libxt_geoip attempts to byte-swap IPv6 addresses on little-endian systems but it doesn't get it quite right. Rather than doing ntohl on each 32-bit segment, it does ntohs on each 16-bit segment. This means that: 1234::cdef becomes: 2143::dcfe instead of: 4321::fedc Fixes: b91dbd03c717 ("geoip: store database in network byte order") Reported-by: "Thomas B. Clark" <kernel@xxxxxxxx> Signed-off-by: Jeremy Sowden <jeremy@xxxxxxxxxx> --- extensions/libxt_geoip.c | 28 ++++++++-------------------- 1 file changed, 8 insertions(+), 20 deletions(-) diff --git a/extensions/libxt_geoip.c b/extensions/libxt_geoip.c index 116f5f86eb01..5b8697dc6161 100644 --- a/extensions/libxt_geoip.c +++ b/extensions/libxt_geoip.c @@ -50,26 +50,6 @@ static struct option geoip_opts[] = { }; #if __BYTE_ORDER == __LITTLE_ENDIAN -static void geoip_swap_le16(uint16_t *buf) -{ - unsigned char *p = (void *)buf; - uint16_t n= p[0] + (p[1] << 8); - p[0] = (n >> 8) & 0xff; - p[1] = n & 0xff; -} - -static void geoip_swap_in6(struct in6_addr *in6) -{ - geoip_swap_le16(&in6->s6_addr16[0]); - geoip_swap_le16(&in6->s6_addr16[1]); - geoip_swap_le16(&in6->s6_addr16[2]); - geoip_swap_le16(&in6->s6_addr16[3]); - geoip_swap_le16(&in6->s6_addr16[4]); - geoip_swap_le16(&in6->s6_addr16[5]); - geoip_swap_le16(&in6->s6_addr16[6]); - geoip_swap_le16(&in6->s6_addr16[7]); -} - static void geoip_swap_le32(uint32_t *buf) { unsigned char *p = (void *)buf; @@ -79,6 +59,14 @@ static void geoip_swap_le32(uint32_t *buf) p[2] = (n >> 8) & 0xff; p[3] = n & 0xff; } + +static void geoip_swap_in6(struct in6_addr *in6) +{ + geoip_swap_le32(&in6->s6_addr32[0]); + geoip_swap_le32(&in6->s6_addr32[1]); + geoip_swap_le32(&in6->s6_addr32[2]); + geoip_swap_le32(&in6->s6_addr32[3]); +} #endif static void * -- 2.24.0