From b52d5ea3d2eb4d7ea0aeaa2c29bcec99206951df Mon Sep 17 00:00:00 2001
From: Maxim Konovalov <maxim@FreeBSD.org>
Date: Mon, 17 Feb 2003 13:39:57 +0000
Subject: [PATCH] o Fix ipfw uid rules: socheckuid() returns 0 when uid matches
 a socket cr_uid.

Note: we do not have socheckuid() in RELENG_4, ip_fw2.c uses its
own macro for a similar purpose that is why ipfw2 in RELENG_4 processes
uid rules correctly. I will MFC the diff for code consistency.

Reported by:	Oleg Baranov <ol@csa.ru>
Reviewed by:	luigi
MFC after:	1 month
---
 sys/netinet/ip_fw2.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/sys/netinet/ip_fw2.c b/sys/netinet/ip_fw2.c
index 1f02a9c643f0..e35078f8608f 100644
--- a/sys/netinet/ip_fw2.c
+++ b/sys/netinet/ip_fw2.c
@@ -1511,11 +1511,11 @@ ipfw_chk(struct ip_fw_args *args)
 				if (pcb == NULL || pcb->inp_socket == NULL)
 					break;
 #if __FreeBSD_version < 500034
-#define socheckuid(a,b)	((a)->so_cred->cr_uid == (b))
+#define socheckuid(a,b)	((a)->so_cred->cr_uid != (b))
 #endif
 				if (cmd->opcode == O_UID) {
 					match =
-					  socheckuid(pcb->inp_socket,
+					  !socheckuid(pcb->inp_socket,
 					   (uid_t)((ipfw_insn_u32 *)cmd)->d[0]);
 				} else  {
 					match = groupmember(