diff options
| author |   David S. Miller <davem@davemloft.net> | 2013-04-04 17:41:53 -0400 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2013-04-04 17:41:53 -0400 |
| commit | 4f4ecd5f2a94135a8a556232aa9ddc55944d9c8f (patch) | |
| tree | 99a4808dce728bc3b7bfe6ca6a5eae4bd6eeac99 /net/ipv6 | |
| parent | Merge branch 'for-davem' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless into wireless (diff) | |
| parent | netfilter: ip6t_NPT: Fix translation for non-multiple of 32 prefix lengths (diff) | |
| download | linux-dev-4f4ecd5f2a94135a8a556232aa9ddc55944d9c8f.tar.xz linux-dev-4f4ecd5f2a94135a8a556232aa9ddc55944d9c8f.zip | |
Merge branch 'master' of git://1984.lsi.us.es/nf
Pablo Neira Ayuso says:
====================
The following patchset contains netfilter updates for your net tree,
they are:
* Fix missing the skb->trace reset in nf_reset, noticed by Gao Feng
while using the TRACE target with several net namespaces.
* Fix prefix translation in IPv6 NPT if non-multiple of 32 prefixes
are used, from Matthias Schiffer.
* Fix invalid nfacct objects with empty name, they are now rejected
with -EINVAL, spotted by Michael Zintakis, patch from myself.
* A couple of fixes for wrong return values in the error path of
nfnetlink_queue and nf_conntrack, from Wei Yongjun.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv6')
| -rw-r--r-- | net/ipv6/netfilter/ip6t_NPT.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/net/ipv6/netfilter/ip6t_NPT.c b/net/ipv6/netfilter/ip6t_NPT.c index 33608c610276..cb631143721c 100644 --- a/net/ipv6/netfilter/ip6t_NPT.c +++ b/net/ipv6/netfilter/ip6t_NPT.c @@ -57,7 +57,7 @@ static bool ip6t_npt_map_pfx(const struct ip6t_npt_tginfo *npt, if (pfx_len - i >= 32) mask = 0; else - mask = htonl(~((1 << (pfx_len - i)) - 1)); + mask = htonl((1 << (i - pfx_len + 32)) - 1); idx = i / 32; addr->s6_addr32[idx] &= mask; |