diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2015-03-20 08:56:06 -0400 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2015-03-20 09:35:33 -0400 |
| commit | 3d8c6dce53a349df8878d078e56bf429bad572f9 (patch) | |
| tree | 5356913058aeb077c11708310c3c42ae734f7322 /net/netfilter | |
| parent | 4017a7ee693d1cae6735c0dac21594a7c6416c4c (diff) | |
netfilter: xt_TPROXY: fix invflags check in tproxy_tg6_check()
We have to check for IP6T_INV_PROTO in invflags, instead of flags.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Acked-by: Balazs Scheidler <bazsi@balabit.hu>
Diffstat (limited to 'net/netfilter')
| -rw-r--r-- | net/netfilter/xt_TPROXY.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/net/netfilter/xt_TPROXY.c b/net/netfilter/xt_TPROXY.c index ef8a926752a9..50e1e5aaf4ce 100644 --- a/net/netfilter/xt_TPROXY.c +++ b/net/netfilter/xt_TPROXY.c | |||
| @@ -513,8 +513,8 @@ static int tproxy_tg6_check(const struct xt_tgchk_param *par) | |||
| 513 | { | 513 | { |
| 514 | const struct ip6t_ip6 *i = par->entryinfo; | 514 | const struct ip6t_ip6 *i = par->entryinfo; |
| 515 | 515 | ||
| 516 | if ((i->proto == IPPROTO_TCP || i->proto == IPPROTO_UDP) | 516 | if ((i->proto == IPPROTO_TCP || i->proto == IPPROTO_UDP) && |
| 517 | && !(i->flags & IP6T_INV_PROTO)) | 517 | !(i->invflags & IP6T_INV_PROTO)) |
| 518 | return 0; | 518 | return 0; |
| 519 | 519 | ||
| 520 | pr_info("Can be used only in combination with " | 520 | pr_info("Can be used only in combination with " |