diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2015-03-20 13:56:06 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2015-03-20 14:35:33 +0100 |
commit | 3d8c6dce53a349df8878d078e56bf429bad572f9 (patch) | |
tree | 5356913058aeb077c11708310c3c42ae734f7322 | |
parent | netfilter: restore rule tracing via nfnetlink_log (diff) | |
download | linux-3d8c6dce53a349df8878d078e56bf429bad572f9.tar.xz linux-3d8c6dce53a349df8878d078e56bf429bad572f9.zip |
netfilter: xt_TPROXY: fix invflags check in tproxy_tg6_check()
We have to check for IP6T_INV_PROTO in invflags, instead of flags.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Acked-by: Balazs Scheidler <bazsi@balabit.hu>
-rw-r--r-- | net/netfilter/xt_TPROXY.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/net/netfilter/xt_TPROXY.c b/net/netfilter/xt_TPROXY.c index ef8a926752a9..50e1e5aaf4ce 100644 --- a/net/netfilter/xt_TPROXY.c +++ b/net/netfilter/xt_TPROXY.c @@ -513,8 +513,8 @@ static int tproxy_tg6_check(const struct xt_tgchk_param *par) { const struct ip6t_ip6 *i = par->entryinfo; - if ((i->proto == IPPROTO_TCP || i->proto == IPPROTO_UDP) - && !(i->flags & IP6T_INV_PROTO)) + if ((i->proto == IPPROTO_TCP || i->proto == IPPROTO_UDP) && + !(i->invflags & IP6T_INV_PROTO)) return 0; pr_info("Can be used only in combination with " |