Home Esplora Aiuto
Registrati Accedi
phyus
/
linux-vybrid_public
8
0
Forka 0
File Problemi 0 Pull Requests 0 Wiki
Sfoglia il codice sorgente

netfilter: ipt_ecn: fix inversion for IP header ECN match

Userspace allows to specify inversion for IP header ECN matches, the
kernel silently accepts it, but doesn't invert the match result.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Patrick McHardy 14 anni fa
parent
58d5a0257d
commit
db898aa2ef
1 ha cambiato i file con 2 aggiunte e 1 eliminazioni
Visualizzazione separata Mostra Diff Stats
  1. 2 1
      net/ipv4/netfilter/ipt_ecn.c

+ 2 - 1
net/ipv4/netfilter/ipt_ecn.c
Vedi File 

@@ -25,7 +25,8 @@ MODULE_LICENSE("GPL");
 
 static inline bool match_ip(const struct sk_buff *skb,
 
 			    const struct ipt_ecn_info *einfo)
 
 {
 
-	return (ip_hdr(skb)->tos & IPT_ECN_IP_MASK) == einfo->ip_ect;
 
+	return ((ip_hdr(skb)->tos & IPT_ECN_IP_MASK) == einfo->ip_ect) ^
 
+	       !!(einfo->invert & IPT_ECN_OP_MATCH_IP);
 
 }
 
 
 static inline bool match_tcp(const struct sk_buff *skb,