--- a/net/ipv4/netfilter/ip_tables.c
+++ b/net/ipv4/netfilter/ip_tables.c
-@@ -310,6 +310,33 @@ struct ipt_entry *ipt_next_entry(const s
+@@ -309,6 +309,33 @@ struct ipt_entry *ipt_next_entry(const s
return (void *)entry + entry->next_offset;
}
/* Returns one of the generic firewall policies, like NF_ACCEPT. */
unsigned int
ipt_do_table(struct sk_buff *skb,
-@@ -334,6 +361,25 @@ ipt_do_table(struct sk_buff *skb,
+@@ -333,6 +360,25 @@ ipt_do_table(struct sk_buff *skb,
ip = ip_hdr(skb);
indev = in ? in->name : nulldevname;
outdev = out ? out->name : nulldevname;
/* We handle fragments by dealing with the first fragment as
* if it was a normal packet. All other fragments are treated
* normally, except that they will NEVER match rules that ask
-@@ -348,18 +394,6 @@ ipt_do_table(struct sk_buff *skb,
+@@ -347,18 +393,6 @@ ipt_do_table(struct sk_buff *skb,
acpar.family = NFPROTO_IPV4;
acpar.hooknum = hook;