[NETFILTER]: xt_conntrack: fix missing boolean clamping
Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
parent
4e29e9ec7e
commit
d61f89e941
|
@ -231,7 +231,7 @@ conntrack_mt(const struct sk_buff *skb, const struct net_device *in,
|
|||
if (test_bit(IPS_DST_NAT_BIT, &ct->status))
|
||||
statebit |= XT_CONNTRACK_STATE_DNAT;
|
||||
}
|
||||
if ((info->state_mask & statebit) ^
|
||||
if (!!(info->state_mask & statebit) ^
|
||||
!(info->invert_flags & XT_CONNTRACK_STATE))
|
||||
return false;
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue