From 508294eabafbbf8d898ac2a94fa05262ad244dcf Mon Sep 17 00:00:00 2001
From: Mark Wooding <mdw@distorted.org.uk>
Date: Thu, 28 Sep 2017 19:10:34 +0100
Subject: [PATCH] svc/conntrack.in: Fix netmask parsing.

  * Improve the checking for a prefix length: see if the thing is
    entirely made of digits, rather than searching for a `.'.

  * More importantly, if we have a general netmask, then parse the
    correct part of the network spec as the mask.
---
 svc/conntrack.in | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/svc/conntrack.in b/svc/conntrack.in
index 79b47d88..1b9f5819 100644
--- a/svc/conntrack.in
+++ b/svc/conntrack.in
@@ -171,11 +171,11 @@ class Config (object):
         ## a mask with N leading ones followed by trailing zeroes.
         slash = net.index('/')
         addr, = unpack('>L', S.inet_aton(net[:slash]))
-        if net.find('.', slash + 1) >= 0:
-          mask, = unpack('>L', S.inet_aton(net[:slash]))
-        else:
+        if net[slash + 1:].isdigit():
           n = int(net[slash + 1:], 10)
           mask = (1 << 32) - (1 << 32 - n)
+        else:
+          mask, = unpack('>L', S.inet_aton(net[slash + 1:]))
         pats.append((tag, peer, addr & mask, mask))
 
       ## Annoyingly, RawConfigParser doesn't preserve the order of options.
-- 
2.11.0