]> git.ipfire.org Git - thirdparty/iptables.git/commit
projects / thirdparty / iptables.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: e055aeb) | patch
xtables: Don't pass full invflags to add_compat()
authorPhil Sutter <phil@nwl.cc>
Thu, 9 Aug 2018 16:06:56 +0000 (18:06 +0200)
committerFlorian Westphal <fw@strlen.de>
Thu, 9 Aug 2018 19:54:17 +0000 (21:54 +0200)
commit9ca32c40ed4f0648893989c1e5d03e9fecc501ae
treed7c284ad9cc1c35821e8d23468b79670dacc59d2tree | snapshot
parente055aebe63c5d12be8e58e1dc5a5a018c3adf2accommit | diff
xtables: Don't pass full invflags to add_compat()

The function expects a boolean, not a bitfield. This bug caused
inversion in another match to carry over to protocol match by accident.
The supplied testcase contains rules which then fail because they
contain matches requiring that protocol.

Fixes: 4ef77b6d1b52e ("xtables: fix missing protocol and invflags")
Fixes: 4143a08819a07 ("ebtables-compat: add nft rule compat information to bridge rules")
Signed-off-by: Phil Sutter <phil@nwl.cc>
iptables/nft-bridge.c diff | blob | blame | history
iptables/nft-ipv4.c diff | blob | blame | history
iptables/nft-ipv6.c diff | blob | blame | history
iptables/tests/shell/testcases/nft-only/0002invflags_0 [new file with mode: 0755] blob
Mirror of git://git.netfilter.org/iptables