From eb5915a9038b2009a147c34ced191baecd440245 Mon Sep 17 00:00:00 2001 From: Jesus Llorente Santos Date: Sun, 19 May 2019 19:37:13 +0000 Subject: [PATCH 1/2] Apply subnet mask to IP address --- iptc/ip4tc.py | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/iptc/ip4tc.py b/iptc/ip4tc.py index 29d77ea..b48eaa6 100644 --- a/iptc/ip4tc.py +++ b/iptc/ip4tc.py @@ -1064,9 +1064,6 @@ def set_src(self, src): saddr = _a_to_i(socket.inet_pton(socket.AF_INET, addr)) except socket.error: raise ValueError("invalid address %s" % (addr)) - ina = in_addr() - ina.s_addr = ct.c_uint32(saddr) - self.entry.ip.src = ina if not netm.isdigit(): try: @@ -1080,8 +1077,11 @@ def set_src(self, src): nmask = socket.htonl((2 ** imask - 1) << (32 - imask)) neta = in_addr() neta.s_addr = ct.c_uint32(nmask) - self.entry.ip.smsk = neta + # Apply subnet mask to IP address + ina = in_addr() + ina.s_addr = ct.c_uint32(saddr & nmask) + self.entry.ip.src = ina src = property(get_src, set_src) """This is the source network address with an optional network mask in @@ -1125,9 +1125,6 @@ def set_dst(self, dst): daddr = _a_to_i(socket.inet_pton(socket.AF_INET, addr)) except socket.error: raise ValueError("invalid address %s" % (addr)) - ina = in_addr() - ina.s_addr = ct.c_uint32(daddr) - self.entry.ip.dst = ina if not netm.isdigit(): try: @@ -1142,6 +1139,10 @@ def set_dst(self, dst): neta = in_addr() neta.s_addr = ct.c_uint32(nmask) self.entry.ip.dmsk = neta + # Apply subnet mask to IP address + ina = in_addr() + ina.s_addr = ct.c_uint32(daddr & nmask) + self.entry.ip.dst = ina dst = property(get_dst, set_dst) """This is the destination network address with an optional network mask From d788d71fc74765bf01a92a3f990e79a65cce4b30 Mon Sep 17 00:00:00 2001 From: Jesus Llorente Santos Date: Wed, 22 May 2019 18:40:44 +0000 Subject: [PATCH 2/2] Fix test_rule_address to compare against valid addresses --- tests/test_iptc.py | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/tests/test_iptc.py b/tests/test_iptc.py index 519e228..1d9f775 100755 --- a/tests/test_iptc.py +++ b/tests/test_iptc.py @@ -620,13 +620,13 @@ def tearDown(self): def test_rule_address(self): # valid addresses rule = iptc.Rule() - for addr in [("127.0.0.1/255.255.255.0", "127.0.0.1/255.255.255.0"), - ("!127.0.0.1/255.255.255.0", "!127.0.0.1/255.255.255.0"), - ("127.0.0.1/255.255.128.0", "127.0.0.1/255.255.128.0"), - ("127.0.0.1/16", "127.0.0.1/255.255.0.0"), - ("127.0.0.1/24", "127.0.0.1/255.255.255.0"), - ("127.0.0.1/17", "127.0.0.1/255.255.128.0"), - ("!127.0.0.1/17", "!127.0.0.1/255.255.128.0")]: + for addr in [("127.0.0.1/255.255.255.0", "127.0.0.0/255.255.255.0"), + ("!127.0.0.1/255.255.255.0", "!127.0.0.0/255.255.255.0"), + ("127.0.0.1/255.255.128.0", "127.0.0.0/255.255.128.0"), + ("127.0.0.1/16", "127.0.0.0/255.255.0.0"), + ("127.0.0.1/24", "127.0.0.0/255.255.255.0"), + ("127.0.0.1/17", "127.0.0.0/255.255.128.0"), + ("!127.0.0.1/17", "!127.0.0.0/255.255.128.0")]: rule.src = addr[0] self.assertEquals(rule.src, addr[1]) rule.dst = addr[0]