From e624bc83143e9c5528e0874763e14d1947cbb62f Mon Sep 17 00:00:00 2001 From: Henning Brauer Date: Mon, 26 Jan 2004 23:11:37 +0000 Subject: we must not omit printing the netmask when it is all zero, this is dangerous - 1.2.3.4/0 is not equal to 1.2.3.4... this "helped" to make failure already only omit the netmask when both the addr and the mask itself are all zero (the "any" case) ok dhartmei@ mcbride@ --- sbin/pfctl/pf_print_state.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'sbin/pfctl') diff --git a/sbin/pfctl/pf_print_state.c b/sbin/pfctl/pf_print_state.c index 3c2353345b1..641a88e2474 100644 --- a/sbin/pfctl/pf_print_state.c +++ b/sbin/pfctl/pf_print_state.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_print_state.c,v 1.37 2003/12/31 11:18:24 cedric Exp $ */ +/* $OpenBSD: pf_print_state.c,v 1.38 2004/01/26 23:11:36 henning Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -100,7 +100,10 @@ print_addr(struct pf_addr_wrap *addr, sa_family_t af, int verbose) printf("?"); return; } - if (! PF_AZERO(&addr->v.a.mask, af)) { + + /* mask if not _both_ address and mask are zero */ + if (!(PF_AZERO(&addr->v.a.addr, AF_INET6) && + PF_AZERO(&addr->v.a.mask, AF_INET6))) { int bits = unmask(&addr->v.a.mask, af); if (bits != (af == AF_INET ? 32 : 128)) -- cgit v1.2.3