Hi,
On Thu, Jun 03, 2010 at 04:48:35PM +0200, chantra wrote:
> Please find below a patch to correct the behaviour.
>
> I have also opened a trac ticket :
> https://community.openvpn.net/openvpn/ticket/14
The patch itself looks good.
It's a bit of a philosophical issue what to do with network specifications
given like this - one approach would be to *reject* as a config error
("a /28 network cannot start at .8"), the other approach is what you have
done, to silently mask out the host bits, changing the .8/28 to .0/28.
Both have merits, your fix is somewhat less code then adding an extra input
validation check
if ((network.s_addr & netmask) != network.s_addr )
{ complain; }
- so: ACK from me.
(Since OpenVPN likes to print warnings, we *could* add code to print a
warning in this case - "warning: subnet address changed to match /%d,
new value is %s/%d").
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de
