Commit f3dfd153 authored Jun 16, 2011 by Jozsef Kadlecsik Committed by Patrick McHardy Jun 16, 2011

netfilter: ipset: take into account cidr value for the from address when creating the set



When creating a set from a range expressed as a network like
10.1.1.172/29, the from address was taken as the IP address part and
not masked with the netmask from the cidr.

Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Patrick McHardy <kaber@trash.net>

parent c64562ea

net/netfilter/ipset/ip_set_bitmap_ip.c

+1 −0

Original line number	Original line	Diff line number	Diff line
	@@ -478,6 +478,7 @@ bitmap_ip_create(struct ip_set set, struct nlattr tb[], u32 flags)

	if (cidr >= 32)		if (cidr >= 32)
	return -IPSET_ERR_INVALID_CIDR;		return -IPSET_ERR_INVALID_CIDR;
			first_ip &= ip_set_hostmask(cidr);
	last_ip = first_ip \| ~ip_set_hostmask(cidr);		last_ip = first_ip \| ~ip_set_hostmask(cidr);
	} else		} else
	return -IPSET_ERR_PROTOCOL;		return -IPSET_ERR_PROTOCOL;