Skip to content

Commit

Permalink
[NETFILTER]: xt_conntrack: fix IPv4 address comparison
Browse files Browse the repository at this point in the history 
Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
  • Loading branch information
Jan Engelhardt authored and David S. Miller committed Feb 27, 2008
1 parent d61f89e commit 6556874
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion net/netfilter/xt_conntrack.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -122,7 +122,7 @@ conntrack_addrcmp(const union nf_inet_addr *kaddr,
const union nf_inet_addr *umask, unsigned int l3proto)
{
if (l3proto == AF_INET)
return (kaddr->ip & umask->ip) == uaddr->ip;
return ((kaddr->ip ^ uaddr->ip) & umask->ip) == 0;
else if (l3proto == AF_INET6)
return ipv6_masked_addr_cmp(&kaddr->in6, &umask->in6,
&uaddr->in6) == 0;
Expand Down

0 comments on commit 6556874

Please sign in to comment.