[SR-Users] [permissions] 'address' table and mask priorirty

Iñaki Baz Castillo ibc at aliax.net
Wed Apr 28 19:04:20 CEST 2010


Hi, some time ago I asked if allow_source_address_group() gives
preference to the entries in 'address' table with lowest mask. I was
replied that such case is not analyzed.

But the fact is that in my tests it just works:

Entry 1:
- grp   = 1
- ip_addr =  9.9.9.9
- mask   =  32

Entry 2:
- grp   = 2
- ip_addr =  9.9.9.0
- mask   =  24

I send a request from IP 9.9.9.9 and the function
allow_source_address_group() always returns "1", it doesn't matter if
the entry 1 appears before or after the entry 2, neither their "id"
value.
So it works as I expected (even if it's not explained in the documentation).

However after checking the module code it seems that there are just two cases:
- IP addresses (mask = 32).
- Subnets (mask != 32).

So first the source address is always matched against he address hash,
and if it doesn't match then it is matched against the subnet hash,
but in this last case it is not taken into account any kind of
priority based on mask value, am I right?

Could somebody confirm it please? Thanks.


-- 
Iñaki Baz Castillo
<ibc at aliax.net>




More information about the sr-users mailing list