Correct netmask generation in tcfilters

Signed-off-by: Tom Eastep <teastep@shorewall.net> git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9850 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2009-04-12 15:22:00 +00:00 · 2009-04-12 15:22:00 +00:00 · 347090da6e
commit 347090da6e
parent 97e61965c0
3 changed files with 7 additions and 1 deletions
--- a/Shorewall/Perl/Shorewall/IPAddrs.pm
+++ b/Shorewall/Perl/Shorewall/IPAddrs.pm
@ -121,7 +121,7 @@ INIT {
 sub vlsm_to_mask( $ ) {
    my $vlsm = $_[0];
-    in_hex8 ( ( 0xFFFFFFFF << ( 32 - $vlsm ) ) && 0xFFFFFFFF );
+    in_hex8 ( ( 0xFFFFFFFF << ( 32 - $vlsm ) ) & 0xFFFFFFFF );
 }
 sub valid_4address( $ ) {
--- a/Shorewall/changelog.txt
+++ b/Shorewall/changelog.txt
@ -2,6 +2,8 @@ Changes in Shorewall 4.3.9
 1) Logging rules now create separate chain.
 2) Fix netmask genereation in tcfilters.
 Changes in Shorewall 4.3.8
 1) Apply Tuomo Soini's patch for USE_DEFAULT_RT.
--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@ -60,6 +60,10 @@ released late in 2009.
 1)  If an interface name was specified in a PREROUTING rule (tcrules or
    notrack) then an invalid iptables rule would be generated.
 2)  When a network address appeared in the SOURCE or DEST column of
    /etc/shorewall/tcfilters, an incorrect netmask was being generated in
    the resulting 'tc' rule.
 ----------------------------------------------------------------------------
             K N O W N   P R O B L E M S   R E M A I N I N G
 ----------------------------------------------------------------------------