From 1532d1c64528e9ff57c304b00736e93e60130e21 Mon Sep 17 00:00:00 2001
From: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Date: Tue, 14 Dec 2010 17:45:49 +0100
Subject: Document which elements cannot be stored in the different hash types.

And enforce from kernel side as well...
---
 kernel/include/linux/netfilter/ipset/ip_set_getport.h | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'kernel')

diff --git a/kernel/include/linux/netfilter/ipset/ip_set_getport.h b/kernel/include/linux/netfilter/ipset/ip_set_getport.h
index 1597fa9..8be8ecf 100644
--- a/kernel/include/linux/netfilter/ipset/ip_set_getport.h
+++ b/kernel/include/linux/netfilter/ipset/ip_set_getport.h
@@ -77,7 +77,7 @@ get_ip4_port(const struct sk_buff *skb, bool src, u16 *port, u8 *proto)
 	int protocol = iph->protocol;
 
 	/* See comments at tcp_match in ip_tables.c */
-	if (ntohs(iph->frag_off) & IP_OFFSET)
+	if (protocol <= 0 || (ntohs(iph->frag_off) & IP_OFFSET))
 		return false;
 
 	return get_port(skb, protocol, protooff, src, port, proto);
@@ -91,7 +91,7 @@ get_ip6_port(const struct sk_buff *skb, bool src, u16 *port, u8 *proto)
 	unsigned short fragoff;
 
 	protocol = ipv6_find_hdr(skb, &protooff, -1, &fragoff);
-	if (protocol < 0 || fragoff)
+	if (protocol <= 0 || fragoff)
 		return false;
 
 	return get_port(skb, protocol, protooff, src, port, proto);
-- 
cgit v1.2.3