[Serusers] Src_ip matching
Andrei Pelinescu-Onciul
pelinescu-onciul at fokus.fraunhofer.de
Tue Sep 28 12:30:19 CEST 2004
On Sep 26, 2004 at 14:13, Michael Shuler <mike at bwsys.net> wrote:
> I figured it out. SER apparently uses strict sub netting. A /27 is 32 IP's
> and 80 is not evenly divisible by 32. I changed it to /28 which is 16 IP's
> and since 80/16 = 5 with no remainder it now works. It would be nice if SER
> didn't have that limitation but its not that big of a deal because I can
> just put an || in the if statement.
For src_ip == ip/mask, ser does (src_ip & mask) == ip.
You would like it to do: (src_ip & mask) == (ip & mask) ?
The change would be trivial, the only question is if it brings any
unexpected matches. In your case x.x.x.80/27 would be equivalent to
x.x.x.64/27.
Andrei
More information about the sr-users
mailing list