From mboxrd@z Thu Jan 1 00:00:00 1970 From: Marcus Sundberg Subject: [PATCH] Iptables multiport match fix Date: 09 Jul 2002 22:21:36 +0200 Sender: netfilter-devel-admin@lists.samba.org Message-ID: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: linux-kernel@vger.kernel.org Return-path: To: netfilter-devel@lists.samba.org Errors-To: netfilter-devel-admin@lists.samba.org List-Help: List-Post: List-Subscribe: , List-Unsubscribe: , List-Archive: List-Id: netfilter-devel.vger.kernel.org Hi, The multiport match checks for the IPT_INV_PROTO flag in the 'flags' member of struct ipt_ip instead of in the 'invflags' member. diff -ur linux.current/net/ipv4/netfilter/ipt_multiport.c linux-mine/net/ipv4/netfilter/ipt_multiport.c --- linux-2.4.19-rc1/net/ipv4/netfilter/ipt_multiport.c Tue Jun 20 23:32:27 2000 +++ linux/net/ipv4/netfilter/ipt_multiport.c Tue Jul 9 10:43:23 2002 @@ -78,7 +78,7 @@ /* Must specify proto == TCP/UDP, no unknown flags or bad count */ return (ip->proto == IPPROTO_TCP || ip->proto == IPPROTO_UDP) - && !(ip->flags & IPT_INV_PROTO) + && !(ip->invflags & IPT_INV_PROTO) && matchsize == IPT_ALIGN(sizeof(struct ipt_multiport)) && (multiinfo->flags == IPT_MULTIPORT_SOURCE || multiinfo->flags == IPT_MULTIPORT_DESTINATION (Where should I send this btw? The kernel part of iptables doesn't seem to be in the netfilter CVS. Was I supposed to create a p-o-m patch? Or send it directly to Marcelo?) //Marcus -- ---------------------------------------+-------------------------- Marcus Sundberg | Firewalls with SIP & NAT Firewall Developer, Ingate Systems AB | http://www.ingate.com/