Displaying 1 result from an estimated 1 matches for "v6_mask".
2009 Jun 07
2
[Bug 597] New: ip6tables connlimit - cannot set CIDR greater than 32 (includes fix)
...wever, IPv6 addresses
have 128 bits.
iptables-1.4.3.2/extensions/libxt_connlimit.c (lines 26-30):
static void connlimit_init(struct xt_entry_match *match)
{
struct xt_connlimit_info *info = (void *)match->data;
info->v4_mask = 0xFFFFFFFFUL;
}
As "v4_mask" and "v6_mask[4]" are unioned, we're only initializing the most
significant 32 bits of the "v6_mask", but leaving the other 96 bits at zero
(zero-filling malloc assumed).
IPv4 Mask: FFFF FFFF (OK)
IPv6 Mask: FFFF FFFF 0000 0000 0000 0000 0000 0000 (PROBLEM)
This is the state of the mask BE...