From b9b4c22d7047330289e063cffb4619d1a9980040 Mon Sep 17 00:00:00 2001
From: Patrick McHardy <kaber@trash.net>
Date: Sun, 21 Aug 2005 23:31:43 -0700
Subject: [PATCH] --- yaml --- r: 6402 b: refs/heads/master c:
 05465343bf74e00c8c2c5a310740157de3149f27 h: refs/heads/master v: v3

---
 [refs]                                          | 2 +-
 trunk/include/linux/netfilter_ipv4/ip_tables.h  | 3 ++-
 trunk/include/linux/netfilter_ipv6/ip6_tables.h | 3 ++-
 trunk/net/ipv4/netfilter/ip_tables.c            | 4 ++--
 trunk/net/ipv6/netfilter/ip6_tables.c           | 4 ++--
 5 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/[refs] b/[refs]
index 9d930f35ff2c..8afd036a313a 100644
--- a/[refs]
+++ b/[refs]
@@ -1,2 +1,2 @@
 ---
-refs/heads/master: 764d8a9f240729534a1d8a0ffd39e722cf5cc5af
+refs/heads/master: 05465343bf74e00c8c2c5a310740157de3149f27
diff --git a/trunk/include/linux/netfilter_ipv4/ip_tables.h b/trunk/include/linux/netfilter_ipv4/ip_tables.h
index 12ce47808e7d..d19d65cf4530 100644
--- a/trunk/include/linux/netfilter_ipv4/ip_tables.h
+++ b/trunk/include/linux/netfilter_ipv4/ip_tables.h
@@ -109,7 +109,8 @@ struct ipt_counters
 
 /* Values for "flag" field in struct ipt_ip (general ip structure). */
 #define IPT_F_FRAG		0x01	/* Set if rule is a fragment rule */
-#define IPT_F_MASK		0x01	/* All possible flag bits mask. */
+#define IPT_F_GOTO		0x02	/* Set if jump is a goto */
+#define IPT_F_MASK		0x03	/* All possible flag bits mask. */
 
 /* Values for "inv" field in struct ipt_ip. */
 #define IPT_INV_VIA_IN		0x01	/* Invert the sense of IN IFACE. */
diff --git a/trunk/include/linux/netfilter_ipv6/ip6_tables.h b/trunk/include/linux/netfilter_ipv6/ip6_tables.h
index f1ce3b009853..58c72a52dc65 100644
--- a/trunk/include/linux/netfilter_ipv6/ip6_tables.h
+++ b/trunk/include/linux/netfilter_ipv6/ip6_tables.h
@@ -111,7 +111,8 @@ struct ip6t_counters
 #define IP6T_F_PROTO		0x01	/* Set if rule cares about upper 
 					   protocols */
 #define IP6T_F_TOS		0x02	/* Match the TOS. */
-#define IP6T_F_MASK		0x03	/* All possible flag bits mask. */
+#define IP6T_F_GOTO		0x04	/* Set if jump is a goto */
+#define IP6T_F_MASK		0x07	/* All possible flag bits mask. */
 
 /* Values for "inv" field in struct ip6t_ip6. */
 #define IP6T_INV_VIA_IN		0x01	/* Invert the sense of IN IFACE. */
diff --git a/trunk/net/ipv4/netfilter/ip_tables.c b/trunk/net/ipv4/netfilter/ip_tables.c
index ff8d85d2070d..eef99a1b5de6 100644
--- a/trunk/net/ipv4/netfilter/ip_tables.c
+++ b/trunk/net/ipv4/netfilter/ip_tables.c
@@ -340,8 +340,8 @@ ipt_do_table(struct sk_buff **pskb,
 							 back->comefrom);
 					continue;
 				}
-				if (table_base + v
-				    != (void *)e + e->next_offset) {
+				if (table_base + v != (void *)e + e->next_offset
+				    && !(e->ip.flags & IPT_F_GOTO)) {
 					/* Save old back ptr in next entry */
 					struct ipt_entry *next
 						= (void *)e + e->next_offset;
diff --git a/trunk/net/ipv6/netfilter/ip6_tables.c b/trunk/net/ipv6/netfilter/ip6_tables.c
index 41a67cf6e33a..1cb8adb2787f 100644
--- a/trunk/net/ipv6/netfilter/ip6_tables.c
+++ b/trunk/net/ipv6/netfilter/ip6_tables.c
@@ -433,8 +433,8 @@ ip6t_do_table(struct sk_buff **pskb,
 							 back->comefrom);
 					continue;
 				}
-				if (table_base + v
-				    != (void *)e + e->next_offset) {
+				if (table_base + v != (void *)e + e->next_offset
+				    && !(e->ipv6.flags & IP6T_F_GOTO)) {
 					/* Save old back ptr in next entry */
 					struct ip6t_entry *next
 						= (void *)e + e->next_offset;