Commit bf1ca4c5 authored by Patrick McHardy's avatar Patrick McHardy

[NETFILTER]: Fix inverted matching in ipt_helper

Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
Signed-off-by: default avatarHarald Welte <laforge@netfilter.org>
Signed-off-by: default avatarDavid S. Miller <davem@redhat.com>
parent 68b229be
...@@ -41,17 +41,17 @@ match(const struct sk_buff *skb, ...@@ -41,17 +41,17 @@ match(const struct sk_buff *skb,
struct ip_conntrack_expect *exp; struct ip_conntrack_expect *exp;
struct ip_conntrack *ct; struct ip_conntrack *ct;
enum ip_conntrack_info ctinfo; enum ip_conntrack_info ctinfo;
int ret = 0; int ret = info->invert;
ct = ip_conntrack_get((struct sk_buff *)skb, &ctinfo); ct = ip_conntrack_get((struct sk_buff *)skb, &ctinfo);
if (!ct) { if (!ct) {
DEBUGP("ipt_helper: Eek! invalid conntrack?\n"); DEBUGP("ipt_helper: Eek! invalid conntrack?\n");
return 0; return ret;
} }
if (!ct->master) { if (!ct->master) {
DEBUGP("ipt_helper: conntrack %p has no master\n", ct); DEBUGP("ipt_helper: conntrack %p has no master\n", ct);
return 0; return ret;
} }
exp = ct->master; exp = ct->master;
...@@ -71,8 +71,8 @@ match(const struct sk_buff *skb, ...@@ -71,8 +71,8 @@ match(const struct sk_buff *skb,
DEBUGP("master's name = %s , info->name = %s\n", DEBUGP("master's name = %s , info->name = %s\n",
exp->expectant->helper->name, info->name); exp->expectant->helper->name, info->name);
ret = !strncmp(exp->expectant->helper->name, info->name, ret ^= !strncmp(exp->expectant->helper->name, info->name,
strlen(exp->expectant->helper->name)) ^ info->invert; strlen(exp->expectant->helper->name));
out_unlock: out_unlock:
READ_UNLOCK(&ip_conntrack_lock); READ_UNLOCK(&ip_conntrack_lock);
return ret; return ret;
...@@ -108,7 +108,6 @@ static struct ipt_match helper_match = { ...@@ -108,7 +108,6 @@ static struct ipt_match helper_match = {
static int __init init(void) static int __init init(void)
{ {
need_ip_conntrack();
return ipt_register_match(&helper_match); return ipt_register_match(&helper_match);
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment