[NETFILTER]: xt_iprange: fix subtraction-based comparison

The host address parts need to be converted to host-endian first before arithmetic makes any sense on them. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
git-mirror · Feb 20, 2008 · 27ecb1f · 27ecb1f
1 parent 7d9904c
commit 27ecb1f
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/net/netfilter/xt_iprange.c b/net/netfilter/xt_iprange.c
@@ -102,7 +102,7 @@ iprange_ipv6_sub(const struct in6_addr *a, const struct in6_addr *b)
 	int r;
 
 	for (i = 0; i < 4; ++i) {
-		r = (__force u32)a->s6_addr32[i] - (__force u32)b->s6_addr32[i];
+		r = ntohl(a->s6_addr32[i]) - ntohl(b->s6_addr32[i]);
 		if (r != 0)
 			return r;
 	}