Ticket #14: 0001-Handle-non-standard-subnets-in-PF-grammar.patch

File 0001-Handle-non-standard-subnets-in-PF-grammar.patch, 2.1 KB (added by Emmanuel Bretelle, 14 years ago)

handle non standard subnets patch

  • pf.c 

    From e88b07c46727e8f8fb51223f0d7ec3c3942079b4 Mon Sep 17 00:00:00 2001
From: chantra <chantra@debuntu.org>
Date: Wed, 2 Jun 2010 14:00:36 +0200
Subject: [PATCH] Handle non standard subnets in PF grammar

Allow subnets for like 192.168.100.8/28 to be understood
Signed-off-by: chantra <chantra@debuntu.org>
---
 pf.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/pf.c b/pf.c
index 3ce2ef2..f16ec9c 100644
    a b add_subnet (const char *line, const char *prefix, const int line_num, struct pf_ 
    121121    struct pf_subnet *e;
    122122    ALLOC_OBJ_CLEAR (e, struct pf_subnet);
    123123    e->rule.exclude = exclude;
    124     e->rule.network = ntohl (network.s_addr);
     124    e->rule.network = ntohl (network.s_addr) & netmask;
    125125    e->rule.netmask = netmask;
    126126    **next = e;
    127127    *next = &e->next;

  • pf.c 

    -- 
1.5.6.5


From abe1ebc000cedac085d8f7ea7a8ff8a6b2947f8d Mon Sep 17 00:00:00 2001
From: chantra <chantra@debuntu.org>
Date: Wed, 2 Jun 2010 16:21:38 +0200
Subject: [PATCH] WARN on incorrect subnet

Log a warning when subnet is incorrect and is being converted
to a sane value
Signed-off-by: chantra <chantra@debuntu.org>
---
 pf.c |    7 ++++++-
 1 files changed, 6 insertions(+), 1 deletions(-)

diff --git a/pf.c b/pf.c
index f16ec9c..aed836e 100644
    a b add_subnet (const char *line, const char *prefix, const int line_num, struct pf_ 
    109109          return false;
    110110        }
    111111      netmask = netbits_to_netmask (netbits);
     112      if ((network.s_addr & htonl (netmask)) != network.s_addr)
     113        {
     114          network.s_addr &= htonl (netmask);
     115          msg (M_WARN, "WARNING: PF: %s/%d: incorrect subnet %s/%d changed to %s/%d", prefix, line_num, line, netbits, inet_ntoa (network), netbits);
     116        }
    112117    }
    113118  else
    114119    {
    add_subnet (const char *line, const char *prefix, const int line_num, struct pf_ 
    121126    struct pf_subnet *e;
    122127    ALLOC_OBJ_CLEAR (e, struct pf_subnet);
    123128    e->rule.exclude = exclude;
    124     e->rule.network = ntohl (network.s_addr) & netmask;
     129    e->rule.network = ntohl (network.s_addr);
    125130    e->rule.netmask = netmask;
    126131    **next = e;
    127132    *next = &e->next;