netfilter: xt_iprange: fix range inversion match

Inverted IPv4 v1 and IPv6 v0 matches don't match anything since 2.6.25-rc1! Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Acked-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Alexey Dobriyan <adobriyan@gmail.com> 2008-10-20 06:32:21 -0400
committer: David S. Miller <davem@davemloft.net> 2008-10-20 06:32:21 -0400
commit: 6def1eb48101600884ebed56de03041fadc7a985 (patch)
tree: 7391376180f169db3a8ebec8cc4cb3eb81b55040 /net
parent: 10a03a42d140a029bcba531df2897839f3569871 (diff)
1 files changed, 4 insertions, 4 deletions
diff --git a/net/netfilter/xt_iprange.c b/net/netfilter/xt_iprange.c
index 6f62c36948d9..7ac54eab0b00 100644
--- a/net/netfilter/xt_iprange.c
+++ b/net/netfilter/xt_iprange.c
@@ -61,7 +61,7 @@ iprange_mt4(const struct sk_buff *skb, const struct xt_match_param *par)
        if (info->flags & IPRANGE_SRC) {
                m  = ntohl(iph->saddr) < ntohl(info->src_min.ip);
                m |= ntohl(iph->saddr) > ntohl(info->src_max.ip);
-                m ^= info->flags & IPRANGE_SRC_INV;
+                m ^= !!(info->flags & IPRANGE_SRC_INV);
                if (m) {
                        pr_debug("src IP " NIPQUAD_FMT " NOT in range %s"
                                 NIPQUAD_FMT "-" NIPQUAD_FMT "\n",
@@ -75,7 +75,7 @@ iprange_mt4(const struct sk_buff *skb, const struct xt_match_param *par)
        if (info->flags & IPRANGE_DST) {
                m  = ntohl(iph->daddr) < ntohl(info->dst_min.ip);
                m |= ntohl(iph->daddr) > ntohl(info->dst_max.ip);
-                m ^= info->flags & IPRANGE_DST_INV;
+                m ^= !!(info->flags & IPRANGE_DST_INV);
                if (m) {
                        pr_debug("dst IP " NIPQUAD_FMT " NOT in range %s"
                                 NIPQUAD_FMT "-" NIPQUAD_FMT "\n",
@@ -114,14 +114,14 @@ iprange_mt6(const struct sk_buff *skb, const struct xt_match_param *par)
        if (info->flags & IPRANGE_SRC) {
                m  = iprange_ipv6_sub(&iph->saddr, &info->src_min.in6) < 0;
                m |= iprange_ipv6_sub(&iph->saddr, &info->src_max.in6) > 0;
-                m ^= info->flags & IPRANGE_SRC_INV;
+                m ^= !!(info->flags & IPRANGE_SRC_INV);
                if (m)
                        return false;
        }
        if (info->flags & IPRANGE_DST) {
                m  = iprange_ipv6_sub(&iph->daddr, &info->dst_min.in6) < 0;
                m |= iprange_ipv6_sub(&iph->daddr, &info->dst_max.in6) > 0;
-                m ^= info->flags & IPRANGE_DST_INV;
+                m ^= !!(info->flags & IPRANGE_DST_INV);
                if (m)
                        return false;
        }
author	Alexey Dobriyan <adobriyan@gmail.com>	2008-10-20 06:32:21 -0400
committer	David S. Miller <davem@davemloft.net>	2008-10-20 06:32:21 -0400
commit	6def1eb48101600884ebed56de03041fadc7a985 (patch)
tree	7391376180f169db3a8ebec8cc4cb3eb81b55040 /net
parent	10a03a42d140a029bcba531df2897839f3569871 (diff)

diff --git a/net/netfilter/xt_iprange.c b/net/netfilter/xt_iprange.c index 6f62c36948d9..7ac54eab0b00 100644 --- a/net/netfilter/xt_iprange.c +++ b/net/netfilter/xt_iprange.c
@@ -61,7 +61,7 @@ iprange_mt4(const struct sk_buff skb, const struct xt_match_param par)
61	if (info->flags & IPRANGE_SRC) {	61	if (info->flags & IPRANGE_SRC) {
62	m = ntohl(iph->saddr) < ntohl(info->src_min.ip);	62	m = ntohl(iph->saddr) < ntohl(info->src_min.ip);
63	m \|= ntohl(iph->saddr) > ntohl(info->src_max.ip);	63	m \|= ntohl(iph->saddr) > ntohl(info->src_max.ip);
64	m ^= info->flags & IPRANGE_SRC_INV;	64	m ^= !!(info->flags & IPRANGE_SRC_INV);
65	if (m) {	65	if (m) {
66	pr_debug("src IP " NIPQUAD_FMT " NOT in range %s"	66	pr_debug("src IP " NIPQUAD_FMT " NOT in range %s"
67	NIPQUAD_FMT "-" NIPQUAD_FMT "\n",	67	NIPQUAD_FMT "-" NIPQUAD_FMT "\n",
@@ -75,7 +75,7 @@ iprange_mt4(const struct sk_buff skb, const struct xt_match_param par)
75	if (info->flags & IPRANGE_DST) {	75	if (info->flags & IPRANGE_DST) {
76	m = ntohl(iph->daddr) < ntohl(info->dst_min.ip);	76	m = ntohl(iph->daddr) < ntohl(info->dst_min.ip);
77	m \|= ntohl(iph->daddr) > ntohl(info->dst_max.ip);	77	m \|= ntohl(iph->daddr) > ntohl(info->dst_max.ip);
78	m ^= info->flags & IPRANGE_DST_INV;	78	m ^= !!(info->flags & IPRANGE_DST_INV);
79	if (m) {	79	if (m) {
80	pr_debug("dst IP " NIPQUAD_FMT " NOT in range %s"	80	pr_debug("dst IP " NIPQUAD_FMT " NOT in range %s"
81	NIPQUAD_FMT "-" NIPQUAD_FMT "\n",	81	NIPQUAD_FMT "-" NIPQUAD_FMT "\n",
@@ -114,14 +114,14 @@ iprange_mt6(const struct sk_buff skb, const struct xt_match_param par)
114	if (info->flags & IPRANGE_SRC) {	114	if (info->flags & IPRANGE_SRC) {
115	m = iprange_ipv6_sub(&iph->saddr, &info->src_min.in6) < 0;	115	m = iprange_ipv6_sub(&iph->saddr, &info->src_min.in6) < 0;
116	m \|= iprange_ipv6_sub(&iph->saddr, &info->src_max.in6) > 0;	116	m \|= iprange_ipv6_sub(&iph->saddr, &info->src_max.in6) > 0;
117	m ^= info->flags & IPRANGE_SRC_INV;	117	m ^= !!(info->flags & IPRANGE_SRC_INV);
118	if (m)	118	if (m)
119	return false;	119	return false;
120	}	120	}
121	if (info->flags & IPRANGE_DST) {	121	if (info->flags & IPRANGE_DST) {
122	m = iprange_ipv6_sub(&iph->daddr, &info->dst_min.in6) < 0;	122	m = iprange_ipv6_sub(&iph->daddr, &info->dst_min.in6) < 0;
123	m \|= iprange_ipv6_sub(&iph->daddr, &info->dst_max.in6) > 0;	123	m \|= iprange_ipv6_sub(&iph->daddr, &info->dst_max.in6) > 0;
124	m ^= info->flags & IPRANGE_DST_INV;	124	m ^= !!(info->flags & IPRANGE_DST_INV);
125	if (m)	125	if (m)
126	return false;	126	return false;
127	}	127	}