On Tue, Sep 03, 2019 at 10:34:47PM +0200, Pablo Neira Ayuso wrote:
> On Mon, Sep 02, 2019 at 06:44:31PM +0200, Phil Sutter wrote:
> > Code assumed host architecture to be Little Endian. Instead produce a
> > proper mask by pushing the set bits into most significant position and
> > apply htonl() on the result.
> >
> > Fixes: 3f6a2e90936bb ("conntrack: add support for CIDR notation")
> > Signed-off-by: Phil Sutter <phil@xxxxxx>
> > ---
> > src/conntrack.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/src/conntrack.c b/src/conntrack.c
> > index c980a13f33d2c..baafcbd869c12 100644
> > --- a/src/conntrack.c
> > +++ b/src/conntrack.c
> > @@ -2210,7 +2210,7 @@ nfct_build_netmask(uint32_t *dst, int b, int n)
> > dst[i] = 0xffffffff;
> > b -= 32;
> > } else if (b > 0) {
> > - dst[i] = (1 << b) - 1;
> > + dst[i] = htonl(((1 << b) - 1) << (32 - b));
>
> Simply this instead?
>
> dst[i] = htonl(((1 << b) - 1);
You got me confused, so I played with different options. To see the
results, I used:
| union {
| uint32_t i;
| char b[4];
| } u;
What we need in b is 'ff ff ff 00' for a prefix length of 24. Your
suggested alternative does not compile, so I tried both options for the
closing brace:
| htonl((1 << 24) - 1)
This turns into '00 ff ff ff' for both LE and BE, the opposite of what
we need.
| htonl((1 << 24)) - 1
This turns into '00 00 00 00' on LE and '00 ff ff ff' on BE.
My code leads to correct result on either architecture and I don't see a
simpler way of doing it.
Cheers, Phil
