summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2015-03-20 13:56:06 +0100
committerPablo Neira Ayuso <pablo@netfilter.org>2015-03-20 14:35:33 +0100
commit3d8c6dce53a349df8878d078e56bf429bad572f9 (patch)
tree5356913058aeb077c11708310c3c42ae734f7322
parentnetfilter: restore rule tracing via nfnetlink_log (diff)
downloadlinux-3d8c6dce53a349df8878d078e56bf429bad572f9.tar.xz
linux-3d8c6dce53a349df8878d078e56bf429bad572f9.zip
netfilter: xt_TPROXY: fix invflags check in tproxy_tg6_check()
We have to check for IP6T_INV_PROTO in invflags, instead of flags. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Acked-by: Balazs Scheidler <bazsi@balabit.hu>
-rw-r--r--net/netfilter/xt_TPROXY.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/net/netfilter/xt_TPROXY.c b/net/netfilter/xt_TPROXY.c
index ef8a926752a9..50e1e5aaf4ce 100644
--- a/net/netfilter/xt_TPROXY.c
+++ b/net/netfilter/xt_TPROXY.c
@@ -513,8 +513,8 @@ static int tproxy_tg6_check(const struct xt_tgchk_param *par)
{
const struct ip6t_ip6 *i = par->entryinfo;
- if ((i->proto == IPPROTO_TCP || i->proto == IPPROTO_UDP)
- && !(i->flags & IP6T_INV_PROTO))
+ if ((i->proto == IPPROTO_TCP || i->proto == IPPROTO_UDP) &&
+ !(i->invflags & IP6T_INV_PROTO))
return 0;
pr_info("Can be used only in combination with "