[PATCH] When ipt_ECN needs TCP, check it is not inverted

Writing the nfsim testcase for the ECN target revealed a hole in the rule checking: when checking whether the rule specified TCP, you need to check it isn't inverted. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
author: Rusty Russell <rusty@rustcorp.com.au> 2005-01-04 04:11:59 -0800
committer: Linus Torvalds <torvalds@ppc970.osdl.org> 2005-01-04 04:11:59 -0800
commit: a18d7224d8f7028a9cd1eda3afb7b3bedc30dd14 (patch)
tree: 7bb88df3063746d21f84e58382bdf5ed5486a697 /net
parent: b3b8b99e0998f7b02e0f8b6f161fba0146e98ccd (diff)
download: history-a18d7224d8f7028a9cd1eda3afb7b3bedc30dd14.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/net/ipv4/netfilter/ipt_ECN.c b/net/ipv4/netfilter/ipt_ECN.c
index e54bf34d37b028..f2aad39376dbee 100644
--- a/net/ipv4/netfilter/ipt_ECN.c
+++ b/net/ipv4/netfilter/ipt_ECN.c
@@ -148,7 +148,7 @@ checkentry(const char *tablename,
 	}
 
 	if ((einfo->operation & (IPT_ECN_OP_SET_ECE|IPT_ECN_OP_SET_CWR))
-	    && e->ip.proto != IPPROTO_TCP) {
+	    && (e->ip.proto != IPPROTO_TCP || (e->ip.invflags & IPT_INV_PROTO))) {
 		printk(KERN_WARNING "ECN: cannot use TCP operations on a "
 		       "non-tcp rule\n");
 		return 0;
author	Rusty Russell <rusty@rustcorp.com.au>	2005-01-04 04:11:59 -0800
committer	Linus Torvalds <torvalds@ppc970.osdl.org>	2005-01-04 04:11:59 -0800
commit	a18d7224d8f7028a9cd1eda3afb7b3bedc30dd14 (patch)
tree	7bb88df3063746d21f84e58382bdf5ed5486a697 /net
parent	b3b8b99e0998f7b02e0f8b6f161fba0146e98ccd (diff)
download	history-a18d7224d8f7028a9cd1eda3afb7b3bedc30dd14.tar.gz