diff options
| -rw-r--r-- | net/netfilter/nft_range.c | 10 |
1 files changed, 4 insertions, 6 deletions
diff --git a/net/netfilter/nft_range.c b/net/netfilter/nft_range.c index 9bc4586c3006..fbc88009ca2e 100644 --- a/net/netfilter/nft_range.c +++ b/net/netfilter/nft_range.c | |||
| @@ -28,22 +28,20 @@ static void nft_range_eval(const struct nft_expr *expr, | |||
| 28 | const struct nft_pktinfo *pkt) | 28 | const struct nft_pktinfo *pkt) |
| 29 | { | 29 | { |
| 30 | const struct nft_range_expr *priv = nft_expr_priv(expr); | 30 | const struct nft_range_expr *priv = nft_expr_priv(expr); |
| 31 | bool mismatch; | ||
| 32 | int d1, d2; | 31 | int d1, d2; |
| 33 | 32 | ||
| 34 | d1 = memcmp(®s->data[priv->sreg], &priv->data_from, priv->len); | 33 | d1 = memcmp(®s->data[priv->sreg], &priv->data_from, priv->len); |
| 35 | d2 = memcmp(®s->data[priv->sreg], &priv->data_to, priv->len); | 34 | d2 = memcmp(®s->data[priv->sreg], &priv->data_to, priv->len); |
| 36 | switch (priv->op) { | 35 | switch (priv->op) { |
| 37 | case NFT_RANGE_EQ: | 36 | case NFT_RANGE_EQ: |
| 38 | mismatch = (d1 < 0 || d2 > 0); | 37 | if (d1 < 0 || d2 > 0) |
| 38 | regs->verdict.code = NFT_BREAK; | ||
| 39 | break; | 39 | break; |
| 40 | case NFT_RANGE_NEQ: | 40 | case NFT_RANGE_NEQ: |
| 41 | mismatch = (d1 >= 0 && d2 <= 0); | 41 | if (d1 >= 0 && d2 <= 0) |
| 42 | regs->verdict.code = NFT_BREAK; | ||
| 42 | break; | 43 | break; |
| 43 | } | 44 | } |
| 44 | |||
| 45 | if (mismatch) | ||
| 46 | regs->verdict.code = NFT_BREAK; | ||
| 47 | } | 45 | } |
| 48 | 46 | ||
| 49 | static const struct nla_policy nft_range_policy[NFTA_RANGE_MAX + 1] = { | 47 | static const struct nla_policy nft_range_policy[NFTA_RANGE_MAX + 1] = { |