12345678910111213141516 |
- --- a/net/ipv4/netfilter/ip_tables.c
- +++ b/net/ipv4/netfilter/ip_tables.c
- @@ -85,9 +85,11 @@ ip_packet_match(const struct iphdr *ip,
- if (ipinfo->flags & IPT_F_NO_DEF_MATCH)
- return true;
-
- - if (FWINV((ip->saddr&ipinfo->smsk.s_addr) != ipinfo->src.s_addr,
- + if (FWINV(ipinfo->smsk.s_addr &&
- + (ip->saddr&ipinfo->smsk.s_addr) != ipinfo->src.s_addr,
- IPT_INV_SRCIP) ||
- - FWINV((ip->daddr&ipinfo->dmsk.s_addr) != ipinfo->dst.s_addr,
- + FWINV(ipinfo->dmsk.s_addr &&
- + (ip->daddr&ipinfo->dmsk.s_addr) != ipinfo->dst.s_addr,
- IPT_INV_DSTIP)) {
- dprintf("Source or dest mismatch.\n");
-
|