Understand networks in the filter rules. We don't

insist on x.x.x.0/24 - x.x.x.x/24 is ok too.
svn path=/head/; revision=31143
1997-11-12 21:04:21 +00:00 · 1997-11-12 21:04:21 +00:00 · a272e47d50 · 2020-12-20 02:59:44 +00:00
commit a272e47d50
parent 710e9c2970
1 changed files with 5 additions and 3 deletions
--- a/usr.sbin/ppp/ip.c
+++ b/usr.sbin/ppp/ip.c
@ -17,7 +17,7 @@
 * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
 * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
 *
- * $Id: ip.c,v 1.27 1997/10/26 12:42:10 brian Exp $
+ * $Id: ip.c,v 1.28 1997/11/12 19:48:45 brian Exp $
 *
 *	TODO:
 *		o Return ICMP message for filterd packet
@ -164,8 +164,10 @@ FilterCheck(struct ip * pip, int direction)
 	  return (A_PERMIT);
 	}
 	LogPrintf(LogDEBUG, "rule = %d\n", n);
-	if ((pip->ip_src.s_addr & fp->smask.s_addr) == fp->saddr.s_addr
-	    && (pip->ip_dst.s_addr & fp->dmask.s_addr) == fp->daddr.s_addr) {
+	if ((pip->ip_src.s_addr & fp->smask.s_addr) ==
+	    (fp->saddr.s_addr & fp->smask.s_addr) &&
+	    (pip->ip_dst.s_addr & fp->dmask.s_addr) ==
+	    (fp->daddr.s_addr & fp->dmask.s_addr)) {
 	  if (fp->proto) {
 	    if (!gotinfo) {
 	      ptop = (char *) pip + (pip->ip_hl << 2);