Re: [exim] CIDR mask matching behavior

Top Page
This message is part of the following thread:
M\the complete thread tree sorted by date
MMBrent Jones at <-
.MBrent Jones at ->
Delete this message
Reply to this message
Author: Phil Pennock
Date:  
To: Brent Jones
CC: Exim Mailing List
Subject: Re: [exim] CIDR mask matching behavior
On 2010-09-14 at 19:42 -0700, Brent Jones wrote:
> I noticed some unexpected behavior in Exim when doing send IP address
> checks in the SMTP ACL, and later on in the system filter.
> In ACL's, you can specify CIDR masks on a non-network address.
>
> IE you can have 10.10.10.15/24, which is valid as 10.10.10.15 would

This is the specification of a netblock which uses a masklen; the lower
bits don't matter and can be ignored.

> fit inside a /24 under 10.10.10.0
> However, in a system filter doing something like this:
>
> ${mask:$sender_host_address/24} is 10.10.10.15/24

The ${mask:...} expansion operator is explicitly defined to mask out the
address so that you can do a literal comparison and ignore the lower
bits.

${mask:$sender_host_address/24} is ${mask:10.10.10.15/24}

> Has anyone encountered this before, or is this working as intended in
> the system filter?

As intended.
-Phil

This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-[exim] CIDR mask matching behaviorRe: [exim] CIDR mask matching behavior->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)