summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorYOSHIFUJI Hideaki / 吉藤英明 <yoshfuji@linux-ipv6.org>2013-01-26 09:38:44 +0100
committerPablo Neira Ayuso <pablo@netfilter.org>2013-02-07 18:40:26 +0100
commitd4c38fa87d2b05be5daafb6a92b6ad15b66da8cb (patch)
tree54bcf1050741d90e313a85ec7186c8ca73f0f067
parentnetfilter: ip6t_NPT: Fix adjustment calculation (diff)
downloadlinux-d4c38fa87d2b05be5daafb6a92b6ad15b66da8cb.tar.xz
linux-d4c38fa87d2b05be5daafb6a92b6ad15b66da8cb.zip
netfilter: ip6t_NPT: Fix prefix mangling
Make sure only the bits that are part of the prefix are mangled. Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r--net/ipv6/netfilter/ip6t_NPT.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/net/ipv6/netfilter/ip6t_NPT.c b/net/ipv6/netfilter/ip6t_NPT.c
index 68788c84aee7..87b759c11da5 100644
--- a/net/ipv6/netfilter/ip6t_NPT.c
+++ b/net/ipv6/netfilter/ip6t_NPT.c
@@ -51,7 +51,7 @@ static bool ip6t_npt_map_pfx(const struct ip6t_npt_tginfo *npt,
idx = i / 32;
addr->s6_addr32[idx] &= mask;
- addr->s6_addr32[idx] |= npt->dst_pfx.in6.s6_addr32[idx];
+ addr->s6_addr32[idx] |= ~mask & npt->dst_pfx.in6.s6_addr32[idx];
}
if (pfx_len <= 48)