Merge pull request #278 from ldx/issue260_fix

jllorente · web-flow · commit 3ebd22b1618e · 2019-06-03T21:30:54.000+02:00
Apply subnet mask to IP address - issue260
diff --git a/iptc/ip4tc.py b/iptc/ip4tc.py
@@ -1064,9 +1064,6 @@ def set_src(self, src):
             saddr = _a_to_i(socket.inet_pton(socket.AF_INET, addr))
         except socket.error:
             raise ValueError("invalid address %s" % (addr))
-        ina = in_addr()
-        ina.s_addr = ct.c_uint32(saddr)
-        self.entry.ip.src = ina
 
         if not netm.isdigit():
             try:
@@ -1080,8 +1077,11 @@ def set_src(self, src):
             nmask = socket.htonl((2 ** imask - 1) << (32 - imask))
         neta = in_addr()
         neta.s_addr = ct.c_uint32(nmask)
-
         self.entry.ip.smsk = neta
+        # Apply subnet mask to IP address
+        ina = in_addr()
+        ina.s_addr = ct.c_uint32(saddr & nmask)
+        self.entry.ip.src = ina
 
     src = property(get_src, set_src)
     """This is the source network address with an optional network mask in
@@ -1125,9 +1125,6 @@ def set_dst(self, dst):
             daddr = _a_to_i(socket.inet_pton(socket.AF_INET, addr))
         except socket.error:
             raise ValueError("invalid address %s" % (addr))
-        ina = in_addr()
-        ina.s_addr = ct.c_uint32(daddr)
-        self.entry.ip.dst = ina
 
         if not netm.isdigit():
             try:
@@ -1142,6 +1139,10 @@ def set_dst(self, dst):
         neta = in_addr()
         neta.s_addr = ct.c_uint32(nmask)
         self.entry.ip.dmsk = neta
+        # Apply subnet mask to IP address
+        ina = in_addr()
+        ina.s_addr = ct.c_uint32(daddr & nmask)
+        self.entry.ip.dst = ina
 
     dst = property(get_dst, set_dst)
     """This is the destination network address with an optional network mask
diff --git a/tests/test_iptc.py b/tests/test_iptc.py
@@ -620,13 +620,13 @@ def tearDown(self):
     def test_rule_address(self):
         # valid addresses
         rule = iptc.Rule()
-        for addr in [("127.0.0.1/255.255.255.0", "127.0.0.1/255.255.255.0"),
-                     ("!127.0.0.1/255.255.255.0", "!127.0.0.1/255.255.255.0"),
-                     ("127.0.0.1/255.255.128.0", "127.0.0.1/255.255.128.0"),
-                     ("127.0.0.1/16", "127.0.0.1/255.255.0.0"),
-                     ("127.0.0.1/24", "127.0.0.1/255.255.255.0"),
-                     ("127.0.0.1/17", "127.0.0.1/255.255.128.0"),
-                     ("!127.0.0.1/17", "!127.0.0.1/255.255.128.0")]:
+        for addr in [("127.0.0.1/255.255.255.0", "127.0.0.0/255.255.255.0"),
+                     ("!127.0.0.1/255.255.255.0", "!127.0.0.0/255.255.255.0"),
+                     ("127.0.0.1/255.255.128.0", "127.0.0.0/255.255.128.0"),
+                     ("127.0.0.1/16", "127.0.0.0/255.255.0.0"),
+                     ("127.0.0.1/24", "127.0.0.0/255.255.255.0"),
+                     ("127.0.0.1/17", "127.0.0.0/255.255.128.0"),
+                     ("!127.0.0.1/17", "!127.0.0.0/255.255.128.0")]:
             rule.src = addr[0]
             self.assertEquals(rule.src, addr[1])
             rule.dst = addr[0]
