From 89362a08fe4da0992e8dc10374b3d898fc78a4ea Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timo=20Ter=C3=A4s?= Date: Wed, 6 Feb 2013 14:01:46 +0200 Subject: auth-snmp: allow specifying management network prefix So we don't go and try querying untrusted LLDP capable devices in non-managed subnets. --- src/addr.c | 49 +++++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 43 insertions(+), 6 deletions(-) (limited to 'src/addr.c') diff --git a/src/addr.c b/src/addr.c index 47013f2..f79a26d 100644 --- a/src/addr.c +++ b/src/addr.c @@ -13,14 +13,22 @@ int addr_len(const sockaddr_any *addr) } } -sockaddr_any *addr_parse(blob_t b, sockaddr_any *addr) +sockaddr_any *addr_parse_prefix(blob_t b, sockaddr_any *addr, uint8_t *prefix_len) { memset(addr, 0, sizeof(*addr)); - addr->ipv4.sin_family = AF_INET; - addr->ipv4.sin_addr.s_addr = blob_inet_addr(b); - if (addr->ipv4.sin_addr.s_addr == -1) - return NULL; - return addr; + + if (blob_pull_inet_addr(&b, &addr->ipv4.sin_addr)) { + addr->ipv4.sin_family = AF_INET; + if (blob_pull_matching(&b, BLOB_STR("/"))) { + if (prefix_len == NULL) + return NULL; + *prefix_len = blob_pull_uint(&b, 10); + } + if (b.len != 0) + return NULL; + return addr; + } + return NULL; } unsigned long addr_hash(const sockaddr_any *addr) @@ -72,3 +80,32 @@ void addr_push_hostaddr(blob_t *b, const sockaddr_any *addr) } blob_push(b, f); } + +static int bitcmp(const uint8_t *a, const uint8_t *b, int len) +{ + int bytes, bits, mask, r; + + bytes = len / 8; + bits = len % 8; + + if (bytes != 0) { + r = memcmp(a, b, bytes); + if (r != 0) + return r; + } + if (bits != 0) { + mask = (0xff << (8 - bits)) & 0xff; + return ((int) (a[bytes] & mask)) - ((int) (b[bytes] & mask)); + } + return 0; +} + +int addr_prefix_cmp(const sockaddr_any *a, const sockaddr_any *b, int prefix) +{ + if (a->any.sa_family != b->any.sa_family) + return a->any.sa_family - b->any.sa_family; + + return bitcmp((const uint8_t *) &a->ipv4.sin_addr.s_addr, + (const uint8_t *) &b->ipv4.sin_addr.s_addr, + prefix); +} -- cgit v1.2.3