Skip to content

Commit

Permalink
netfilter: ip6t_NPT: Fix translation for non-multiple of 32 prefix le…
Browse files Browse the repository at this point in the history 
…ngths

The bitmask used for the prefix mangling was being calculated
incorrectly, leading to the wrong part of the address being replaced
when the prefix length wasn't a multiple of 32.

Signed-off-by: Matthias Schiffer <[email protected]>
Signed-off-by: Pablo Neira Ayuso <[email protected]>
  • Loading branch information
@neocturne @ummakynes
neocturne authored and ummakynes committed Apr 3, 2013
1 parent 5389090 commit 906b1c3
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion net/ipv6/netfilter/ip6t_NPT.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,7 @@ static bool ip6t_npt_map_pfx(const struct ip6t_npt_tginfo *npt,
if (pfx_len - i >= 32)
mask = 0;
else
mask = htonl(~((1 << (pfx_len - i)) - 1));
mask = htonl((1 << (i - pfx_len + 32)) - 1);

idx = i / 32;
addr->s6_addr32[idx] &= mask;
Expand Down

0 comments on commit 906b1c3

Please sign in to comment.