fw4: support negative CIDR bit notation

Add support for CIDR notation with a negative bit count to be compatible
with firewall3.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>

diff --git a/root/usr/share/ucode/fw4.uc b/root/usr/share/ucode/fw4.uc
index 7ea8bc3e27f268e0ae29563ec9850633211cbabd..cfef69c14c98c8c7f579c851a22407d60bc1358d 100644 (file)
--- a/root/usr/share/ucode/fw4.uc
+++ b/root/usr/share/ucode/fw4.uc
@@ -131,14 +131,19 @@ const dscp_classes = {
 };
 
 function to_mask(bits, v6) {
-       let m = [];
+       let m = [], n = false;
 
-       if (bits < 0 || bits > (v6 ? 128 : 32))
+       if (bits < 0) {
+               n = true;
+               bits = -bits;
+       }
+
+       if (bits > (v6 ? 128 : 32))
                return null;
 
        for (let i = 0; i < (v6 ? 16 : 4); i++) {
                let b = (bits < 8) ? bits : 8;
-               m[i] = (0xff << (8 - b)) & 0xff;
+               m[i] = (n ? ~(0xff << (8 - b)) : (0xff << (8 - b))) & 0xff;
                bits -= b;
        }