netfilter: ipset: take into account cidr value for the from address when creating the set

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

When creating a set from a range expressed as a network like
10.1.1.172/29, the from address was taken as the IP address part and
not masked with the netmask from the cidr.

Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Patrick McHardy <kaber@trash.net>

authored by

Jozsef Kadlecsik and committed by

Patrick McHardy 15 years ago f3dfd153 c64562ea

1 changed file

expand all

net

netfilter

ipset

ip_set_bitmap_ip.c

net/netfilter/ipset/ip_set_bitmap_ip.c

··· 478 478 479 479 if (cidr >= 32) 480 480 return -IPSET_ERR_INVALID_CIDR; 481 + first_ip &= ip_set_hostmask(cidr); 481 482 last_ip = first_ip | ~ip_set_hostmask(cidr); 482 483 } else 483 484 return -IPSET_ERR_PROTOCOL;