From: Florian Westphal <fw@strlen.de>
Date: Mon, 4 Apr 2011 15:06:21 +0000 (+0200)
Subject: netfilter: xt_conntrack: fix inverted conntrack direction test
X-Git-Tag: v2.6.39-rc3~6^2~15^2
X-Git-Url: http://git.openpandora.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=96120d86fe302c006259baee9061eea9e1b9e486;p=pandora-kernel.git

netfilter: xt_conntrack: fix inverted conntrack direction test

--ctdir ORIGINAL matches REPLY packets, and vv:

userspace sets "invert_flags &= ~XT_CONNTRACK_DIRECTION" in ORIGINAL
case.

Thus: (CTINFO2DIR(ctinfo) == IP_CT_DIR_ORIGINAL) ^
      !!(info->invert_flags & XT_CONNTRACK_DIRECTION))

yields "1 ^ 0", which is true -> returns false.

Reproducer:
iptables -I OUTPUT 1 -p tcp --syn -m conntrack --ctdir ORIGINAL

Signed-off-by: Florian Westphal <fwestphal@astaro.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
---

Reading git-diff-tree failed