| From: Paul Wouters <[email protected]> | One of the test cases showed an issue with binding a received address | from the addresspool by an XAUTH client. It turned out it was 192.0.2.0. | | I would suggest that if an addresspool is defined that includes | a.b.c.0/32 that we actually skip that address and not hand it out. | | And do the same with a.b.c.255/32
Are you saying we don't live in a classless world? This is embarassing. Do we have a way of knowing the whole local subnet? If so, we might ban the top and bottom addresses of it (not the top and bottom of the addressrange). Or if we know the gateway (us), we might ban that. But banning ought to be: refuse the addresspool, not silently trim it. Don't work around idiots, educate them (convert them from being idiots). _______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
