netfilter: ipset: take into account cidr value for the from address when creating the set

When creating a set from a range expressed as a network like 10.1.1.172/29, the from address was taken as the IP address part and not masked with the netmask from the cidr. Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> Signed-off-by: Patrick McHardy <kaber@trash.net>

netfilter: ipset: take into account cidr value for the from address when creating the set
When creating a set from a range expressed as a network like 10.1.1.172/29, the from address was taken as the IP address part and not masked with the netmask from the cidr. Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> Signed-off-by: Patrick McHardy <kaber@trash.net>
f3dfd153 · Jozsef Kadlecsik · Patrick McHardy · c64562ea · f3dfd153
Commit f3dfd153 authored Jun 16, 2011 by Jozsef Kadlecsik Committed by Patrick McHardy Jun 16, 2011
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 0 deletions

net/netfilter/ipset/ip_set_bitmap_ip.c net/netfilter/ipset/ip_set_bitmap_ip.c +1 -0

No files found.
--- a/net/netfilter/ipset/ip_set_bitmap_ip.c
+++ b/net/netfilter/ipset/ip_set_bitmap_ip.c
@@ -478,6 +478,7 @@ bitmap_ip_create(struct ip_set *set, struct nlattr *tb[], u32 flags)
 		if (cidr >= 32)
 			return -IPSET_ERR_INVALID_CIDR;
+		first_ip &= ip_set_hostmask(cidr);
 		last_ip = first_ip | ~ip_set_hostmask(cidr);
 	} else
 		return -IPSET_ERR_PROTOCOL;