On Mon, Sep 02, 2019 at 06:44:31PM +0200, Phil Sutter wrote:
> Code assumed host architecture to be Little Endian. Instead produce a
> proper mask by pushing the set bits into most significant position and
> apply htonl() on the result.
>
> Fixes: 3f6a2e90936bb ("conntrack: add support for CIDR notation")
> Signed-off-by: Phil Sutter <phil@xxxxxx>
> ---
> src/conntrack.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/src/conntrack.c b/src/conntrack.c
> index c980a13f33d2c..baafcbd869c12 100644
> --- a/src/conntrack.c
> +++ b/src/conntrack.c
> @@ -2210,7 +2210,7 @@ nfct_build_netmask(uint32_t *dst, int b, int n)
> dst[i] = 0xffffffff;
> b -= 32;
> } else if (b > 0) {
> - dst[i] = (1 << b) - 1;
> + dst[i] = htonl(((1 << b) - 1) << (32 - b));
Simply this instead?
dst[i] = htonl(((1 << b) - 1);
> b = 0;
> } else {
> dst[i] = 0;
> --
> 2.22.0
>
