diff options
author | Rusty Russell <rusty@rustcorp.com.au> | 2005-01-04 04:11:59 -0800 |
---|---|---|
committer | Linus Torvalds <torvalds@ppc970.osdl.org> | 2005-01-04 04:11:59 -0800 |
commit | a18d7224d8f7028a9cd1eda3afb7b3bedc30dd14 (patch) | |
tree | 7bb88df3063746d21f84e58382bdf5ed5486a697 /net | |
parent | b3b8b99e0998f7b02e0f8b6f161fba0146e98ccd (diff) | |
download | history-a18d7224d8f7028a9cd1eda3afb7b3bedc30dd14.tar.gz |
[PATCH] When ipt_ECN needs TCP, check it is not inverted
Writing the nfsim testcase for the ECN target revealed a hole in the
rule checking: when checking whether the rule specified TCP, you need
to check it isn't inverted.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'net')
-rw-r--r-- | net/ipv4/netfilter/ipt_ECN.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/net/ipv4/netfilter/ipt_ECN.c b/net/ipv4/netfilter/ipt_ECN.c index e54bf34d37b028..f2aad39376dbee 100644 --- a/net/ipv4/netfilter/ipt_ECN.c +++ b/net/ipv4/netfilter/ipt_ECN.c @@ -148,7 +148,7 @@ checkentry(const char *tablename, } if ((einfo->operation & (IPT_ECN_OP_SET_ECE|IPT_ECN_OP_SET_CWR)) - && e->ip.proto != IPPROTO_TCP) { + && (e->ip.proto != IPPROTO_TCP || (e->ip.invflags & IPT_INV_PROTO))) { printk(KERN_WARNING "ECN: cannot use TCP operations on a " "non-tcp rule\n"); return 0; |