Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1756649AbYKGXgX (ORCPT ); Fri, 7 Nov 2008 18:36:23 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1754863AbYKGX1D (ORCPT ); Fri, 7 Nov 2008 18:27:03 -0500 Received: from kroah.org ([198.145.64.141]:47647 "EHLO coco.kroah.org" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1754857AbYKGX1A (ORCPT ); Fri, 7 Nov 2008 18:27:00 -0500 Date: Fri, 7 Nov 2008 15:26:26 -0800 From: Greg KH To: linux-kernel@vger.kernel.org, stable@kernel.org Cc: Justin Forbes , Zwane Mwaikambo , "Theodore Ts'o" , Randy Dunlap , Dave Jones , Chuck Wolber , Chris Wedgwood , Michael Krufky , Chuck Ebbert , Domenico Andreoli , Willy Tarreau , Rodrigo Rubira Branco , Jake Edge , Eugene Teo , torvalds@linux-foundation.org, akpm@linux-foundation.org, alan@lxorguk.ukuu.org.uk, netfilter-devel@vger.kernel.org, Patrick McHardy , davem@davemloft.net, Alexey Dobriyan , Jan Engelhardt Subject: [patch 14/16] netfilter: xt_iprange: fix range inversion match Message-ID: <20081107232626.GO4282@kroah.com> References: <20081107231848.995297975@mini.kroah.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline; filename="netfilter-xt_iprange-fix-range-inversion-match.patch" In-Reply-To: <20081107232544.GA4282@kroah.com> User-Agent: Mutt/1.5.16 (2007-06-09) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 2318 Lines: 66 2.6.25-stable review patch. If anyone has any objections, please let us know. ------------------ From: Alexey Dobriyan netfilter: xt_iprange: fix range inversion match Upstream commit 6def1eb48: Inverted IPv4 v1 and IPv6 v0 matches don't match anything since 2.6.25-rc1! Signed-off-by: Alexey Dobriyan Acked-by: Jan Engelhardt Signed-off-by: Patrick McHardy Signed-off-by: Greg Kroah-Hartman --- net/netfilter/xt_iprange.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) --- a/net/netfilter/xt_iprange.c +++ b/net/netfilter/xt_iprange.c @@ -67,7 +67,7 @@ iprange_mt4(const struct sk_buff *skb, c if (info->flags & IPRANGE_SRC) { m = ntohl(iph->saddr) < ntohl(info->src_min.ip); m |= ntohl(iph->saddr) > ntohl(info->src_max.ip); - m ^= info->flags & IPRANGE_SRC_INV; + m ^= !!(info->flags & IPRANGE_SRC_INV); if (m) { pr_debug("src IP " NIPQUAD_FMT " NOT in range %s" NIPQUAD_FMT "-" NIPQUAD_FMT "\n", @@ -81,7 +81,7 @@ iprange_mt4(const struct sk_buff *skb, c if (info->flags & IPRANGE_DST) { m = ntohl(iph->daddr) < ntohl(info->dst_min.ip); m |= ntohl(iph->daddr) > ntohl(info->dst_max.ip); - m ^= info->flags & IPRANGE_DST_INV; + m ^= !!(info->flags & IPRANGE_DST_INV); if (m) { pr_debug("dst IP " NIPQUAD_FMT " NOT in range %s" NIPQUAD_FMT "-" NIPQUAD_FMT "\n", @@ -123,14 +123,14 @@ iprange_mt6(const struct sk_buff *skb, c if (info->flags & IPRANGE_SRC) { m = iprange_ipv6_sub(&iph->saddr, &info->src_min.in6) < 0; m |= iprange_ipv6_sub(&iph->saddr, &info->src_max.in6) > 0; - m ^= info->flags & IPRANGE_SRC_INV; + m ^= !!(info->flags & IPRANGE_SRC_INV); if (m) return false; } if (info->flags & IPRANGE_DST) { m = iprange_ipv6_sub(&iph->daddr, &info->dst_min.in6) < 0; m |= iprange_ipv6_sub(&iph->daddr, &info->dst_max.in6) > 0; - m ^= info->flags & IPRANGE_DST_INV; + m ^= !!(info->flags & IPRANGE_DST_INV); if (m) return false; } -- -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/