提交 f3dfd153 编写于 作者: J Jozsef Kadlecsik 提交者: Patrick McHardy

netfilter: ipset: take into account cidr value for the from address when creating the set

When creating a set from a range expressed as a network like
10.1.1.172/29, the from address was taken as the IP address part and
not masked with the netmask from the cidr.
Signed-off-by: NJozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: NPatrick McHardy <kaber@trash.net>
上级 c64562ea
...@@ -478,6 +478,7 @@ bitmap_ip_create(struct ip_set *set, struct nlattr *tb[], u32 flags) ...@@ -478,6 +478,7 @@ bitmap_ip_create(struct ip_set *set, struct nlattr *tb[], u32 flags)
if (cidr >= 32) if (cidr >= 32)
return -IPSET_ERR_INVALID_CIDR; return -IPSET_ERR_INVALID_CIDR;
first_ip &= ip_set_hostmask(cidr);
last_ip = first_ip | ~ip_set_hostmask(cidr); last_ip = first_ip | ~ip_set_hostmask(cidr);
} else } else
return -IPSET_ERR_PROTOCOL; return -IPSET_ERR_PROTOCOL;
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册