diff options
Diffstat (limited to 'target')
3 files changed, 18 insertions, 9 deletions
diff --git a/target/linux/generic-2.6/patches-2.6.28/110-netfilter_match_speedup.patch b/target/linux/generic-2.6/patches-2.6.28/110-netfilter_match_speedup.patch index a8a49ec65..2bdbe0703 100644 --- a/target/linux/generic-2.6/patches-2.6.28/110-netfilter_match_speedup.patch +++ b/target/linux/generic-2.6/patches-2.6.28/110-netfilter_match_speedup.patch @@ -20,7 +20,7 @@ if (FWINV((ip->saddr&ipinfo->smsk.s_addr) != ipinfo->src.s_addr, IPT_INV_SRCIP) || FWINV((ip->daddr&ipinfo->dmsk.s_addr) != ipinfo->dst.s_addr, -@@ -151,13 +154,32 @@ ip_packet_match(const struct iphdr *ip, +@@ -151,13 +154,35 @@ ip_packet_match(const struct iphdr *ip, return false; } @@ -45,6 +45,9 @@ + IPT_INV_VIA_OUT)) + goto has_match_rules; + ++ if (FWINV(ip->proto, IPT_INV_PROTO)) ++ goto has_match_rules; ++ + if (FWINV(ip->flags&IPT_F_FRAG, IPT_INV_FRAG)) + goto has_match_rules; + @@ -55,7 +58,7 @@ duprintf("Unknown flag bits set: %08X\n", ip->flags & ~IPT_F_MASK); return false; -@@ -167,6 +189,8 @@ ip_checkentry(const struct ipt_ip *ip) +@@ -167,6 +192,8 @@ ip_checkentry(const struct ipt_ip *ip) ip->invflags & ~IPT_INV_MASK); return false; } @@ -64,7 +67,7 @@ return true; } -@@ -214,7 +238,6 @@ unconditional(const struct ipt_ip *ip) +@@ -214,7 +241,6 @@ unconditional(const struct ipt_ip *ip) return 0; return 1; diff --git a/target/linux/generic-2.6/patches-2.6.29/110-netfilter_match_speedup.patch b/target/linux/generic-2.6/patches-2.6.29/110-netfilter_match_speedup.patch index fddf81c3e..5bb51bad0 100644 --- a/target/linux/generic-2.6/patches-2.6.29/110-netfilter_match_speedup.patch +++ b/target/linux/generic-2.6/patches-2.6.29/110-netfilter_match_speedup.patch @@ -20,7 +20,7 @@ if (FWINV((ip->saddr&ipinfo->smsk.s_addr) != ipinfo->src.s_addr, IPT_INV_SRCIP) || FWINV((ip->daddr&ipinfo->dmsk.s_addr) != ipinfo->dst.s_addr, -@@ -147,13 +150,32 @@ ip_packet_match(const struct iphdr *ip, +@@ -147,13 +150,35 @@ ip_packet_match(const struct iphdr *ip, return false; } @@ -45,6 +45,9 @@ + IPT_INV_VIA_OUT)) + goto has_match_rules; + ++ if (FWINV(ip->proto, IPT_INV_PROTO)) ++ goto has_match_rules; ++ + if (FWINV(ip->flags&IPT_F_FRAG, IPT_INV_FRAG)) + goto has_match_rules; + @@ -55,7 +58,7 @@ duprintf("Unknown flag bits set: %08X\n", ip->flags & ~IPT_F_MASK); return false; -@@ -163,6 +185,8 @@ ip_checkentry(const struct ipt_ip *ip) +@@ -163,6 +188,8 @@ ip_checkentry(const struct ipt_ip *ip) ip->invflags & ~IPT_INV_MASK); return false; } @@ -64,7 +67,7 @@ return true; } -@@ -210,7 +234,6 @@ unconditional(const struct ipt_ip *ip) +@@ -210,7 +237,6 @@ unconditional(const struct ipt_ip *ip) return 0; return 1; diff --git a/target/linux/generic-2.6/patches-2.6.30/110-netfilter_match_speedup.patch b/target/linux/generic-2.6/patches-2.6.30/110-netfilter_match_speedup.patch index 22f0a4341..be15d349c 100644 --- a/target/linux/generic-2.6/patches-2.6.30/110-netfilter_match_speedup.patch +++ b/target/linux/generic-2.6/patches-2.6.30/110-netfilter_match_speedup.patch @@ -20,7 +20,7 @@ if (FWINV((ip->saddr&ipinfo->smsk.s_addr) != ipinfo->src.s_addr, IPT_INV_SRCIP) || FWINV((ip->daddr&ipinfo->dmsk.s_addr) != ipinfo->dst.s_addr, -@@ -137,13 +140,32 @@ ip_packet_match(const struct iphdr *ip, +@@ -137,13 +140,35 @@ ip_packet_match(const struct iphdr *ip, return false; } @@ -45,6 +45,9 @@ + IPT_INV_VIA_OUT)) + goto has_match_rules; + ++ if (FWINV(ip->proto, IPT_INV_PROTO)) ++ goto has_match_rules; ++ + if (FWINV(ip->flags&IPT_F_FRAG, IPT_INV_FRAG)) + goto has_match_rules; + @@ -55,7 +58,7 @@ duprintf("Unknown flag bits set: %08X\n", ip->flags & ~IPT_F_MASK); return false; -@@ -153,6 +175,8 @@ ip_checkentry(const struct ipt_ip *ip) +@@ -153,6 +178,8 @@ ip_checkentry(const struct ipt_ip *ip) ip->invflags & ~IPT_INV_MASK); return false; } @@ -64,7 +67,7 @@ return true; } -@@ -200,7 +224,6 @@ unconditional(const struct ipt_ip *ip) +@@ -200,7 +227,6 @@ unconditional(const struct ipt_ip *ip) return 0; return 1; |