ignore meaningless bits in CIDR and warn about them
diff --git a/src/core/ngx_inet.c b/src/core/ngx_inet.c
index de4cae2..31094ba 100644
--- a/src/core/ngx_inet.c
+++ b/src/core/ngx_inet.c
@@ -214,7 +214,13 @@
in_cidr->mask = htonl((ngx_uint_t) (0 - (1 << (32 - m))));
- return NGX_OK;
+ if (in_cidr->addr == (in_cidr->addr & in_cidr->mask)) {
+ return NGX_OK;
+ }
+
+ in_cidr->addr &= in_cidr->mask;
+
+ return NGX_DONE;
}
diff --git a/src/event/ngx_event.c b/src/event/ngx_event.c
index d32fb7f..7a856d4 100644
--- a/src/event/ngx_event.c
+++ b/src/event/ngx_event.c
@@ -1038,8 +1038,9 @@
#if (NGX_DEBUG)
ngx_event_conf_t *ecf = conf;
- ngx_event_debug_t *dc;
+ ngx_int_t rc;
ngx_str_t *value;
+ ngx_event_debug_t *dc;
struct hostent *h;
ngx_inet_cidr_t in_cidr;
@@ -1056,13 +1057,21 @@
if (dc->addr != INADDR_NONE) {
dc->mask = 0xffffffff;
- return NGX_OK;
+ return NGX_CONF_OK;
}
- if (ngx_ptocidr(&value[1], &in_cidr) == NGX_OK) {
+ rc = ngx_ptocidr(&value[1], &in_cidr);
+
+ if (rc == NGX_DONE) {
+ ngx_conf_log_error(NGX_LOG_WARN, cf, 0,
+ "low address bits of %V are meaningless", &value[1]);
+ rc = NGX_OK;
+ }
+
+ if (rc == NGX_OK) {
dc->mask = in_cidr.mask;
dc->addr = in_cidr.addr;
- return NGX_OK;
+ return NGX_CONF_OK;
}
h = gethostbyname((char *) value[1].data);
@@ -1084,7 +1093,7 @@
#endif
- return NGX_OK;
+ return NGX_CONF_OK;
}
diff --git a/src/http/modules/ngx_http_access_module.c b/src/http/modules/ngx_http_access_module.c
index 2cd8a8f..e4e87b2 100644
--- a/src/http/modules/ngx_http_access_module.c
+++ b/src/http/modules/ngx_http_access_module.c
@@ -137,6 +137,7 @@
{
ngx_http_access_loc_conf_t *alcf = conf;
+ ngx_int_t rc;
ngx_str_t *value;
ngx_inet_cidr_t in_cidr;
ngx_http_access_rule_t *rule;
@@ -173,12 +174,19 @@
return NGX_CONF_OK;
}
- if (ngx_ptocidr(&value[1], &in_cidr) == NGX_ERROR) {
+ rc = ngx_ptocidr(&value[1], &in_cidr);
+
+ if (rc == NGX_ERROR) {
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "invalid parameter \"%V\"",
&value[1]);
return NGX_CONF_ERROR;
}
+ if (rc == NGX_DONE) {
+ ngx_conf_log_error(NGX_LOG_WARN, cf, 0,
+ "low address bits of %V are meaningless", &value[1]);
+ }
+
rule->mask = in_cidr.mask;
rule->addr = in_cidr.addr;
diff --git a/src/http/modules/ngx_http_geo_module.c b/src/http/modules/ngx_http_geo_module.c
index 9c43bd7..bb9085e 100644
--- a/src/http/modules/ngx_http_geo_module.c
+++ b/src/http/modules/ngx_http_geo_module.c
@@ -212,12 +212,20 @@
cidrin.mask = 0;
} else {
- if (ngx_ptocidr(&value[0], &cidrin) == NGX_ERROR) {
+ rc = ngx_ptocidr(&value[0], &cidrin);
+
+ if (rc == NGX_ERROR) {
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
"invalid parameter \"%V\"", &value[0]);
return NGX_CONF_ERROR;
}
+ if (rc == NGX_DONE) {
+ ngx_conf_log_error(NGX_LOG_WARN, cf, 0,
+ "low address bits of %V are meaningless",
+ &value[0]);
+ }
+
cidrin.addr = ntohl(cidrin.addr);
cidrin.mask = ntohl(cidrin.mask);
}
diff --git a/src/http/modules/ngx_http_realip_module.c b/src/http/modules/ngx_http_realip_module.c
index ffb2028..4de4c13 100644
--- a/src/http/modules/ngx_http_realip_module.c
+++ b/src/http/modules/ngx_http_realip_module.c
@@ -188,6 +188,7 @@
{
ngx_http_realip_loc_conf_t *rlcf = conf;
+ ngx_int_t rc;
ngx_str_t *value;
ngx_inet_cidr_t in_cidr;
ngx_http_realip_from_t *from;
@@ -215,12 +216,19 @@
return NGX_CONF_OK;
}
- if (ngx_ptocidr(&value[1], &in_cidr) == NGX_ERROR) {
+ rc = ngx_ptocidr(&value[1], &in_cidr);
+
+ if (rc == NGX_ERROR) {
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "invalid parameter \"%V\"",
&value[1]);
return NGX_CONF_ERROR;
}
+ if (rc == NGX_DONE) {
+ ngx_conf_log_error(NGX_LOG_WARN, cf, 0,
+ "low address bits of %V are meaningless", &value[1]);
+ }
+
from->mask = in_cidr.mask;
from->addr = in_cidr.addr;
