diff options
-rw-r--r-- | nest/config.Y | 4 | ||||
-rw-r--r-- | nest/iface.c | 18 |
2 files changed, 15 insertions, 7 deletions
diff --git a/nest/config.Y b/nest/config.Y index 792012e7..7bb05259 100644 --- a/nest/config.Y +++ b/nest/config.Y @@ -181,8 +181,8 @@ iface_patt_node_init: iface_patt_node_body: TEXT { this_ipn->pattern = $1; this_ipn->prefix = IPA_NONE; this_ipn->pxlen = 0; } - | prefix { this_ipn->pattern = NULL; this_ipn->prefix = $1.addr; this_ipn->pxlen = $1.len; } - | TEXT prefix { this_ipn->pattern = $1; this_ipn->prefix = $2.addr; this_ipn->pxlen = $2.len; } + | prefix_or_ipa { this_ipn->pattern = NULL; this_ipn->prefix = $1.addr; this_ipn->pxlen = $1.len; } + | TEXT prefix_or_ipa { this_ipn->pattern = $1; this_ipn->prefix = $2.addr; this_ipn->pxlen = $2.len; } ; iface_negate: diff --git a/nest/iface.c b/nest/iface.c index a80e9736..4d0cf04c 100644 --- a/nest/iface.c +++ b/nest/iface.c @@ -588,12 +588,20 @@ iface_patt_match(struct iface_patt *ifp, struct iface *i, struct ifa *a) continue; } - // FIXME there should be check for prefix in prefix. (?) - if (p->pxlen) - if (!a || !ipa_in_net(a->ip, p->prefix, p->pxlen)) - continue; + if (p->pxlen == 0) + return pos; - return pos; + if (!a) + continue; + + if (ipa_in_net(a->ip, p->prefix, p->pxlen)) + return pos; + + if ((a->flags & IA_UNNUMBERED) && + ipa_in_net(a->opposite, p->prefix, p->pxlen)) + return pos; + + continue; } return 0; |