On 04.04.2011 16:19, Florian Westphal wrote: > --ctdir ORIGINAL matches REPLY packets, and vv: > > userspace sets "invert_flags &= ~XT_CONNTRACK_DIRECTION" in ORIGINAL > case. > > Thus: (CTINFO2DIR(ctinfo) == IP_CT_DIR_ORIGINAL) ^ > !!(info->invert_flags & XT_CONNTRACK_DIRECTION)) > > yields "1 ^ 0", which is true -> returns false. > > Reproducer: > iptables -I OUTPUT 1 -p tcp --syn -m conntrack --ctdir ORIGINAL Applied, thanks Florian. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
