libxt_owner: restore inversion support

Bug origin is in commit v1.4.11~16^2~7.

References: Dave Täht via netfilter-devel on 2011-08-20 14:40:11 -0700
References: <CAA93jw6mpDL6rLXM+9SpAhafkDdKoSfhAxU8UM87vUqjuzjYJw@mail.gmail.com>
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

diff --git a/extensions/libxt_owner.c b/extensions/libxt_owner.c
index d2fdfa91548efb7ee169c126b6e788ef42dbeca0..d9adc12e1c8d2766204b298bc1b8998e91a4aa6d 100644 (file)
--- a/extensions/libxt_owner.c
+++ b/extensions/libxt_owner.c
@@ -129,7 +129,8 @@ static const struct xt_option_entry owner_mt_opts[] = {
         .flags = XTOPT_INVERT},
        {.name = "gid-owner", .id = O_GROUP, .type = XTTYPE_STRING,
         .flags = XTOPT_INVERT},
-       {.name = "socket-exists", .id = O_SOCK_EXISTS, .type = XTTYPE_NONE},
+       {.name = "socket-exists", .id = O_SOCK_EXISTS, .type = XTTYPE_NONE,
+        .flags = XTOPT_INVERT},
        XTOPT_TABLEEND,
 };
 

diff --git a/tests/options-most.rules b/tests/options-most.rules
index cd6aab80fb13699d5b6a10a983db1ddeb5169c97..37aeabf885461531bdbffe636a6361ecac7a625e 100644 (file)
--- a/tests/options-most.rules
+++ b/tests/options-most.rules
@@ -57,6 +57,7 @@
 -A INPUT -p mobility
 -A INPUT -p mobility -m mh --mh-type 3
 -A OUTPUT -m owner --socket-exists --uid-owner 1-2 --gid-owner 2-3
+-A OUTPUT -m owner ! --socket-exists ! --uid-owner 0 ! --gid-owner 0
 -A matches -m connbytes --connbytes 1 --connbytes-mode bytes --connbytes-dir both
 -A matches
 -A matches -m connbytes --connbytes :2 --connbytes-mode bytes --connbytes-dir both