From 7a1a537f4344129b9a1fabb0c66c61963e605e45 Mon Sep 17 00:00:00 2001
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
Date: Mon, 14 May 2018 17:57:58 +0200
Subject: Mask IPs when showing from trie

Otherwise intermediate nodes that get collapsed to real nodes will
display the wrong value.
---
 allowedips.go | 22 ++++++----------------
 1 file changed, 6 insertions(+), 16 deletions(-)

diff --git a/allowedips.go b/allowedips.go
index e700dc4..5b1565e 100644
--- a/allowedips.go
+++ b/allowedips.go
@@ -16,7 +16,7 @@ import (
 type trieEntry struct {
 	cidr  uint
 	child [2]*trieEntry
-	bits  []byte
+	bits  net.IP
 	peer  *Peer
 
 	// index of "branching" bit
@@ -181,21 +181,11 @@ func (node *trieEntry) entriesForPeer(p *Peer, results []net.IPNet) []net.IPNet
 		return results
 	}
 	if node.peer == p {
-		var mask net.IPNet
-		mask.Mask = net.CIDRMask(int(node.cidr), len(node.bits)*8)
-		if len(node.bits) == net.IPv4len {
-			mask.IP = net.IPv4(
-				node.bits[0],
-				node.bits[1],
-				node.bits[2],
-				node.bits[3],
-			)
-		} else if len(node.bits) == net.IPv6len {
-			mask.IP = node.bits
-		} else {
-			panic(errors.New("unexpected address length"))
-		}
-		results = append(results, mask)
+		mask := net.CIDRMask(int(node.cidr), len(node.bits)*8)
+		results = append(results, net.IPNet{
+			Mask: mask,
+			IP: node.bits.Mask(mask),
+		})
 	}
 	results = node.child[0].entriesForPeer(p, results)
 	results = node.child[1].entriesForPeer(p, results)
-- 
cgit v1.2.3-59-g8ed1b