From 4aca87515a5083ae0e31ce3177189fd43b6d05ac Mon Sep 17 00:00:00 2001
From: Andreas Baumann <mail@andreasbaumann.cc>
Date: Sat, 3 Jan 2015 13:58:15 +0100
Subject: patch to Vanilla Tomato 1.28

---
 release/src/linux/linux/net/ipv4/netfilter/ipt_mac.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'release/src/linux/linux/net/ipv4/netfilter/ipt_mac.c')

diff --git a/release/src/linux/linux/net/ipv4/netfilter/ipt_mac.c b/release/src/linux/linux/net/ipv4/netfilter/ipt_mac.c
index b320e29b..d0475155 100644
--- a/release/src/linux/linux/net/ipv4/netfilter/ipt_mac.c
+++ b/release/src/linux/linux/net/ipv4/netfilter/ipt_mac.c
@@ -19,7 +19,8 @@ match(const struct sk_buff *skb,
     const struct ipt_mac_info *info = matchinfo;
 
     /* Is mac pointer valid? */
-    return (skb->mac.raw >= skb->head
+    return (in != NULL		// added for OUTPUT experiment -- zzz
+		&& skb->mac.raw >= skb->head
 	    && (skb->mac.raw + ETH_HLEN) <= skb->data
 	    /* If so, compare... */
 	    && ((memcmp(skb->mac.ethernet->h_source, info->srcaddr, ETH_ALEN)
@@ -33,6 +34,7 @@ ipt_mac_checkentry(const char *tablename,
 		   unsigned int matchsize,
 		   unsigned int hook_mask)
 {
+#if 0	// removed for OUTPUT experiment --jz
 	/* FORWARD isn't always valid, but it's nice to be able to do --RR */
 	if (hook_mask
 	    & ~((1 << NF_IP_PRE_ROUTING) | (1 << NF_IP_LOCAL_IN)
@@ -40,7 +42,7 @@ ipt_mac_checkentry(const char *tablename,
 		printk("ipt_mac: only valid for PRE_ROUTING, LOCAL_IN or FORWARD.\n");
 		return 0;
 	}
-
+#endif
 	if (matchsize != IPT_ALIGN(sizeof(struct ipt_mac_info)))
 		return 0;
 
-- 
cgit v1.2.3-54-g00ecf