| Age | Commit message (Collapse) | Author |
|---|
|
Using a /0 prefix on an IP different from 0.0.0.0 is valid, but might
be a configuration mistake. Log warning message in this case so that
user can easily troubleshoot it.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
This is equivalent, but INADDR_BROADCAST is more descriptive.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Move warning messages to PPTP and L2TP modules. No other module
actually uses iprange, so it's perfectly valid to disable it, or at
least to not configure any range, when PPTP and L2TP aren't used.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
Protect conf_disable and client_ranges with a mutex.
Instead of directly setting conf_disable, load_ranges() now returns
a disable flag. The caller is in charge of propagating its value
in conf_disable.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
The previous parsing functions had a few problems:
* They did accept negative numbers in addresses (e.g. 192.0.2.-5).
* They relied on C undefined behaviour for detecting /0 prefix
length: "mask = htonl(~((1 << (32 - m)) - 1)" was wrong for m = 0,
because that resulted in a left shift of 32 bits, on a 32 bit wide
value (the right operand of a bitwise shift operator must be
strictly smaller than the width of the promoted left operand).
* They misinterpreted /32 prefixes as disable requests. In fact, due
to the undefined behaviour described above, /0 and /32 prefix
lengths were represented in the same way by parse1(), that is, with
an iprange_t structure where ->begin == ->end. Therefore
load_ranges() had no way to distinguish between them and did
disable the module in both cases.
This patch fixes these issues and brings the following improvements:
* It uses getaddrinfo() to parse IP addresses, so it accept (almost)
all IPv4 representations and is more easily extensible to IPv6 in
the future.
* It warns when the IP address used in CIDR notation is not the first
address in the range (e.g. the first address of 192.0.2.1/24 is
192.0.2.0, not 192.0.2.1).
* It doesn't _exit() on parsing failures, thus making the functions
usable in an EV_CONFIG_RELOAD handler.
While there, the unfinished tunnel_ranges code, which was already
commented, has been removed.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
|
|
|
|
|
|
|
|
|
