ipsec_rangetosubnet(3) convert address range to subnet


#include <freeswan.h>

const char *rangetosubnet(const ip_address * start, const ip_address * stop, ip_subnet * dst);



accepts two IP addresses which define an address range, from start to stop inclusive, and converts this to a subnet if possible. The addresses must both be IPv4 or both be IPv6, and the address family of the resulting subnet is the same.

Rangetosubnet returns NULL for success and a pointer to a string-literal error message for failure; see DIAGNOSTICS.


Fatal errors in rangetosubnet are: mixed address families; unknown address family; start and stop do not define a subnet.


Written for the FreeS/WAN project by Henry Spencer.


The restriction of error reports to literal strings (so that callers don't need to worry about freeing them or copying them) does limit the precision of error reporting.

The error-reporting convention lends itself to slightly obscure code, because many readers will not think of NULL as signifying success. A good way to make it clearer is to write something like:

const char *error;

error = rangetosubnet( /* ... */ );
if (error != NULL) {
        /* something went wrong */