Handle non standard subnets in PF grammar

Allow subnets for like 192.168.100.8/28 to be understood. A warning will be logged when subnet is incorrect and is being corrected to what is assumed to be correct. Signed-off-by: chantra <chantra@debuntu.org> Acked-by: Gert Doering <gert@greenie.muc.de> Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
author: chantra <chantra@debuntu.org> 2010-06-11 16:23:03 +0200
committer: David Sommerseth <dazo@users.sourceforge.net> 2010-10-21 11:40:36 +0200
commit: d2ad24c062c0d1870d826ecbb9506f893896f50c (patch)
tree: 564606c2fd6525139af896e526d6d39b8e19471b /pf.c
parent: OCSP_check.sh: new check logic (diff)
download: openvpn-d2ad24c062c0d1870d826ecbb9506f893896f50c.tar.xz
1 files changed, 5 insertions, 0 deletions
diff --git a/pf.c b/pf.c
index 3ce2ef2..aed836e 100644
--- a/pf.c
+++ b/pf.c
@@ -109,6 +109,11 @@ add_subnet (const char *line, const char *prefix, const int line_num, struct pf_
 	  return false;
 	}
       netmask = netbits_to_netmask (netbits);
+      if ((network.s_addr & htonl (netmask)) != network.s_addr)
+        {
+          network.s_addr &= htonl (netmask);
+          msg (M_WARN, "WARNING: PF: %s/%d: incorrect subnet %s/%d changed to %s/%d", prefix, line_num, line, netbits, inet_ntoa (network), netbits);
+        }
     }
   else
     {
author	chantra <chantra@debuntu.org>	2010-06-11 16:23:03 +0200
committer	David Sommerseth <dazo@users.sourceforge.net>	2010-10-21 11:40:36 +0200
commit	d2ad24c062c0d1870d826ecbb9506f893896f50c (patch)
tree	564606c2fd6525139af896e526d6d39b8e19471b /pf.c
parent	OCSP_check.sh: new check logic (diff)
download	openvpn-d2ad24c062c0d1870d826ecbb9506f893896f50c.tar.xz