commit 14c8c528a0ee9f0468be251cf3d16029924ee422 Author: Jan Engelhardt <jengelh@xxxxxxxxxxxxxxx> Date: Thu Feb 21 14:57:01 2008 +0100 [NETFILTER]: xt_conntrack: fix missing boolean clamping Signed-off-by: Jan Engelhardt <jengelh@xxxxxxxxxxxxxxx> diff --git a/net/netfilter/xt_conntrack.c b/net/netfilter/xt_conntrack.c index 8533085..dd192ac 100644 --- a/net/netfilter/xt_conntrack.c +++ b/net/netfilter/xt_conntrack.c @@ -231,7 +231,7 @@ conntrack_mt(const struct sk_buff *skb, const struct net_device *in, if (test_bit(IPS_DST_NAT_BIT, &ct->status)) statebit |= XT_CONNTRACK_STATE_DNAT; } - if ((info->state_mask & statebit) ^ + if (!!(info->state_mask & statebit) ^ !(info->invert_flags & XT_CONNTRACK_STATE)) return false; } - To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html