Commit 3d8c6dce authored by Pablo Neira Ayuso's avatar Pablo Neira Ayuso

netfilter: xt_TPROXY: fix invflags check in tproxy_tg6_check()

We have to check for IP6T_INV_PROTO in invflags, instead of flags.
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
Acked-by: default avatarBalazs Scheidler <bazsi@balabit.hu>
parent 4017a7ee
...@@ -513,8 +513,8 @@ static int tproxy_tg6_check(const struct xt_tgchk_param *par) ...@@ -513,8 +513,8 @@ static int tproxy_tg6_check(const struct xt_tgchk_param *par)
{ {
const struct ip6t_ip6 *i = par->entryinfo; const struct ip6t_ip6 *i = par->entryinfo;
if ((i->proto == IPPROTO_TCP || i->proto == IPPROTO_UDP) if ((i->proto == IPPROTO_TCP || i->proto == IPPROTO_UDP) &&
&& !(i->flags & IP6T_INV_PROTO)) !(i->invflags & IP6T_INV_PROTO))
return 0; return 0;
pr_info("Can be used only in combination with " pr_info("Can be used only in combination with "
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment