netfilter: ip6t_NPT: Fix prefix mangling
authorYOSHIFUJI Hideaki / 吉藤英明 <yoshfuji@linux-ipv6.org>
Sat, 26 Jan 2013 08:38:44 +0000 (08:38 +0000)
committerPablo Neira Ayuso <pablo@netfilter.org>
Thu, 7 Feb 2013 17:40:26 +0000 (18:40 +0100)
Make sure only the bits that are part of the prefix are mangled.

Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
net/ipv6/netfilter/ip6t_NPT.c

index 68788c84aee7d3b17019c4fb75ef0f223539daf6..87b759c11da573f56a5010ef570618cd1f097512 100644 (file)
@@ -51,7 +51,7 @@ static bool ip6t_npt_map_pfx(const struct ip6t_npt_tginfo *npt,
 
                idx = i / 32;
                addr->s6_addr32[idx] &= mask;
 
                idx = i / 32;
                addr->s6_addr32[idx] &= mask;
-               addr->s6_addr32[idx] |= npt->dst_pfx.in6.s6_addr32[idx];
+               addr->s6_addr32[idx] |= ~mask & npt->dst_pfx.in6.s6_addr32[idx];
        }
 
        if (pfx_len <= 48)
        }
 
        if (pfx_len <= 48)