diff options
| author |   claudio <claudio@openbsd.org> | 2008-09-29 14:03:41 +0000 |
|---|---|---|
| committer | claudio <claudio@openbsd.org> | 2008-09-29 14:03:41 +0000 |
| commit | 314b7f084fc5f7cf2e84be28e3e62ce6553e95b8 (patch) | |
| tree | c151742211436f44c7344f09980684d56ca589b6 | |
| parent | Use large pic asm for access to errno (needed for pie). Originally from (diff) | |
| download | wireguard-openbsd-314b7f084fc5f7cf2e84be28e3e62ce6553e95b8.tar.xz wireguard-openbsd-314b7f084fc5f7cf2e84be28e3e62ce6553e95b8.zip | |
Correct the logic when matching prefixes. This solves issues where IPv6
prefixes where matched on a simple deny from any prefix 0.0.0.0/0 rule.
OK henning@
| -rw-r--r-- | usr.sbin/bgpd/rde_filter.c | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/usr.sbin/bgpd/rde_filter.c b/usr.sbin/bgpd/rde_filter.c index 526756dc00e..f3c40e253bd 100644 --- a/usr.sbin/bgpd/rde_filter.c +++ b/usr.sbin/bgpd/rde_filter.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rde_filter.c,v 1.54 2008/06/15 10:19:21 claudio Exp $ */ +/* $OpenBSD: rde_filter.c,v 1.55 2008/09/29 14:03:41 claudio Exp $ */ /* * Copyright (c) 2004 Claudio Jeker <claudio@openbsd.org> @@ -283,8 +283,11 @@ rde_filter_match(struct filter_rule *f, struct rde_aspath *asp, return (0); } - if (f->match.prefix.addr.af != 0 && - f->match.prefix.addr.af == prefix->af) { + if (f->match.prefix.addr.af != 0) { + if (f->match.prefix.addr.af != prefix->af) + /* don't use IPv4 rules for IPv6 and vice versa */ + return (0); + if (prefix_compare(prefix, &f->match.prefix.addr, f->match.prefix.len)) return (0); |