During delinearization we attempt to remove masks, for instance
ip saddr $x/32. (mask matches the entire size).
However, in some special cases the lhs size is unknown (0), this
happens f.e. with
'ct saddr original 1.2.3.4/24' which had its '/24' chopped off.
Signed-off-by: Florian Westphal <fw@xxxxxxxxx>
---
src/netlink_delinearize.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c
index a983fce..c9db27d 100644
--- a/src/netlink_delinearize.c
+++ b/src/netlink_delinearize.c
@@ -331,12 +331,14 @@ static void netlink_parse_bitwise(struct netlink_parse_ctx *ctx,
mpz_ior(m, m, o);
}
- if (mpz_scan0(m, 0) != left->len) {
+ if (left->len > 0 && mpz_scan0(m, 0) == left->len) {
+ /* mask encompasses the entire value */
+ expr_free(mask);
+ } else {
mpz_set(mask->value, m);
expr = binop_expr_alloc(loc, OP_AND, expr, mask);
expr->len = left->len;
- } else
- expr_free(mask);
+ }
if (mpz_cmp_ui(x, 0)) {
mpz_set(xor->value, x);
--
2.4.10
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
