From cdb5ba536290f33ab72aa69f417636fb370d4704 Mon Sep 17 00:00:00 2001 From: Nils Goroll Date: Sat, 17 Sep 2022 15:05:43 +0200 Subject: [PATCH] SQUASHME: Fix acl merging for masks which are multiples of 8 Spotted by phk. --- bin/varnishtest/tests/c00005.vtc | 21 +++++++++++++++++++++ lib/libvcc/vcc_acl.c | 2 ++ 2 files changed, 23 insertions(+) diff --git a/bin/varnishtest/tests/c00005.vtc b/bin/varnishtest/tests/c00005.vtc index 04679cfccd0..1ce69e0d1c1 100644 --- a/bin/varnishtest/tests/c00005.vtc +++ b/bin/varnishtest/tests/c00005.vtc @@ -190,6 +190,16 @@ varnish v1 -vcl { # left,right adjacent "2.3.4.0"/23; "2.3.6.0"/23; + + # phks test case + "10.0.0.0"/23; + "10.0.2.0"/23; + + "10.1.0.0"/24; + "10.1.1.0"/24; + + "10.2.0.0"/25; + "10.2.0.128"/25; } sub vcl_recv { @@ -220,6 +230,10 @@ varnish v1 -vcl { set req.http.ip = "2.2.255.255";call t; set req.http.ip = "2.3.8.0"; call t; + + set req.http.ip = "10.0.3.255"; call t; + set req.http.ip = "10.1.1.255"; call t; + set req.http.ip = "10.2.0.255"; call t; } } @@ -259,6 +273,13 @@ logexpect l1 -v v1 -g raw { expect 0 = VCL_acl {^\QNO_MATCH acl1\E$} expect 1 = ReqHeader {^\Qip: 2.3.8.0\E$} expect 0 = VCL_acl {^\QNO_MATCH acl1\E$} + + expect 1 = ReqHeader {^\Qip: 10.0.3.255\E$} + expect 0 = VCL_acl {^\QMATCH acl1 "10.0.0.0"/22 fixed: merged\E} + expect 1 = ReqHeader {^\Qip: 10.1.1.255\E$} + expect 0 = VCL_acl {^\QMATCH acl1 "10.1.0.0"/23 fixed: merged\E} + expect 1 = ReqHeader {^\Qip: 10.2.0.255\E$} + expect 0 = VCL_acl {^\QMATCH acl1 "10.2.0.0"/24 fixed: merged\E} } -start client c1 { diff --git a/lib/libvcc/vcc_acl.c b/lib/libvcc/vcc_acl.c index 4a2242753d4..862f7c96ea0 100644 --- a/lib/libvcc/vcc_acl.c +++ b/lib/libvcc/vcc_acl.c @@ -131,6 +131,8 @@ vcl_acl_cmp(const struct acl_e *ae1, const struct acl_e *ae2) p2 = ae2->data; m = vmin_t(unsigned, ae1->mask, ae2->mask); for (; m >= 8; m -= 8) { + if (m == 8 && ae1->mask == ae2->mask) + CMPA(*p1, *p2); CMP(ACL_GT, *p1, *p2); p1++; p2++;