diff options
| author | Henning Brauer <henning@cvs.openbsd.org> | 2003-03-19 15:56:09 +0000 |
|---|---|---|
| committer | Henning Brauer <henning@cvs.openbsd.org> | 2003-03-19 15:56:09 +0000 |
| commit | a3448ab6c1fd3f0d14c9373a5b81d49961763ab0 (patch) | |
| tree | 628fb30ffce7342a18f33c56b9ffbefeab191c17 /sbin/pfctl | |
| parent | e2c9874e85696f30b6f8468bce9767263386cdf4 (diff) | |
inet_net_pton acts weird when it comes to multicast addresses. so pass the
netmask given by the OP to host_v4(), and in case it wasn't specified, do
not trust inet_net_pton telling is it is a /4 but use /32. otherwise, "pass
in from 224.0.0.6" suddenly became "pass in from 224.0.0.0/4", which is
clearly not the desired result.
inet_net_pton behaviour under investigation, using the least intrusive fix
for now.
found after bug report From: Julien Bordet <zejames@greyhats.org> via dhartmei
ok daniel cedric
Diffstat (limited to 'sbin/pfctl')
| -rw-r--r-- | sbin/pfctl/pfctl_parser.c | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/sbin/pfctl/pfctl_parser.c b/sbin/pfctl/pfctl_parser.c index 0c9bebd1286..ead3eea931e 100644 --- a/sbin/pfctl/pfctl_parser.c +++ b/sbin/pfctl/pfctl_parser.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfctl_parser.c,v 1.145 2003/02/25 12:22:25 cedric Exp $ */ +/* $OpenBSD: pfctl_parser.c,v 1.146 2003/03/19 15:56:08 henning Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -63,7 +63,7 @@ void print_fromto(struct pf_rule_addr *, struct pf_rule_addr *, u_int8_t, u_int8_t, int); struct node_host *host_if(const char *, int); -struct node_host *host_v4(const char *); +struct node_host *host_v4(const char *, int); struct node_host *host_v6(const char *, int); struct node_host *host_dns(const char *, int, int); @@ -1149,7 +1149,7 @@ host(const char *s, int mask) cont = 0; /* IPv4 address? */ - if (cont && (h = host_v4(buf)) != NULL) + if (cont && (h = host_v4(buf, mask)) != NULL) cont = 0; free(buf); @@ -1206,7 +1206,7 @@ host_if(const char *s, int mask) } struct node_host * -host_v4(const char *s) +host_v4(const char *s, int mask) { struct node_host *h = NULL; struct in_addr ina; @@ -1220,6 +1220,10 @@ host_v4(const char *s) h->ifname = NULL; h->af = AF_INET; h->addr.v.a.addr.addr32[0] = ina.s_addr; + /* inet_net_pton acts strange w/ multicast addresses, RFC1112 */ + if (mask == -1 && h->addr.v.a.addr.addr8[0] >= 224 && + h->addr.v.a.addr.addr8[0] < 240) + bits = 32; set_ipmask(h, bits); h->next = NULL; h->tail = h; |