fw4: support negative CIDR bit notation

Add support for CIDR notation with a negative bit count to be compatible
with firewall3.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>

1 files changed, 8 insertions, 3 deletions

diff --git a/root/usr/share/ucode/fw4.uc b/root/usr/share/ucode/fw4.uc
index 7ea8bc3..cfef69c 100644
--- a/root/usr/share/ucode/fw4.uc
+++ b/root/usr/share/ucode/fw4.uc
@@ -131,14 +131,19 @@ const dscp_classes = {
 };
 
 function to_mask(bits, v6) {
-	let m = [];
+	let m = [], n = false;
 
-	if (bits < 0 || bits > (v6 ? 128 : 32))
+	if (bits < 0) {
+		n = true;
+		bits = -bits;
+	}
+
+	if (bits > (v6 ? 128 : 32))
 		return null;
 
 	for (let i = 0; i < (v6 ? 16 : 4); i++) {
 		let b = (bits < 8) ? bits : 8;
-		m[i] = (0xff << (8 - b)) & 0xff;
+		m[i] = (n ? ~(0xff << (8 - b)) : (0xff << (8 - b))) & 0xff;
 		bits -= b;
 	}