mirror of
https://github.com/systemd/systemd.git
synced 2024-10-30 06:25:37 +03:00
Merge pull request #21940 from yuwata/network-wireguard-mask-allowed-ips
network: wireguard: handle invalid AllowedIPs= gracefully
This commit is contained in:
commit
af73d8bd83
@ -686,6 +686,7 @@ int config_parse_wireguard_allowed_ips(
|
||||
|
||||
for (const char *p = rvalue;;) {
|
||||
_cleanup_free_ char *word = NULL;
|
||||
union in_addr_union masked;
|
||||
|
||||
r = extract_first_word(&p, &word, "," WHITESPACE, 0);
|
||||
if (r == 0)
|
||||
@ -705,13 +706,23 @@ int config_parse_wireguard_allowed_ips(
|
||||
continue;
|
||||
}
|
||||
|
||||
masked = addr;
|
||||
assert_se(in_addr_mask(family, &masked, prefixlen) >= 0);
|
||||
if (!in_addr_equal(family, &masked, &addr)) {
|
||||
_cleanup_free_ char *buf = NULL;
|
||||
|
||||
(void) in_addr_prefix_to_string(family, &masked, prefixlen, &buf);
|
||||
log_syntax(unit, LOG_WARNING, filename, line, 0,
|
||||
"Specified address '%s' is not properly masked, assuming '%s'.", word, strna(buf));
|
||||
}
|
||||
|
||||
ipmask = new(WireguardIPmask, 1);
|
||||
if (!ipmask)
|
||||
return log_oom();
|
||||
|
||||
*ipmask = (WireguardIPmask) {
|
||||
.family = family,
|
||||
.ip = addr,
|
||||
.ip = masked,
|
||||
.cidr = prefixlen,
|
||||
};
|
||||
|
||||
|
@ -12,7 +12,7 @@ RouteMetric=456
|
||||
|
||||
[WireGuardPeer]
|
||||
PublicKey=RDf+LSpeEre7YEIKaxg+wbpsNV7du+ktR99uBEtIiCA=
|
||||
AllowedIPs=fd31:bf08:57cb::/48,192.168.26.0/24
|
||||
AllowedIPs=fd31:bf08:57cb::/48,192.168.26.3/24
|
||||
#Endpoint=wireguard.example.com:51820
|
||||
Endpoint=192.168.27.3:51820
|
||||
PresharedKey=IIWIV17wutHv7t4cR6pOT91z6NSz/T8Arh0yaywhw3M=
|
||||
|
Loading…
Reference in New Issue
Block a user