netfilter: xt_socket: make module available for INPUT chain

[cascardo/linux.git] / net / netfilter / xt_socket.c

diff --git a/net/netfilter/xt_socket.c b/net/netfilter/xt_socket.c
index ebf00ad..6a90256 100644 (file)
--- a/net/netfilter/xt_socket.c
+++ b/net/netfilter/xt_socket.c
@@ -149,7 +149,7 @@ socket_match(const struct sk_buff *skb, const struct xt_match_param *par,
 
                /* Ignore sockets listening on INADDR_ANY */
                wildcard = (sk->sk_state != TCP_TIME_WAIT &&
-                           inet_sk(sk)->rcv_saddr == 0);
+                           inet_sk(sk)->inet_rcv_saddr == 0);
 
                /* Ignore non-transparent sockets,
                   if XT_SOCKET_TRANSPARENT is used */
@@ -192,7 +192,8 @@ static struct xt_match socket_mt_reg[] __read_mostly = {
                .revision       = 0,
                .family         = NFPROTO_IPV4,
                .match          = socket_mt_v0,
-               .hooks          = 1 << NF_INET_PRE_ROUTING,
+               .hooks          = (1 << NF_INET_PRE_ROUTING) |
+                                 (1 << NF_INET_LOCAL_IN),
                .me             = THIS_MODULE,
        },
        {
@@ -201,7 +202,8 @@ static struct xt_match socket_mt_reg[] __read_mostly = {
                .family         = NFPROTO_IPV4,
                .match          = socket_mt_v1,
                .matchsize      = sizeof(struct xt_socket_mtinfo1),
-               .hooks          = 1 << NF_INET_PRE_ROUTING,
+               .hooks          = (1 << NF_INET_PRE_ROUTING) |
+                                 (1 << NF_INET_LOCAL_IN),
                .me             = THIS_MODULE,
        },
 };