From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
-m osf --genre Windows
-m osf ! --genre Windows
are both matching.
Reported-by: Reported-by: Bourne Without <blackhole@xxxxxxxxxxx>
Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
---
net/netfilter/xt_osf.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/net/netfilter/xt_osf.c b/net/netfilter/xt_osf.c
index a5e673d..110c848 100644
--- a/net/netfilter/xt_osf.c
+++ b/net/netfilter/xt_osf.c
@@ -201,6 +201,7 @@ xt_osf_match_packet(const struct sk_buff *skb, struct xt_action_param *p)
unsigned char opts[MAX_IPOPTLEN];
const struct xt_osf_finger *kf;
const struct xt_osf_user_finger *f;
+ bool invert = info->flags & XT_OSF_INVERT;
if (!info)
return false;
@@ -349,7 +350,7 @@ xt_osf_match_packet(const struct sk_buff *skb, struct xt_action_param *p)
if (fcount)
fmatch = FMATCH_OK;
- return fmatch == FMATCH_OK;
+ return (fmatch == FMATCH_OK) ^ invert;
}
static struct xt_match xt_osf_match = {
--
1.7.10.4
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
