[netfilter-cvslog] r7017 -
trunk/patch-o-matic-ng/patchlets/set/linux-2.6/net/ipv4/netfilter
kadlec at blackhole.kfki.hu
kadlec at blackhole.kfki.hu
Wed Sep 5 13:41:13 CEST 2007
Author: kadlec at blackhole.kfki.hu
Date: 2007-09-05 13:41:12 +0200 (Wed, 05 Sep 2007)
New Revision: 7017
Modified:
trunk/patch-o-matic-ng/patchlets/set/linux-2.6/net/ipv4/netfilter/ip_set_ipporthash.c
Log:
Nasty bug fixed: return value of the test function was not converted
to the match value, thus out of range values was interpreted as 'matched'!
Modified: trunk/patch-o-matic-ng/patchlets/set/linux-2.6/net/ipv4/netfilter/ip_set_ipporthash.c
===================================================================
--- trunk/patch-o-matic-ng/patchlets/set/linux-2.6/net/ipv4/netfilter/ip_set_ipporthash.c 2007-09-02 13:15:20 UTC (rev 7016)
+++ trunk/patch-o-matic-ng/patchlets/set/linux-2.6/net/ipv4/netfilter/ip_set_ipporthash.c 2007-09-05 11:41:12 UTC (rev 7017)
@@ -152,9 +152,10 @@
unsigned char index)
{
ip_set_ip_t port;
+ int res;
if (flags[index+1] == 0)
- return -EINVAL;
+ return 0;
port = get_port(skb, flags[index+1]);
@@ -173,7 +174,7 @@
if (port == INVALID_PORT)
return 0;
- return __testip(set,
+ res = __testip(set,
ntohl(flags[index] & IPSET_SRC
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22)
? ip_hdr(skb)->saddr
@@ -184,6 +185,8 @@
#endif
port,
hash_ip);
+ return (res < 0 ? 0 : res);
+
}
static inline int
More information about the netfilter-cvslog
mailing list