9front - general discussion about 9front
 help / color / mirror / Atom feed
From: Romano <me+unobe@fallglow.com>
To: 9front@9front.org
Subject: Re: [9front] WANTED: ip based filtering of incoming connections
Date: Thu, 25 Jul 2024 21:13:48 -0700	[thread overview]
Message-ID: <09644C448327565BAC79E20C688A042D@smtp.pobox.com> (raw)
In-Reply-To: <F3A6E4F4975C50BD162329EAF8EA0682@gaff.inri.net>

On Thu Jul 25 21:04:30 -0700 2024, sl@stanleylieber.com wrote:
> >> apologies for the noise, but i've just verified the following doesn't actually work:
> >> …
> >> 	aux/dial 'ipmux!vers=4;src=47.128.0.0&255.252.0.0|52.230.152.0&255.255.255.0|64.249.68.0&255.255.255.0|64.249.79.0&255.255.255.0|64.249.83.0&255.255.255.0|85.208.96.0&255.255.255.0|156.59.198.0&255.255.255.0' >/dev/null
> > 
> >  From ip(3), it describes the parameter for ipmux should be ver,
> > not vers. Might it be as simple as that?
> 
> seems to have just ignored the invalid argument vers. it did work (even with the
> invalid argument) when i only specified one ip address to block.

The man page ip(3) shows the possible values for src to be:

	 Expr is of the	form:

	      value

	      value|value|...

	      value&mask

	      value|value&mask

	 If a mask is given, the relevant field	is first ANDed with
	 the mask.  The	result is compared against the value or	list
	 of values for a match.

 From the code in /sys/src/9/ip/ipmux.c (lines 214 ff.), it looks
to only use the mask at the very end of a list of values, which
aligns with the docs: the mask can't be interleaved with a value.
So, it processes '&' for the entirety of the 'src' field, and then the
individual ip addresses (without a mask) separated by '|'. So
perhaps change the 'src=' to use 255.255.255.0 and see if that helps?

  reply	other threads:[~2024-07-26  4:15 UTC|newest]

Thread overview: 27+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-07-25 21:56 Stanley Lieber
2024-07-25 22:08 ` B. Atticus Grobe
2024-07-26  0:34   ` Stanley Lieber
2024-07-26  0:47     ` Jacob Moody
2024-07-26  1:55       ` sl
2024-07-26  1:58         ` Jacob Moody
2024-07-26  2:00           ` sl
2024-07-26  3:36           ` sl
2024-07-26  3:43             ` Jacob Moody
2024-07-26  3:47               ` sl
2024-07-26  3:57                 ` Jacob Moody
2024-07-26  3:57                 ` sl
2024-07-26  4:17                   ` Jacob Moody
2024-07-26  3:54             ` Romano
2024-07-26  4:02               ` sl
2024-07-26  4:13                 ` Romano [this message]
2024-07-26  4:20                   ` Romano
2024-07-26  4:44                     ` Stanley Lieber
2024-07-26  5:14                       ` Romano
2024-07-26 23:15                         ` Jacob Moody
2024-07-26 23:47                           ` sl
2024-07-27  0:20                             ` sl
2024-07-27  0:34                               ` Jacob Moody
2024-07-27  0:49                                 ` sl
2024-07-27  1:18                                   ` sl
2024-07-25 22:10 ` Jacob Moody
2024-07-25 22:33 ` Steve Simon

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=09644C448327565BAC79E20C688A042D@smtp.pobox.com \
    --to=me+unobe@fallglow.com \
    --cc=9front@9front.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).