auth-snmp: allow specifying management network prefix

So we don't go and try querying untrusted LLDP capable devices in
non-managed subnets.

1 files changed, 43 insertions, 6 deletions

diff --git a/src/addr.c b/src/addr.c
index 47013f2..f79a26d 100644
--- a/src/addr.c
+++ b/src/addr.c
@@ -13,14 +13,22 @@ int addr_len(const sockaddr_any *addr)
 	}
 }
 
-sockaddr_any *addr_parse(blob_t b, sockaddr_any *addr)
+sockaddr_any *addr_parse_prefix(blob_t b, sockaddr_any *addr, uint8_t *prefix_len)
 {
 	memset(addr, 0, sizeof(*addr));
-	addr->ipv4.sin_family = AF_INET;
-	addr->ipv4.sin_addr.s_addr = blob_inet_addr(b);
-	if (addr->ipv4.sin_addr.s_addr == -1)
-		return NULL;
-	return addr;
+
+	if (blob_pull_inet_addr(&b, &addr->ipv4.sin_addr)) {
+		addr->ipv4.sin_family = AF_INET;
+		if (blob_pull_matching(&b, BLOB_STR("/"))) {
+			if (prefix_len == NULL)
+				return NULL;
+			*prefix_len = blob_pull_uint(&b, 10);
+		}
+		if (b.len != 0)
+			return NULL;
+		return addr;
+	}
+	return NULL;
 }
 
 unsigned long addr_hash(const sockaddr_any *addr)
@@ -72,3 +80,32 @@ void addr_push_hostaddr(blob_t *b, const sockaddr_any *addr)
 	}
 	blob_push(b, f);
 }
+
+static int bitcmp(const uint8_t *a, const uint8_t *b, int len)
+{
+	int bytes, bits, mask, r;
+
+	bytes = len / 8;
+	bits  = len % 8;
+
+	if (bytes != 0) {
+		r = memcmp(a, b, bytes);
+		if (r != 0)
+			return r;
+	}
+	if (bits != 0) {
+		mask = (0xff << (8 - bits)) & 0xff;
+		return ((int) (a[bytes] & mask)) - ((int) (b[bytes] & mask));
+	}
+	return 0;
+}
+
+int addr_prefix_cmp(const sockaddr_any *a, const sockaddr_any *b, int prefix)
+{
+	if (a->any.sa_family != b->any.sa_family)
+		return a->any.sa_family - b->any.sa_family;
+
+	return bitcmp((const uint8_t *) &a->ipv4.sin_addr.s_addr,
+		      (const uint8_t *) &b->ipv4.sin_addr.s_addr,
+		      prefix);
+}