From 23e563d86b412632644bdc4a886b0b7fb60e5175 Mon Sep 17 00:00:00 2001 From: Ondrej Zajicek Date: Sat, 30 May 2009 00:35:35 +0200 Subject: [PATCH] Fixes buggy prefix ~ prefix matching. --- filter/filter.c | 20 +++----------------- 1 file changed, 3 insertions(+), 17 deletions(-) diff --git a/filter/filter.c b/filter/filter.c index 313d2fa7..7499843a 100644 --- a/filter/filter.c +++ b/filter/filter.c @@ -178,25 +178,11 @@ val_simple_in_range(struct f_val v1, struct f_val v2) return patmatch(v2.val.s, v1.val.s); if ((v1.type == T_IP) && (v2.type == T_PREFIX)) - return !(ipa_compare(ipa_and(v2.val.px.ip, ipa_mkmask(v2.val.px.len)), ipa_and(v1.val.px.ip, ipa_mkmask(v2.val.px.len)))); + return ipa_in_net(v1.val.px.ip, v2.val.px.ip, v2.val.px.len); - if ((v1.type == T_PREFIX) && (v2.type == T_PREFIX)) { + if ((v1.type == T_PREFIX) && (v2.type == T_PREFIX)) + return ipa_in_net(v1.val.px.ip, v2.val.px.ip, v2.val.px.len) && (v1.val.px.len >= v2.val.px.len); - if (v1.val.px.len & (LEN_PLUS | LEN_MINUS | LEN_RANGE)) - return CMP_ERROR; - - int p1 = v1.val.px.len & LEN_MASK; - int p2 = v2.val.px.len & LEN_MASK; - ip_addr mask = ipa_mkmask(MIN(p1, p2)); - - if (ipa_compare(ipa_and(v2.val.px.ip, mask), ipa_and(v1.val.px.ip, mask))) - return 0; - - int l, h; - f_prefix_get_bounds(&v2.val.px, &l, &h); - - return ((l <= v1.val.px.len) && (v1.val.px.len <= h)); - } return CMP_ERROR; }