From 69bdcb641431f07728d128a259ff8281547f62c8 Mon Sep 17 00:00:00 2001 From: Mark Wooding Date: Thu, 28 Sep 2017 19:26:51 +0100 Subject: [PATCH] svc/conntrack.in: Factor out network parsing. The new function is a little stricter than the old one. The address given must actually be the base address of the network, rather than any old address within it. --- svc/conntrack.in | 22 ++++++++++++++-------- 1 file changed, 14 insertions(+), 8 deletions(-) diff --git a/svc/conntrack.in b/svc/conntrack.in index ef042f78..2dc380b9 100644 --- a/svc/conntrack.in +++ b/svc/conntrack.in @@ -100,6 +100,18 @@ def toposort(cmp, things): def parse_address(addrstr): return unpack('>L', S.inet_aton(addrstr))[0] +def parse_net(netstr): + try: sl = netstr.index('/') + except ValueError: raise ValueError('missing mask') + addr = parse_address(netstr[:sl]) + if netstr[sl + 1:].isdigit(): + n = int(netstr[sl + 1:], 10) + mask = (1 << 32) - (1 << 32 - n) + else: + mask = parse_address(netstr[sl + 1:]) + if addr&~mask: raise ValueError('network contains bits set beyond mask') + return addr, mask + def straddr(a): return a is None and '#' or S.inet_ntoa(pack('>L', a)) def strmask(m): for i in xrange(33): @@ -181,14 +193,8 @@ class Config (object): ## Syntax of a net is ADDRESS/MASK, where ADDRESS is a dotted-quad, ## and MASK is either a dotted-quad or a single integer N indicating ## a mask with N leading ones followed by trailing zeroes. - slash = net.index('/') - addr = parse_address(net[:slash]) - if net[slash + 1:].isdigit(): - n = int(net[slash + 1:], 10) - mask = (1 << 32) - (1 << 32 - n) - else: - mask = parse_address(net[slash + 1:]) - pats.append((tag, peer, addr & mask, mask)) + addr, mask = parse_net(net) + pats.append((tag, peer, addr, mask)) ## Annoyingly, RawConfigParser doesn't preserve the order of options. ## In order to make things vaguely sane, we topologically sort the -- 2.11.0