Re: ACL format for LocalHosts
On Wed, 19 Dec 2012, Dan Mahoney, System Admin wrote:
> [li:ke::th:is], where the brackets are very commonly used (apache,
> postfix, etc).
You can open a feature request about this if you like.
> Opendkim didn't complain about them, nor did it match them. I also didn't
> find a reference as to what IP address formats/ranges/CIDRs are valid. Did I
> just miss it?
What happens is that all entries in the list are loaded as-is into memory,
and then a candidate IP address is compared to the list literally and then
with each possible CIDR expression that would match it. Membership in the
list means a match.
This doesn't cover all cases, because of course these:
192.168.1.0/24
192.168.1.255/24
...describe the same network since the host bits are ignored and the
network bits are the same. When searching the internal table, however,
opendkim would never even check for the latter.
For IPv6 we use inet_ntop() to generate the IPv6 version of the IP
address, and then tack on the CIDR part at the end, before doing the
query. The man page for that function on FreeBSD refers to RFC2373 which
appears to present preferred text representations, so I imagine it's
following one of those (probably the second form shown in Section 2.2 of
that document).
Let me know if you would like more detail.
-MSK
Received on Thu Dec 20 2012 - 19:39:48 PST
This archive was generated by hypermail 2.3.0
: Thu Dec 20 2012 - 19:45:01 PST