netfilter: ip6t_NPT: Fix translation for non-multiple of 32 prefix lengths

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

The bitmask used for the prefix mangling was being calculated
incorrectly, leading to the wrong part of the address being replaced
when the prefix length wasn't a multiple of 32.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

authored by

Matthias Schiffer and committed by

Pablo Neira Ayuso 13 years ago 906b1c39 5389090b

+1 -1

1 changed file

expand all

net

ipv6

netfilter

ip6t_NPT.c

+1 -1

net/ipv6/netfilter/ip6t_NPT.c

··· 57 57 if (pfx_len - i >= 32) 58 58 mask = 0; 59 59 else 60 - mask = htonl(~((1 << (pfx_len - i)) - 1)); 60 + mask = htonl((1 << (i - pfx_len + 32)) - 1); 61 61 62 62 idx = i / 32; 63 63 addr->s6_addr32[idx] &= mask;