From patchwork Thu Jun 16 19:47:14 2011 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Patrick McHardy X-Patchwork-Id: 100708 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id A61A8B6F83 for ; Fri, 17 Jun 2011 05:48:11 +1000 (EST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932294Ab1FPTr5 (ORCPT ); Thu, 16 Jun 2011 15:47:57 -0400 Received: from stinky.trash.net ([213.144.137.162]:64158 "EHLO stinky.trash.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932258Ab1FPTr1 (ORCPT ); Thu, 16 Jun 2011 15:47:27 -0400 Received: from x2.localnet. (localhost [127.0.0.1]) by stinky.trash.net (Postfix) with ESMTP id EEC33B2C49; Thu, 16 Jun 2011 21:47:25 +0200 (MEST) From: kaber@trash.net To: davem@davemloft.net Cc: netfilter-devel@vger.kernel.org, netdev@vger.kernel.org Subject: [PATCH 14/20] netfilter: ipset: take into account cidr value for the from address when creating the set Date: Thu, 16 Jun 2011 21:47:14 +0200 Message-Id: <1308253640-29942-15-git-send-email-kaber@trash.net> X-Mailer: git-send-email 1.7.2.3 In-Reply-To: <1308253640-29942-1-git-send-email-kaber@trash.net> References: <1308253640-29942-1-git-send-email-kaber@trash.net> Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org From: Jozsef Kadlecsik When creating a set from a range expressed as a network like 10.1.1.172/29, the from address was taken as the IP address part and not masked with the netmask from the cidr. Signed-off-by: Jozsef Kadlecsik Signed-off-by: Patrick McHardy --- net/netfilter/ipset/ip_set_bitmap_ip.c | 1 + 1 files changed, 1 insertions(+), 0 deletions(-) diff --git a/net/netfilter/ipset/ip_set_bitmap_ip.c b/net/netfilter/ipset/ip_set_bitmap_ip.c index 3b5920b..4932311 100644 --- a/net/netfilter/ipset/ip_set_bitmap_ip.c +++ b/net/netfilter/ipset/ip_set_bitmap_ip.c @@ -478,6 +478,7 @@ bitmap_ip_create(struct ip_set *set, struct nlattr *tb[], u32 flags) if (cidr >= 32) return -IPSET_ERR_INVALID_CIDR; + first_ip &= ip_set_hostmask(cidr); last_ip = first_ip | ~ip_set_hostmask(cidr); } else return -IPSET_ERR_PROTOCOL;