qi-hardware/openwrt-xburst
1
0
Fork 0
mirror of git://projects.qi-hardware.com/openwrt-xburst.git synced 2025-04-21 12:27:27 +03:00
Code Activity

netfilter: fix ABI breakage caused by the netfilter match optimization (fixes #5628)

Browse Source 
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@20552 3c298f89-4303-0410-b956-a3cf2f4a3e73
This commit is contained in:
nbd
2010-03-28 19:05:59 +00:00
parent bc3d4f5dfd
commit 244c45bd27
5 changed files with 115 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
target/linux/generic-2.6/patches-2.6.30/110-netfilter_match_speedup.patch
View File

@@ -119,3 +119,26 @@
/* For return from builtin chain */ /* For return from builtin chain */
back = get_entry(table_base, private->underflow[hook]); back = get_entry(table_base, private->underflow[hook]);
@@ -976,6 +1015,7 @@ copy_entries_to_user(unsigned int total_
unsigned int i;
const struct ipt_entry_match *m;
const struct ipt_entry_target *t;
+ u8 flags;
e = (struct ipt_entry *)(loc_cpu_entry + off);
if (copy_to_user(userptr + off
@@ -986,6 +1026,14 @@ copy_entries_to_user(unsigned int total_
goto free_counters;
}
+ flags = e->ip.flags & ~IPT_F_NO_DEF_MATCH;
+ if (copy_to_user(userptr + off
+ + offsetof(struct ipt_entry, ip.flags),
+ &flags, sizeof(flags)) != 0) {
+ ret = -EFAULT;
+ goto free_counters;
+ }
+
for (i = sizeof(struct ipt_entry);
i < e->target_offset;
i += m->u.match_size) {

23
target/linux/generic-2.6/patches-2.6.31/110-netfilter_match_speedup.patch
View File

@@ -119,3 +119,26 @@
/* For return from builtin chain */ /* For return from builtin chain */
back = get_entry(table_base, private->underflow[hook]); back = get_entry(table_base, private->underflow[hook]);
@@ -978,6 +1017,7 @@ copy_entries_to_user(unsigned int total_
unsigned int i;
const struct ipt_entry_match *m;
const struct ipt_entry_target *t;
+ u8 flags;
e = (struct ipt_entry *)(loc_cpu_entry + off);
if (copy_to_user(userptr + off
@@ -988,6 +1028,14 @@ copy_entries_to_user(unsigned int total_
goto free_counters;
}
+ flags = e->ip.flags & ~IPT_F_NO_DEF_MATCH;
+ if (copy_to_user(userptr + off
+ + offsetof(struct ipt_entry, ip.flags),
+ &flags, sizeof(flags)) != 0) {
+ ret = -EFAULT;
+ goto free_counters;
+ }
+
for (i = sizeof(struct ipt_entry);
i < e->target_offset;
i += m->u.match_size) {

23
target/linux/generic-2.6/patches-2.6.32/110-netfilter_match_speedup.patch
View File

@@ -119,3 +119,26 @@
/* For return from builtin chain */ /* For return from builtin chain */
back = get_entry(table_base, private->underflow[hook]); back = get_entry(table_base, private->underflow[hook]);
@@ -992,6 +1031,7 @@ copy_entries_to_user(unsigned int total_
unsigned int i;
const struct ipt_entry_match *m;
const struct ipt_entry_target *t;
+ u8 flags;
e = (struct ipt_entry *)(loc_cpu_entry + off);
if (copy_to_user(userptr + off
@@ -1002,6 +1042,14 @@ copy_entries_to_user(unsigned int total_
goto free_counters;
}
+ flags = e->ip.flags & ~IPT_F_NO_DEF_MATCH;
+ if (copy_to_user(userptr + off
+ + offsetof(struct ipt_entry, ip.flags),
+ &flags, sizeof(flags)) != 0) {
+ ret = -EFAULT;
+ goto free_counters;
+ }
+
for (i = sizeof(struct ipt_entry);
i < e->target_offset;
i += m->u.match_size) {

23
target/linux/generic-2.6/patches-2.6.33/110-netfilter_match_speedup.patch
View File

@@ -119,3 +119,26 @@
/* For return from builtin chain */ /* For return from builtin chain */
back = get_entry(table_base, private->underflow[hook]); back = get_entry(table_base, private->underflow[hook]);
@@ -992,6 +1031,7 @@ copy_entries_to_user(unsigned int total_
unsigned int i;
const struct ipt_entry_match *m;
const struct ipt_entry_target *t;
+ u8 flags;
e = (struct ipt_entry *)(loc_cpu_entry + off);
if (copy_to_user(userptr + off
@@ -1002,6 +1042,14 @@ copy_entries_to_user(unsigned int total_
goto free_counters;
}
+ flags = e->ip.flags & ~IPT_F_NO_DEF_MATCH;
+ if (copy_to_user(userptr + off
+ + offsetof(struct ipt_entry, ip.flags),
+ &flags, sizeof(flags)) != 0) {
+ ret = -EFAULT;
+ goto free_counters;
+ }
+
for (i = sizeof(struct ipt_entry);
i < e->target_offset;
i += m->u.match_size) {

23
target/linux/generic-2.6/patches-2.6.34/110-netfilter_match_speedup.patch
View File

@@ -119,3 +119,26 @@
/* For return from builtin chain */ /* For return from builtin chain */
back = get_entry(table_base, private->underflow[hook]); back = get_entry(table_base, private->underflow[hook]);
@@ -992,6 +1031,7 @@ copy_entries_to_user(unsigned int total_
unsigned int i;
const struct ipt_entry_match *m;
const struct ipt_entry_target *t;
+ u8 flags;
e = (struct ipt_entry *)(loc_cpu_entry + off);
if (copy_to_user(userptr + off
@@ -1002,6 +1042,14 @@ copy_entries_to_user(unsigned int total_
goto free_counters;
}
+ flags = e->ip.flags & ~IPT_F_NO_DEF_MATCH;
+ if (copy_to_user(userptr + off
+ + offsetof(struct ipt_entry, ip.flags),
+ &flags, sizeof(flags)) != 0) {
+ ret = -EFAULT;
+ goto free_counters;
+ }
+
for (i = sizeof(struct ipt_entry);
i < e->target_offset;
i += m->u.match_size) {