summaryrefslogtreecommitdiff
path: root/net/netfilter
diff options
context:
space:
mode:
authorJozsef Kadlecsik <kadlec@blackhole.kfki.hu>2011-06-16 20:54:43 +0400
committerPatrick McHardy <kaber@trash.net>2011-06-16 20:54:43 +0400
commitf3dfd1538f26f1ecf86daaf3d0c321d87e5de041 (patch)
tree069372466b4ffe572dff3495dcb69508ccf9a01f /net/netfilter
parentc64562eaf2ad61d7492788ef95678f52d0d28f2a (diff)
downloadlinux-f3dfd1538f26f1ecf86daaf3d0c321d87e5de041.tar.xz
netfilter: ipset: take into account cidr value for the from address when creating the set
When creating a set from a range expressed as a network like 10.1.1.172/29, the from address was taken as the IP address part and not masked with the netmask from the cidr. Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'net/netfilter')
-rw-r--r--net/netfilter/ipset/ip_set_bitmap_ip.c1
1 files changed, 1 insertions, 0 deletions
diff --git a/net/netfilter/ipset/ip_set_bitmap_ip.c b/net/netfilter/ipset/ip_set_bitmap_ip.c
index 3b5920bfc784..49323110560c 100644
--- a/net/netfilter/ipset/ip_set_bitmap_ip.c
+++ b/net/netfilter/ipset/ip_set_bitmap_ip.c
@@ -478,6 +478,7 @@ bitmap_ip_create(struct ip_set *set, struct nlattr *tb[], u32 flags)
if (cidr >= 32)
return -IPSET_ERR_INVALID_CIDR;
+ first_ip &= ip_set_hostmask(cidr);
last_ip = first_ip | ~ip_set_hostmask(cidr);
} else
return -IPSET_ERR_PROTOCOL;