Commit d61f89e9 authored by Jan Engelhardt's avatar Jan Engelhardt Committed by David S. Miller

[NETFILTER]: xt_conntrack: fix missing boolean clamping

Signed-off-by: default avatarJan Engelhardt <jengelh@computergmbh.de>
Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 4e29e9ec
...@@ -231,7 +231,7 @@ conntrack_mt(const struct sk_buff *skb, const struct net_device *in, ...@@ -231,7 +231,7 @@ conntrack_mt(const struct sk_buff *skb, const struct net_device *in,
if (test_bit(IPS_DST_NAT_BIT, &ct->status)) if (test_bit(IPS_DST_NAT_BIT, &ct->status))
statebit |= XT_CONNTRACK_STATE_DNAT; statebit |= XT_CONNTRACK_STATE_DNAT;
} }
if ((info->state_mask & statebit) ^ if (!!(info->state_mask & statebit) ^
!(info->invert_flags & XT_CONNTRACK_STATE)) !(info->invert_flags & XT_CONNTRACK_STATE))
return false; return false;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment