[NETFILTER]: xt_conntrack: fix IPv4 address comparison

Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Jan Engelhardt 2008-02-27 21:20:41 +0100
committer: David S. Miller 2008-02-27 21:20:41 +0100
commit: 6556874dc3770aefae89907b3cf9be8e23d66137 (patch)
tree: 9a3d635a5ceb0672858eb4cbecdc13a3e075c599 /net/netfilter/xt_conntrack.c
parent: [NETFILTER]: xt_conntrack: fix missing boolean clamping (diff)
download: kernel-qcow2-linux-6556874dc3770aefae89907b3cf9be8e23d66137.tar.gz
kernel-qcow2-linux-6556874dc3770aefae89907b3cf9be8e23d66137.tar.xz
kernel-qcow2-linux-6556874dc3770aefae89907b3cf9be8e23d66137.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/net/netfilter/xt_conntrack.c b/net/netfilter/xt_conntrack.c
index dd192ac74b4a..0c50b2894055 100644
--- a/net/netfilter/xt_conntrack.c
+++ b/net/netfilter/xt_conntrack.c
@@ -122,7 +122,7 @@ conntrack_addrcmp(const union nf_inet_addr *kaddr,
                   const union nf_inet_addr *umask, unsigned int l3proto)
 {
 	if (l3proto == AF_INET)
-		return (kaddr->ip & umask->ip) == uaddr->ip;
+		return ((kaddr->ip ^ uaddr->ip) & umask->ip) == 0;
 	else if (l3proto == AF_INET6)
 		return ipv6_masked_addr_cmp(&kaddr->in6, &umask->in6,
 		       &uaddr->in6) == 0;
author	Jan Engelhardt	2008-02-27 21:20:41 +0100
committer	David S. Miller	2008-02-27 21:20:41 +0100
commit	6556874dc3770aefae89907b3cf9be8e23d66137 (patch)
tree	9a3d635a5ceb0672858eb4cbecdc13a3e075c599 /net/netfilter/xt_conntrack.c
parent	[NETFILTER]: xt_conntrack: fix missing boolean clamping (diff)
download	kernel-qcow2-linux-6556874dc3770aefae89907b3cf9be8e23d66137.tar.gz kernel-qcow2-linux-6556874dc3770aefae89907b3cf9be8e23d66137.tar.xz kernel-qcow2-linux-6556874dc3770aefae89907b3cf9be8e23d66137.zip