GitList

Browse code

Handle non standard subnets in PF grammar

Allow subnets for like 192.168.100.8/28 to be understood. A warning
will be logged when subnet is incorrect and is being corrected to what
is assumed to be correct.

Signed-off-by: chantra <chantra@debuntu.org>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>

chantra authored on 2010/06/11 23:23:03
Showing 1 changed files

pf.c

History View file @ d2ad24c

@@ -109,6 +109,11 @@ add_subnet (const char *line, const char *prefix, const int line_num, struct pf_
 	  return false;
 	}
       netmask = netbits_to_netmask (netbits);
+      if ((network.s_addr & htonl (netmask)) != network.s_addr)
+        {
+          network.s_addr &= htonl (netmask);
+          msg (M_WARN, "WARNING: PF: %s/%d: incorrect subnet %s/%d changed to %s/%d", prefix, line_num, line, netbits, inet_ntoa (network), netbits);
+        }
     }
   else
     {

...	...	@@ -109,6 +109,11 @@ add_subnet (const char line, const char prefix, const int line_num, struct pf_
109	109	return false;
110	110	}
111	111	netmask = netbits_to_netmask (netbits);
	112	+ if ((network.s_addr & htonl (netmask)) != network.s_addr)
	113	+ {
	114	+ network.s_addr &= htonl (netmask);
	115	+ msg (M_WARN, "WARNING: PF: %s/%d: incorrect subnet %s/%d changed to %s/%d", prefix, line_num, line, netbits, inet_ntoa (network), netbits);
	116	+ }
112	117	}
113	118	else
114	119	{