indev)[i]
-- ^ ((const unsigned long *)ipinfo->iniface)[i])
-- & ((const unsigned long *)ipinfo->iniface_mask)[i];
-- }
-+ ret = ifname_compare(indev, ipinfo->iniface, ipinfo->iniface_mask);
-
- if (FWINV(ret != 0, IPT_INV_VIA_IN)) {
- dprintf("VIA in mismatch (%s vs %s).%s\n",
-@@ -120,11 +133,7 @@ ip_packet_match(const struct iphdr *ip,
- return false;
- }
-
-- for (i = 0, ret = 0; i < IFNAMSIZ/sizeof(unsigned long); i++) {
-- ret |= (((const unsigned long *)outdev)[i]
-- ^ ((const unsigned long *)ipinfo->outiface)[i])
-- & ((const unsigned long *)ipinfo->outiface_mask)[i];
-- }
-+ ret = ifname_compare(outdev, ipinfo->outiface, ipinfo->outiface_mask);
-
- if (FWINV(ret != 0, IPT_INV_VIA_OUT)) {
- dprintf("VIA out mismatch (%s vs %s).%s\n",
-@@ -519,7 +528,9 @@ mark_source_chains(struct xt_table_info
- && unconditional(&e->ip)) || visited) {
- unsigned int oldpos, size;
-
-- if (t->verdict < -NF_MAX_VERDICT - 1) {
-+ if ((strcmp(t->target.u.user.name,
-+ IPT_STANDARD_TARGET) == 0) &&
-+ t->verdict < -NF_MAX_VERDICT - 1) {
- duprintf("mark_source_chains: bad "
- "negative verdict (%i)\n",
- t->verdict);
---- a/net/ipv6/netfilter/ip6_tables.c
-+++ b/net/ipv6/netfilter/ip6_tables.c
-@@ -525,7 +525,9 @@ mark_source_chains(struct xt_table_info
- && unconditional(&e->ipv6)) || visited) {
- unsigned int oldpos, size;
-
-- if (t->verdict < -NF_MAX_VERDICT - 1) {
-+ if ((strcmp(t->target.u.user.name,
-+ IP6T_STANDARD_TARGET) == 0) &&
-+ t->verdict < -NF_MAX_VERDICT - 1) {
- duprintf("mark_source_chains: bad "
- "negative verdict (%i)\n",
- t->verdict);