On Thu, Dec 01, 2016 at 05:15:11AM +0300, SviMik wrote:
> While I admit that it is *extremely* unlikely to have a network larger than 
> /8, such logic still looks a little clumsy. It does not cover all the valid 
> netmasks neither it detects all possible invalid ones.

This is true, but not really relevant.  Right now, it will just do funky
things, and there is no indication in the logs where to look.

Nobody uses non-contiguous netmasks these days (like ""),
so everything *normal* starts with a string of 1-bits, and a valid IPv4
address never starts with 1111xxxx, so checking for "255." at the start
of something that could be "a netmask or a remote IPv4 address" will
get it right in about all cases we care about.

If someone insists on doing a /7 on their tun interface, they better
know really well what they are doing.

USENET is *not* the non-clickable part of WWW!
Gert Doering - Munich, Germany                             g...@greenie.muc.de
fax: +49-89-35655025                        g...@net.informatik.tu-muenchen.de

Attachment: signature.asc
Description: PGP signature

Openvpn-devel mailing list

Reply via email to