/* Returns one of the generic firewall policies, like NF_ACCEPT. */
unsigned int
ipt_do_table(struct sk_buff *skb,
-@@ -334,6 +361,25 @@ ipt_do_table(struct sk_buff *skb,
- ip = ip_hdr(skb);
- indev = in ? in->name : nulldevname;
- outdev = out ? out->name : nulldevname;
-+
+@@ -331,9 +358,27 @@ ipt_do_table(struct sk_buff *skb,
+ unsigned int addend;
+
+ /* Initialization */
+ IP_NF_ASSERT(table->valid_hooks & (1 << hook));
+ local_bh_disable();
-+ addend = xt_write_recseq_begin();
+ private = table->private;
+ cpu = smp_processor_id();
+ table_base = private->entries[cpu];
-+ jumpstack = (struct ipt_entry **)private->jumpstack[cpu];
-+ stackptr = per_cpu_ptr(private->stackptr, cpu);
-+ origptr = *stackptr;
-+
+ e = get_entry(table_base, private->hook_entry[hook]);
+ if (ipt_handle_default_rule(e, &verdict)) {
+ ADD_COUNTER(e->counters, skb->len, 1);
-+ xt_write_recseq_end(addend);
+ local_bh_enable();
+ return verdict;
+ }
++
+ ip = ip_hdr(skb);
+ indev = in ? in->name : nulldevname;
+ outdev = out ? out->name : nulldevname;
++
++ addend = xt_write_recseq_begin();
++ jumpstack = (struct ipt_entry **)private->jumpstack[cpu];
++ stackptr = per_cpu_ptr(private->stackptr, cpu);
++ origptr = *stackptr;
+
/* We handle fragments by dealing with the first fragment as
* if it was a normal packet. All other fragments are treated
* normally, except that they will NEVER match rules that ask
-@@ -348,18 +394,6 @@ ipt_do_table(struct sk_buff *skb,
+@@ -348,18 +393,6 @@ ipt_do_table(struct sk_buff *skb,
acpar.family = NFPROTO_IPV4;
acpar.hooknum = hook;