ignore meaningless bits in CIDR and warn about them

author: Igor Sysoev <igor@sysoev.ru> 2007-08-10 13:13:28 +0000
committer: Igor Sysoev <igor@sysoev.ru> 2007-08-10 13:13:28 +0000
commit: 845f6d553a48a74f12e9b80b7824d59da257bc82 (patch)
tree: 9b7866822b51333f875fd4bf147ebdd811b9d009
parent: 7a8e33993a1322c11c583d96c5c47498fda12859 (diff)
download: nginx-845f6d553a48a74f12e9b80b7824d59da257bc82.tar.gz
nginx-845f6d553a48a74f12e9b80b7824d59da257bc82.zip
5 files changed, 48 insertions, 9 deletions
diff --git a/src/core/ngx_inet.c b/src/core/ngx_inet.c
index de4cae280..31094ba59 100644
--- a/src/core/ngx_inet.c
+++ b/src/core/ngx_inet.c
@@ -214,7 +214,13 @@ ngx_ptocidr(ngx_str_t *text, void *cidr)
 
     in_cidr->mask = htonl((ngx_uint_t) (0 - (1 << (32 - m))));
 
-    return NGX_OK;
+    if (in_cidr->addr == (in_cidr->addr & in_cidr->mask)) {
+        return NGX_OK;
+    }
+
+    in_cidr->addr &= in_cidr->mask;
+
+    return NGX_DONE;
 }
 
 
diff --git a/src/event/ngx_event.c b/src/event/ngx_event.c
index d32fb7ffd..7a856d409 100644
--- a/src/event/ngx_event.c
+++ b/src/event/ngx_event.c
@@ -1038,8 +1038,9 @@ ngx_event_debug_connection(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
 #if (NGX_DEBUG)
     ngx_event_conf_t  *ecf = conf;
 
-    ngx_event_debug_t  *dc;
+    ngx_int_t           rc;
     ngx_str_t          *value;
+    ngx_event_debug_t  *dc;
     struct hostent     *h;
     ngx_inet_cidr_t     in_cidr;
 
@@ -1056,13 +1057,21 @@ ngx_event_debug_connection(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
 
     if (dc->addr != INADDR_NONE) {
         dc->mask = 0xffffffff;
-        return NGX_OK;
+        return NGX_CONF_OK;
+    }
+
+    rc = ngx_ptocidr(&value[1], &in_cidr);
+
+    if (rc == NGX_DONE) {
+        ngx_conf_log_error(NGX_LOG_WARN, cf, 0,
+                           "low address bits of %V are meaningless", &value[1]);
+        rc = NGX_OK;
     }
 
-    if (ngx_ptocidr(&value[1], &in_cidr) == NGX_OK) {
+    if (rc == NGX_OK) {
         dc->mask = in_cidr.mask;
         dc->addr = in_cidr.addr;
-        return NGX_OK;
+        return NGX_CONF_OK;
     }
 
     h = gethostbyname((char *) value[1].data);
@@ -1084,7 +1093,7 @@ ngx_event_debug_connection(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
 
 #endif
 
-    return NGX_OK;
+    return NGX_CONF_OK;
 }
 
 
diff --git a/src/http/modules/ngx_http_access_module.c b/src/http/modules/ngx_http_access_module.c
index 2cd8a8f24..e4e87b243 100644
--- a/src/http/modules/ngx_http_access_module.c
+++ b/src/http/modules/ngx_http_access_module.c
@@ -137,6 +137,7 @@ ngx_http_access_rule(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
 {
     ngx_http_access_loc_conf_t *alcf = conf;
 
+    ngx_int_t                rc;
     ngx_str_t               *value;
     ngx_inet_cidr_t          in_cidr;
     ngx_http_access_rule_t  *rule;
@@ -173,12 +174,19 @@ ngx_http_access_rule(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
         return NGX_CONF_OK;
     }
 
-    if (ngx_ptocidr(&value[1], &in_cidr) == NGX_ERROR) {
+    rc = ngx_ptocidr(&value[1], &in_cidr);
+
+    if (rc == NGX_ERROR) {
         ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "invalid parameter \"%V\"",
                            &value[1]);
         return NGX_CONF_ERROR;
     }
 
+    if (rc == NGX_DONE) {
+        ngx_conf_log_error(NGX_LOG_WARN, cf, 0,
+                           "low address bits of %V are meaningless", &value[1]);
+    }
+
     rule->mask = in_cidr.mask;
     rule->addr = in_cidr.addr;
 
diff --git a/src/http/modules/ngx_http_geo_module.c b/src/http/modules/ngx_http_geo_module.c
index 9c43bd716..bb9085e10 100644
--- a/src/http/modules/ngx_http_geo_module.c
+++ b/src/http/modules/ngx_http_geo_module.c
@@ -212,12 +212,20 @@ ngx_http_geo(ngx_conf_t *cf, ngx_command_t *dummy, void *conf)
         cidrin.mask = 0;
 
     } else {
-        if (ngx_ptocidr(&value[0], &cidrin) == NGX_ERROR) {
+        rc = ngx_ptocidr(&value[0], &cidrin);
+
+        if (rc == NGX_ERROR) {
             ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
                                "invalid parameter \"%V\"", &value[0]);
             return NGX_CONF_ERROR;
         }
 
+        if (rc == NGX_DONE) {
+            ngx_conf_log_error(NGX_LOG_WARN, cf, 0,
+                               "low address bits of %V are meaningless",
+                               &value[0]);
+        }
+
         cidrin.addr = ntohl(cidrin.addr);
         cidrin.mask = ntohl(cidrin.mask);
     }
diff --git a/src/http/modules/ngx_http_realip_module.c b/src/http/modules/ngx_http_realip_module.c
index ffb2028bf..4de4c1317 100644
--- a/src/http/modules/ngx_http_realip_module.c
+++ b/src/http/modules/ngx_http_realip_module.c
@@ -188,6 +188,7 @@ ngx_http_realip_from(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
 {
     ngx_http_realip_loc_conf_t *rlcf = conf;
 
+    ngx_int_t                 rc;
     ngx_str_t                *value;
     ngx_inet_cidr_t           in_cidr;
     ngx_http_realip_from_t   *from;
@@ -215,12 +216,19 @@ ngx_http_realip_from(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
         return NGX_CONF_OK;
     }
 
-    if (ngx_ptocidr(&value[1], &in_cidr) == NGX_ERROR) {
+    rc = ngx_ptocidr(&value[1], &in_cidr);
+
+    if (rc == NGX_ERROR) {
         ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "invalid parameter \"%V\"",
                            &value[1]);
         return NGX_CONF_ERROR;
     }
 
+    if (rc == NGX_DONE) {
+        ngx_conf_log_error(NGX_LOG_WARN, cf, 0,
+                           "low address bits of %V are meaningless", &value[1]);
+    }
+
     from->mask = in_cidr.mask;
     from->addr = in_cidr.addr;
author	Igor Sysoev <igor@sysoev.ru>	2007-08-10 13:13:28 +0000
committer	Igor Sysoev <igor@sysoev.ru>	2007-08-10 13:13:28 +0000
commit	845f6d553a48a74f12e9b80b7824d59da257bc82 (patch)
tree	9b7866822b51333f875fd4bf147ebdd811b9d009
parent	7a8e33993a1322c11c583d96c5c47498fda12859 (diff)
download	nginx-845f6d553a48a74f12e9b80b7824d59da257bc82.tar.gz nginx-845f6d553a48a74f12e9b80b7824d59da257bc82.zip