[libvirt] [PATCH[ nwfilter: Discard class D and E IP addresses when sniffing
Eric Blake
eblake at redhat.com
Fri Aug 13 19:56:12 UTC 2010
On 08/13/2010 01:45 PM, Stefan Berger wrote:
>>> - // skip eth. bcast and mcast addresses,
>>> + // skip eth. bcast and mcast addresses (224.0.0.0
> -
>>> + // 239.255.255.255), class E (255.*)
>>> // and zero address in DHCP Requests
>>> - if ((ntohl(vmaddr) & 0xc0000000) || vmaddr == 0)
> http://en.wikipedia.org/wiki/Classful_network
>
> Class D addresses have highest bits with pattern 1110 0000 -> 0xe0
> Class E addresses have highest bits with pattern 1111 0000 -> 0xf0
>
> I think my masks are fine and the masking with 0xf0 00 00 00 should also
> include 254.* = 0xfe.* .
In that case, the comments are wrong. Class E is more than 255.*, it is
240.0.0.0-255.255.255.255. And in that case, the bit operations can be
simplified:
if ((ntohl(vmaddr) & 0xc0000000) == 0xc0000000) || vmaddr == 0)
In other words, the logic bug is that we were rejecting IP addresses
that had 1 or 2, but not all three, of the top three bits set. The
desired action is to reject IP packets if all three of the top bits are
simultaneously set.
Let's see a v2 that gets the comments right, and uses the simpler logic.
--
Eric Blake eblake at redhat.com +1-801-349-2682
Libvirt virtualization library http://libvirt.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 619 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20100813/d83df2ae/attachment-0001.sig>
More information about the libvir-list
mailing list