libxt_u32: fix missing allowance for inversion

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

diff --git a/extensions/libxt_u32.c b/extensions/libxt_u32.c
index 774d5eac9f9a6a72ea5b31f5eb54385de2226a90..6d024fb654096e935a0cfeea53c8c9441c197f03 100644 (file)
--- a/extensions/libxt_u32.c
+++ b/extensions/libxt_u32.c
@@ -24,7 +24,7 @@ enum {
 
 static const struct xt_option_entry u32_opts[] = {
        {.name = "u32", .id = O_U32, .type = XTTYPE_STRING,
-        .flags = XTOPT_MAND},
+        .flags = XTOPT_MAND | XTOPT_INVERT},
        XTOPT_TABLEEND,
 };
 

diff --git a/tests/options-most.rules b/tests/options-most.rules
index 7298a1f97450671b5fb8ae97988e68eaf7b9003d..c2e30f246da82c367581a60f297943b61a2909b1 100644 (file)
--- a/tests/options-most.rules
+++ b/tests/options-most.rules
@@ -40,7 +40,7 @@
 -A INPUT -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN
 -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN
 -A INPUT -p tcp -m tos --tos 0xff/0x01
--A INPUT -p tcp -m u32 --u32 "0x0=0x0" -m u32 --u32 "0x0=0x0"
+-A INPUT -p tcp -m u32 ! --u32 "0x0=0x0" -m u32 ! --u32 "0x0=0x0"
 -A INPUT -p tcp -m hbh -m hbh -m hl --hl-eq 1 -m ipv6header --header hop-by-hop --soft
 -A INPUT -m ipv6header --header hop-by-hop --soft -m rt --rt-type 2 --rt-segsleft 2 --rt-len 5 -m rt --rt-type 0 --rt-segsleft 2 --rt-len 5 --rt-0-res --rt-0-addrs ::1 --rt-0-not-strict -m rt --rt-type 0 --rt-segsleft 2 --rt-len 5 --rt-0-res --rt-0-addrs ::1,::2 --rt-0-not-strict
 -A INPUT -p tcp -m cpu --cpu 1 -m tcp --sport 1:2 --dport 1:2 --tcp-option 1 --tcp-flags FIN,SYN,RST,ACK SYN -m cpu --cpu 1