netfilter: ip6t_NPT: Fix translation for non-multiple of 32 prefix lengths
The bitmask used for the prefix mangling was being calculated incorrectly, leading to the wrong part of the address being replaced when the prefix length wasn't a multiple of 32. Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
parent
5389090b59
commit
906b1c394d
|
@ -57,7 +57,7 @@ static bool ip6t_npt_map_pfx(const struct ip6t_npt_tginfo *npt,
|
||||||
if (pfx_len - i >= 32)
|
if (pfx_len - i >= 32)
|
||||||
mask = 0;
|
mask = 0;
|
||||||
else
|
else
|
||||||
mask = htonl(~((1 << (pfx_len - i)) - 1));
|
mask = htonl((1 << (i - pfx_len + 32)) - 1);
|
||||||
|
|
||||||
idx = i / 32;
|
idx = i / 32;
|
||||||
addr->s6_addr32[idx] &= mask;
|
addr->s6_addr32[idx] &= mask;
|
||||||
|
|
Loading…
Reference in New Issue