* [marcus@ingate.com: [PATCH] Iptables multiport match fix]
@ 2002-07-10 8:38 Harald Welte
0 siblings, 0 replies; only message in thread
From: Harald Welte @ 2002-07-10 8:38 UTC (permalink / raw)
To: netfilter-devel
[-- Attachment #1: Type: text/plain, Size: 327 bytes --]
--
Live long and prosper
- Harald Welte / laforge@gnumonks.org http://www.gnumonks.org/
============================================================================
GCS/E/IT d- s-: a-- C+++ UL++++$ P+++ L++++$ E--- W- N++ o? K- w--- O- M-
V-- PS+ PE-- Y+ PGP++ t++ 5-- !X !R tv-- b+++ DI? !D G+ e* h+ r% y+(*)
[-- Attachment #2: Type: message/rfc822, Size: 2782 bytes --]
From: Marcus Sundberg <marcus@ingate.com>
To: netfilter-devel@lists.samba.org
Cc: linux-kernel@vger.kernel.org
Subject: [PATCH] Iptables multiport match fix
Date: 09 Jul 2002 22:21:36 +0200
Message-ID: <veznx0ejov.fsf@inigo.ingate.se>
Hi,
The multiport match checks for the IPT_INV_PROTO flag in the 'flags'
member of struct ipt_ip instead of in the 'invflags' member.
diff -ur linux.current/net/ipv4/netfilter/ipt_multiport.c linux-mine/net/ipv4/netfilter/ipt_multiport.c
--- linux-2.4.19-rc1/net/ipv4/netfilter/ipt_multiport.c Tue Jun 20 23:32:27 2000
+++ linux/net/ipv4/netfilter/ipt_multiport.c Tue Jul 9 10:43:23 2002
@@ -78,7 +78,7 @@
/* Must specify proto == TCP/UDP, no unknown flags or bad count */
return (ip->proto == IPPROTO_TCP || ip->proto == IPPROTO_UDP)
- && !(ip->flags & IPT_INV_PROTO)
+ && !(ip->invflags & IPT_INV_PROTO)
&& matchsize == IPT_ALIGN(sizeof(struct ipt_multiport))
&& (multiinfo->flags == IPT_MULTIPORT_SOURCE
|| multiinfo->flags == IPT_MULTIPORT_DESTINATION
(Where should I send this btw? The kernel part of iptables doesn't
seem to be in the netfilter CVS. Was I supposed to create a p-o-m
patch? Or send it directly to Marcelo?)
//Marcus
--
---------------------------------------+--------------------------
Marcus Sundberg <marcus@ingate.com> | Firewalls with SIP & NAT
Firewall Developer, Ingate Systems AB | http://www.ingate.com/
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2002-07-10 8:38 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2002-07-10 8:38 [marcus@ingate.com: [PATCH] Iptables multiport match fix] Harald Welte
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.