Hmm.. thinking here.
Not sure we should warn this loudly on "clean" IPv4 netmasks. People are
very used to those, and do not really produce any problems for us.
But we definitely SHOULD barf loudly on odd masks, or even outright
reject them as fatal configuration errors when used in the ip acl.
Which brings the next isse. There is configurations which intentionally
do make use of odd IPv4 netmasks to simplify the config even if limited
to a single expression per acl. To support these we should add back the
functionalit by adding an maskedip acl type using linear list (basically
a copy of ip acl, changing store method from splay to list).
Questionable if this maskedip acl type should support IPv6. Alternative
name ipv4mask.
mån 2009-09-21 klockan 09:06 +1200 skrev Amos Jeffries:
> ------------------------------------------------------------
> revno: 9996
> committer: Amos Jeffries <squid3_at_treenet.co.nz>
> branch nick: trunk
> timestamp: Mon 2009-09-21 09:06:24 +1200
> message:
> Bug 2601: pt 2: Mixed v4/v6 src acl leads to TCP_DENIED
>
> - Remove 'odd' netmask support from ACL.
> - Fully deprecate netmask support for ACL.
>
> Earlier fix caused inconsistent handling between IPv4 and IPv6 builds of
> Squid. Which has turned out to be a bad idea.
> This fixes that by 'breaking' both build alternatives.
Received on Sun Sep 20 2009 - 22:09:45 MDT
This archive was generated by hypermail 2.2.0 : Mon Sep 21 2009 - 12:00:05 MDT