Commit a18d7224 authored by Rusty Russell's avatar Rusty Russell Committed by Linus Torvalds

[PATCH] When ipt_ECN needs TCP, check it is not inverted

Writing the nfsim testcase for the ECN target revealed a hole in the
rule checking: when checking whether the rule specified TCP, you need
to check it isn't inverted.
Signed-off-by: default avatarRusty Russell <rusty@rustcorp.com.au>
Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
parent b3b8b99e
...@@ -148,7 +148,7 @@ checkentry(const char *tablename, ...@@ -148,7 +148,7 @@ checkentry(const char *tablename,
} }
if ((einfo->operation & (IPT_ECN_OP_SET_ECE|IPT_ECN_OP_SET_CWR)) if ((einfo->operation & (IPT_ECN_OP_SET_ECE|IPT_ECN_OP_SET_CWR))
&& e->ip.proto != IPPROTO_TCP) { && (e->ip.proto != IPPROTO_TCP || (e->ip.invflags & IPT_INV_PROTO))) {
printk(KERN_WARNING "ECN: cannot use TCP operations on a " printk(KERN_WARNING "ECN: cannot use TCP operations on a "
"non-tcp rule\n"); "non-tcp rule\n");
return 0; return 0;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment