leandrof/linux
1
0
Fork 0
forked from Minki/linux
Code Issues Pull Requests Packages Projects Releases Wiki Activity

netfilter: ipt_ecn: fix inversion for IP header ECN match

Browse Source 
Userspace allows to specify inversion for IP header ECN matches, the
kernel silently accepts it, but doesn't invert the match result.

Signed-off-by: Patrick McHardy <kaber@trash.net>
This commit is contained in:
Patrick McHardy 2011-06-16 17:24:55 +02:00
parent 58d5a0257d
commit db898aa2ef
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
net/ipv4/netfilter/ipt_ecn.c
View File

@ -25,7 +25,8 @@ MODULE_LICENSE("GPL");
static inline bool match_ip(const struct sk_buff *skb,
const struct ipt_ecn_info *einfo)
{
return (ip_hdr(skb)->tos & IPT_ECN_IP_MASK) == einfo->ip_ect;
return ((ip_hdr(skb)->tos & IPT_ECN_IP_MASK) == einfo->ip_ect) ^
!!(einfo->invert & IPT_ECN_OP_MATCH_IP);
}
static inline bool match_tcp(const struct sk_buff *skb,