From: Patrick McHardy <kaber@trash.net>
To: davem@davemloft.net
Cc: netfilter-devel@lists.netfilter.org, Patrick McHardy <kaber@trash.net>
Subject: [NETFILTER 08/10]: Fix xt_policy address matching
Date: Wed, 22 Mar 2006 19:47:55 +0100 (MET) [thread overview]
Message-ID: <20060322184755.5655.37050.sendpatchset@localhost.localdomain> (raw)
In-Reply-To: <20060322184740.5655.7960.sendpatchset@localhost.localdomain>
[NETFILTER]: Fix xt_policy address matching
Fix missing inversion in address matching, it was broken during the
conversion to x_tables.
Signed-off-by: Patrick McHardy <kaber@trash.net>
---
commit 4dea04e970d17675cb21717b7cb02cce02ce155b
tree fdebfbc2ff20d6722d8d951297756b48a2deba47
parent 7eda410688c8365a37c036d9a6d7f6f5a90fa4a9
author Patrick McHardy <kaber@trash.net> Tue, 21 Mar 2006 22:30:25 +0100
committer Patrick McHardy <kaber@trash.net> Tue, 21 Mar 2006 22:30:25 +0100
net/netfilter/xt_policy.c | 6 +++---
1 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/net/netfilter/xt_policy.c b/net/netfilter/xt_policy.c
index d57a611..1099cb0 100644
--- a/net/netfilter/xt_policy.c
+++ b/net/netfilter/xt_policy.c
@@ -27,9 +27,9 @@ xt_addr_cmp(const union xt_policy_addr *
{
switch (family) {
case AF_INET:
- return (a1->a4.s_addr ^ a2->a4.s_addr) & m->a4.s_addr;
+ return !((a1->a4.s_addr ^ a2->a4.s_addr) & m->a4.s_addr);
case AF_INET6:
- return ipv6_masked_addr_cmp(&a1->a6, &m->a6, &a2->a6);
+ return !ipv6_masked_addr_cmp(&a1->a6, &m->a6, &a2->a6);
}
return 0;
}
@@ -44,7 +44,7 @@ match_xfrm_state(struct xfrm_state *x, c
#define MATCH(x,y) (!e->match.x || ((e->x == (y)) ^ e->invert.x))
return MATCH_ADDR(saddr, smask, (union xt_policy_addr *)&x->props.saddr) &&
- MATCH_ADDR(daddr, dmask, (union xt_policy_addr *)&x->id.daddr.a4) &&
+ MATCH_ADDR(daddr, dmask, (union xt_policy_addr *)&x->id.daddr) &&
MATCH(proto, x->id.proto) &&
MATCH(mode, x->props.mode) &&
MATCH(spi, x->id.spi) &&
next prev parent reply other threads:[~2006-03-22 18:47 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-03-22 18:47 [00/10]: Netfilter Update Patrick McHardy
2006-03-22 18:47 ` [NETFILTER 01/10]: Fix ip6tables breakage from {get, set}sockopt compat layer Patrick McHardy
2006-03-22 18:47 ` [NETFILTER 02/10]: Fix Kconfig typos Patrick McHardy
2006-03-22 18:47 ` [NETFILTER 03/10]: ctnetlink: Fix expectaction mask dumping Patrick McHardy
2006-03-22 18:47 ` [NETFILTER 04/10]: nfnetlink_queue: fix nfnetlink message size Patrick McHardy
2006-03-22 18:47 ` [NETFILTER 05/10]: conntrack: cleanup the conntrack ID initialization Patrick McHardy
2006-03-22 18:47 ` [NETFILTER 06/10]: x_tables: set the protocol family in x_tables targets/matches Patrick McHardy
2006-03-22 18:47 ` [NETFILTER 07/10]: nf_conntrack: support for layer 3 protocol load on demand Patrick McHardy
2006-03-22 18:47 ` Patrick McHardy [this message]
2006-03-22 18:47 ` [NETFILTER 09/10]: futher {ip,ip6,arp}_tables unification Patrick McHardy
2006-03-22 18:47 ` [NETFILTER 10/10]: Fix undefined references to get_h225_addr Patrick McHardy
2006-03-22 21:59 ` [00/10]: Netfilter Update David S. Miller
2006-03-23 3:47 ` Patrick McHardy
2006-03-23 3:48 ` Patrick McHardy
2006-03-23 4:10 ` Patrick McHardy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20060322184755.5655.37050.sendpatchset@localhost.localdomain \
--to=kaber@trash.net \
--cc=davem@davemloft.net \
--cc=netfilter-devel@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.