Re: [PATCH] ebtables match inverted in 2.6.28? (Was: Re: ebtablesmatch inverted in 2.6.28?)
From: Patrick McHardy
Date: Mon Jan 12 2009 - 02:54:27 EST
Jan Engelhardt wrote:
On Wed, 2008-12-31 at 17:00 -0500, Matt Cross wrote:
I think the work to move ebtables to use xtables broke ebtables.
Specifically, in commit 8cc784eec6676b58e7f60419c88179aaa97bf71c the
return value of the match functions was inverted so that they return 1
(true) on matches instead of EBT_MATCH (0), and vice versa (look in
ebt_ip.c). The logic in ebtables.c (ebt_do_table() and
EBT_MATCH_ITERATE()) expect match functions to return 0 for matches.
Jan, could you have a look at this please?
That seemds indeed so.
Patch is both for 2.6.29-running and 2.6.28.
netfilter: ebtables: fix inversion in match code
Applied, thanks. When fixing regressions please state the commit
ID and subject of the patch introducing the breakage and also who
reported it.
Like this.
commit c6b52c688ecf03adb82724299b97701528821ca5
Author: Jan Engelhardt <jengelh@xxxxxxxxxx>
Date: Mon Jan 12 08:52:08 2009 +0100
netfilter: ebtables: fix inversion in match code
Commit 8cc784ee (netfilter: change return types of match functions
for ebtables extensions) broke ebtables matches by inverting the
sense of match/nomatch.
Reported-by: Matt Cross <matthltc@xxxxxxxxxx>
Signed-off-by: Jan Engelhardt <jengelh@xxxxxxxxxx>
Signed-off-by: Patrick McHardy <kaber@xxxxxxxxx>
diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c
index 8a8743d..820252a 100644
--- a/net/bridge/netfilter/ebtables.c
+++ b/net/bridge/netfilter/ebtables.c
@@ -79,7 +79,7 @@ static inline int ebt_do_match (struct ebt_entry_match *m,
{
par->match = m->u.match;
par->matchinfo = m->data;
- return m->u.match->match(skb, par);
+ return m->u.match->match(skb, par) ? EBT_MATCH : EBT_NOMATCH;
}
static inline int ebt_dev_check(char *entry, const struct net_device *device)