You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
22 lines
759 B
22 lines
759 B
From: Felix Fietkau <nbd@nbd.name>
|
|
Subject: netfilter: reduce match memory access
|
|
|
|
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
---
|
|
net/ipv4/netfilter/ip_tables.c | 4 ++--
|
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
|
|
|
--- a/net/ipv4/netfilter/ip_tables.c
|
|
+++ b/net/ipv4/netfilter/ip_tables.c
|
|
@@ -55,9 +55,9 @@ ip_packet_match(const struct iphdr *ip,
|
|
if (ipinfo->flags & IPT_F_NO_DEF_MATCH)
|
|
return true;
|
|
|
|
- if (NF_INVF(ipinfo, IPT_INV_SRCIP,
|
|
+ if (NF_INVF(ipinfo, IPT_INV_SRCIP, ipinfo->smsk.s_addr &&
|
|
(ip->saddr & ipinfo->smsk.s_addr) != ipinfo->src.s_addr) ||
|
|
- NF_INVF(ipinfo, IPT_INV_DSTIP,
|
|
+ NF_INVF(ipinfo, IPT_INV_DSTIP, ipinfo->dmsk.s_addr &&
|
|
(ip->daddr & ipinfo->dmsk.s_addr) != ipinfo->dst.s_addr))
|
|
return false;
|
|
|
|
|