releases/2.6.26.8/netfilter-xt_iprange-fix-range-inversion-match.patch - pub/scm/linux/kernel/git/warthog9/stable-queue - Git at Google

 From kaber@trash.net  Thu Oct 23 13:14:58 2008
 From: Alexey Dobriyan <adobriyan@gmail.com>
 Date: Wed, 22 Oct 2008 19:41:28 +0200 (MEST)
 Subject: netfilter: xt_iprange: fix range inversion match
 To: stable@kernel.org
 Cc: netfilter-devel@vger.kernel.org, Patrick McHardy <kaber@trash.net>, davem@davemloft.net
 Message-ID: <20081022174128.21341.79877.sendpatchset@x2.localnet>


 From: Alexey Dobriyan <adobriyan@gmail.com>

 netfilter: xt_iprange: fix range inversion match

 Upstream commit 6def1eb48:

 Inverted IPv4 v1 and IPv6 v0 matches don't match anything since 2.6.25-rc1!

 Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
 Acked-by: Jan Engelhardt <jengelh@medozas.de>
 Signed-off-by: Patrick McHardy <kaber@trash.net>
 Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

 ---
  net/netfilter/xt_iprange.c |    8 ++++----
  1 file changed, 4 insertions(+), 4 deletions(-)

 --- a/net/netfilter/xt_iprange.c
 +++ b/net/netfilter/xt_iprange.c
 @@ -67,7 +67,7 @@ iprange_mt4(const struct sk_buff *skb, c
  	if (info->flags & IPRANGE_SRC) {
  		m  = ntohl(iph->saddr) < ntohl(info->src_min.ip);
  		m |= ntohl(iph->saddr) > ntohl(info->src_max.ip);
 -		m ^= info->flags & IPRANGE_SRC_INV;
 +		m ^= !!(info->flags & IPRANGE_SRC_INV);
  		if (m) {
  			pr_debug("src IP " NIPQUAD_FMT " NOT in range %s"
  			         NIPQUAD_FMT "-" NIPQUAD_FMT "\n",
 @@ -81,7 +81,7 @@ iprange_mt4(const struct sk_buff *skb, c
  	if (info->flags & IPRANGE_DST) {
  		m  = ntohl(iph->daddr) < ntohl(info->dst_min.ip);
  		m |= ntohl(iph->daddr) > ntohl(info->dst_max.ip);
 -		m ^= info->flags & IPRANGE_DST_INV;
 +		m ^= !!(info->flags & IPRANGE_DST_INV);
  		if (m) {
  			pr_debug("dst IP " NIPQUAD_FMT " NOT in range %s"
  			         NIPQUAD_FMT "-" NIPQUAD_FMT "\n",
 @@ -123,14 +123,14 @@ iprange_mt6(const struct sk_buff *skb, c
  	if (info->flags & IPRANGE_SRC) {
  		m  = iprange_ipv6_sub(&iph->saddr, &info->src_min.in6) < 0;
  		m |= iprange_ipv6_sub(&iph->saddr, &info->src_max.in6) > 0;
 -		m ^= info->flags & IPRANGE_SRC_INV;
 +		m ^= !!(info->flags & IPRANGE_SRC_INV);
  		if (m)
  			return false;
  	}
  	if (info->flags & IPRANGE_DST) {
  		m  = iprange_ipv6_sub(&iph->daddr, &info->dst_min.in6) < 0;
  		m |= iprange_ipv6_sub(&iph->daddr, &info->dst_max.in6) > 0;
 -		m ^= info->flags & IPRANGE_DST_INV;
 +		m ^= !!(info->flags & IPRANGE_DST_INV);
  		if (m)
  			return false;
  	}
	From kaber@trash.net Thu Oct 23 13:14:58 2008
	From: Alexey Dobriyan <adobriyan@gmail.com>
	Date: Wed, 22 Oct 2008 19:41:28 +0200 (MEST)
	Subject: netfilter: xt_iprange: fix range inversion match
	To: stable@kernel.org
	Cc: netfilter-devel@vger.kernel.org, Patrick McHardy <kaber@trash.net>, davem@davemloft.net
	Message-ID: <20081022174128.21341.79877.sendpatchset@x2.localnet>


	From: Alexey Dobriyan <adobriyan@gmail.com>

	netfilter: xt_iprange: fix range inversion match

	Upstream commit 6def1eb48:

	Inverted IPv4 v1 and IPv6 v0 matches don't match anything since 2.6.25-rc1!

	Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
	Acked-by: Jan Engelhardt <jengelh@medozas.de>
	Signed-off-by: Patrick McHardy <kaber@trash.net>
	Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

	---
	net/netfilter/xt_iprange.c \| 8 ++++----
	1 file changed, 4 insertions(+), 4 deletions(-)

	--- a/net/netfilter/xt_iprange.c
	+++ b/net/netfilter/xt_iprange.c
	@@ -67,7 +67,7 @@ iprange_mt4(const struct sk_buff *skb, c
	if (info->flags & IPRANGE_SRC) {
	m = ntohl(iph->saddr) < ntohl(info->src_min.ip);
	m \|= ntohl(iph->saddr) > ntohl(info->src_max.ip);
	- m ^= info->flags & IPRANGE_SRC_INV;
	+ m ^= !!(info->flags & IPRANGE_SRC_INV);
	if (m) {
	pr_debug("src IP " NIPQUAD_FMT " NOT in range %s"
	NIPQUAD_FMT "-" NIPQUAD_FMT "\n",
	@@ -81,7 +81,7 @@ iprange_mt4(const struct sk_buff *skb, c
	if (info->flags & IPRANGE_DST) {
	m = ntohl(iph->daddr) < ntohl(info->dst_min.ip);
	m \|= ntohl(iph->daddr) > ntohl(info->dst_max.ip);
	- m ^= info->flags & IPRANGE_DST_INV;
	+ m ^= !!(info->flags & IPRANGE_DST_INV);
	if (m) {
	pr_debug("dst IP " NIPQUAD_FMT " NOT in range %s"
	NIPQUAD_FMT "-" NIPQUAD_FMT "\n",
	@@ -123,14 +123,14 @@ iprange_mt6(const struct sk_buff *skb, c
	if (info->flags & IPRANGE_SRC) {
	m = iprange_ipv6_sub(&iph->saddr, &info->src_min.in6) < 0;
	m \|= iprange_ipv6_sub(&iph->saddr, &info->src_max.in6) > 0;
	- m ^= info->flags & IPRANGE_SRC_INV;
	+ m ^= !!(info->flags & IPRANGE_SRC_INV);
	if (m)
	return false;
	}
	if (info->flags & IPRANGE_DST) {
	m = iprange_ipv6_sub(&iph->daddr, &info->dst_min.in6) < 0;
	m \|= iprange_ipv6_sub(&iph->daddr, &info->dst_max.in6) > 0;
	- m ^= info->flags & IPRANGE_DST_INV;
	+ m ^= !!(info->flags & IPRANGE_DST_INV);
	if (m)
	return false;
	}