netfilter: xt_TPROXY: fix invflags check in tproxy_tg6_check()

We have to check for IP6T_INV_PROTO in invflags, instead of flags. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Acked-by: Balazs Scheidler <bazsi@balabit.hu>

netfilter: xt_TPROXY: fix invflags check in tproxy_tg6_check()
We have to check for IP6T_INV_PROTO in invflags, instead of flags. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Acked-by: Balazs Scheidler <bazsi@balabit.hu>
Pablo Neira Ayuso
1 parent 4017a7ee69
Showing 1 changed file with 2 additions and 2 deletions Side-by-side Diff
net/netfilter/xt_TPROXY.c
@@ -513,8 +513,8 @@
 {
 	const struct ip6t_ip6 *i = par->entryinfo;
  
-	if ((i->proto == IPPROTO_TCP || i->proto == IPPROTO_UDP)
-	    && !(i->flags & IP6T_INV_PROTO))
+	if ((i->proto == IPPROTO_TCP || i->proto == IPPROTO_UDP) &&
+	    !(i->invflags & IP6T_INV_PROTO))
 		return 0;
  
 	pr_info("Can be used only in combination with "
...	...	@@ -513,8 +513,8 @@
513	513	{
514	514	const struct ip6t_ip6 *i = par->entryinfo;
515	515
516		- if ((i->proto == IPPROTO_TCP \|\| i->proto == IPPROTO_UDP)
517		- && !(i->flags & IP6T_INV_PROTO))
	516	+ if ((i->proto == IPPROTO_TCP \|\| i->proto == IPPROTO_UDP) &&
	517	+ !(i->invflags & IP6T_INV_PROTO))
518	518	return 0;
519	519
520	520	pr_info("Can be used only in combination with "