diff options
| author | Ingo Molnar <mingo@elte.hu> | 2011-07-01 10:28:42 +0200 |
|---|---|---|
| committer | Ingo Molnar <mingo@elte.hu> | 2011-07-01 10:28:46 +0200 |
| commit | 10e6962765f8213941eaa1cbb9de425ff0689e2e (patch) | |
| tree | c277e4ac5b2b7156152454578c39e90da5127dd8 /net/ipv4/netfilter/ipt_ecn.c | |
| parent | af07ce3e77d3b24ab1d71fcc5833d41800f23b2b (diff) | |
| parent | b0af8dfdd67699e25083478c63eedef2e72ebd85 (diff) | |
Merge commit 'v3.0-rc5' into perf/core
Merge reason: Pick up the latest fixes.
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Diffstat (limited to 'net/ipv4/netfilter/ipt_ecn.c')
| -rw-r--r-- | net/ipv4/netfilter/ipt_ecn.c | 7 |
1 files changed, 3 insertions, 4 deletions
diff --git a/net/ipv4/netfilter/ipt_ecn.c b/net/ipv4/netfilter/ipt_ecn.c index af6e9c778345..2b57e52c746c 100644 --- a/net/ipv4/netfilter/ipt_ecn.c +++ b/net/ipv4/netfilter/ipt_ecn.c @@ -25,7 +25,8 @@ MODULE_LICENSE("GPL"); static inline bool match_ip(const struct sk_buff *skb, const struct ipt_ecn_info *einfo) { - return (ip_hdr(skb)->tos & IPT_ECN_IP_MASK) == einfo->ip_ect; + return ((ip_hdr(skb)->tos & IPT_ECN_IP_MASK) == einfo->ip_ect) ^ + !!(einfo->invert & IPT_ECN_OP_MATCH_IP); } static inline bool match_tcp(const struct sk_buff *skb, @@ -76,8 +77,6 @@ static bool ecn_mt(const struct sk_buff *skb, struct xt_action_param *par) return false; if (info->operation & (IPT_ECN_OP_MATCH_ECE|IPT_ECN_OP_MATCH_CWR)) { - if (ip_hdr(skb)->protocol != IPPROTO_TCP) - return false; if (!match_tcp(skb, info, &par->hotdrop)) return false; } @@ -97,7 +96,7 @@ static int ecn_mt_check(const struct xt_mtchk_param *par) return -EINVAL; if (info->operation & (IPT_ECN_OP_MATCH_ECE|IPT_ECN_OP_MATCH_CWR) && - ip->proto != IPPROTO_TCP) { + (ip->proto != IPPROTO_TCP || ip->invflags & IPT_INV_PROTO)) { pr_info("cannot match TCP bits in rule for non-tcp packets\n"); return -EINVAL; } |