From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Fri, 20 Mar 2015 12:56:06 +0000 (+0100)
Subject: netfilter: xt_TPROXY: fix invflags check in tproxy_tg6_check()
X-Git-Tag: submit/tizen/20160607.132125~2796^2^2~1
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=3d8c6dce53a349df8878d078e56bf429bad572f9;p=sdk%2Femulator%2Femulator-kernel.git

netfilter: xt_TPROXY: fix invflags check in tproxy_tg6_check()

We have to check for IP6T_INV_PROTO in invflags, instead of flags.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Acked-by: Balazs Scheidler <bazsi@balabit.hu>
---

diff --git a/net/netfilter/xt_TPROXY.c b/net/netfilter/xt_TPROXY.c
index ef8a926..50e1e5a 100644
--- a/net/netfilter/xt_TPROXY.c
+++ b/net/netfilter/xt_TPROXY.c
@@ -513,8 +513,8 @@ static int tproxy_tg6_check(const struct xt_tgchk_param *par)
 {
 	const struct ip6t_ip6 *i = par->entryinfo;
 
-	if ((i->proto == IPPROTO_TCP || i->proto == IPPROTO_UDP)
-	    && !(i->flags & IP6T_INV_PROTO))
+	if ((i->proto == IPPROTO_TCP || i->proto == IPPROTO_UDP) &&
+	    !(i->invflags & IP6T_INV_PROTO))
 		return 0;
 
 	pr_info("Can be used only in combination with "