On Jun 3, 2010, at 12:38:19, chantra wrote:
> Gert Doering <gert <at> greenie.muc.de> writes:
>
>
>> Both have merits, your fix is somewhat less code then adding an extra input
>> validation check
>>
>> if ((network.s_addr & netmask) != network.s_addr )
>> { complain; }
>>
>> - so: ACK from me.
>>
>> (Since OpenVPN likes to print warnings, we *could* add code to print a
>> warning in this case - "warning: subnet address changed to match /%d,
>> new value is %s/%d").
>>
>> gert
>
> Gert,
>
> As discussed on IRC, it make sense to "warn" the admin,
> but it seems it is all that can be done as this is
> being going on at runtime.
>
> I upated the patch and it will now display something like:
> WARNING: PF: /dev/shm/openvpn_pf_ff18e7030fd03ce91bd0432563e4eb1a.tmp/5:
> incorrect subnet 192.168.100.8/28 changed to 192.168.100.0/28
This seems rather pedantic to me...
---
Eric Crist
