Date: Thu, 14 Aug 2014 15:16:10 -0700 From: <dteske@FreeBSD.org> To: <freebsd-ipfw@freebsd.org>, "'Lee Dilkie'" <lee@dilkie.com>, "'Luigi Rizzo'" <rizzo@iet.unipi.it>, "'Alexander V. Chernikov'" <melifaro@yandex-team.ru> Cc: 'Devin Teske' <dteske@freebsd.org>, 'Julian Elischer' <julian@elischer.org> Subject: RE: Re: [CFT] new tables for ipfw Message-ID: <046e01cfb80d$5aada9d0$1008fd70$@FreeBSD.org> In-Reply-To: <53ED30BD.2020701@elischer.org> References: <53ECD576.8040801@digiware.nl> <53ED30BD.2020701@elischer.org>
next in thread | previous in thread | raw e-mail | index | archive | help
NB: Please CC me on replies, I'm off-list
> On 14-8-2014 14:46, Lee Dilkie wrote:
>>
>> On 8/14/2014 08:08, Willem Jan Withagen wrote:
>>> I've found the notation ipnr:something rather frustrating when using
>>> ipv6 addresses. Sort of like typing a ipv6 address in a browser, the
>>> last :xx is always interpreted as portnumber, UNLESS you wrap it in
[]'s.
>>> compare
>>> 2001:4cb8:3:1::1
>>> 2001:4cb8:3:1::1:80
>>> [2001:4cb8:3:1::1]:80
>>> The first and the last are the same host but a different port, the
>>> middle one is just a different host.
>>>
>>> Could/should we do the same in ipfw?
>>
>> the first and second forms are valid, but as ipv6 addresses *with no
port*,
>>
>> The third is an ipv6 address with a port.
>>
>> If the intent of the second form is an address and port, it will not be
>> parsed that way by standard parsers and violates the ivp6 addressing
rfc's.
>
> I agree, but ipfw does not understand [2001:4cb8:3:1::1] last time I
tried.
> So I think you rephrased what I meant to say.
Might want to have a look at IPv6 address validators.
Execute on FreeBSD 9.3 or 10.1:
bsdconfig includes -adF 'ip.*6' | less -R
Or on FreeBSD 9.2 or 10.0:
less '+/ip[^ ]*6' /usr/share/bsdconfig/media/tcpip.subr
less '+/ip[^ ]*6' /usr/share/bsdconfig/networking/ipaddr.subr
(output from 9.3 command pasted below)
dteske@scribe9.vicor.com ~ $ bsdconfig includes -dF 'ip.*6'
>>> Functions in media/tcpip.subr matching `ip.*6':
+ f_validate_ipaddr6 $ipv6_addr
Returns zero if the given argument (an IPv6 address) is of the proper
format.
The return status for invalid IP address is one of:
1 One or more individual segments within the IP address
(separated by colons) contains one or more invalid
characters.
Segments must contain only combinations of the characters
0-9,
A-F, or a-f.
2 Too many/incorrect null segments. A single null segment is
allowed within the IP address (separated by colons) but not
allowed at the beginning or end (unless a double-null
segment;
i.e., "::*" or "*::").
3 One or more individual segments within the IP address
(separated by colons) exceeds the length of 4 hex-digits.
4 The IP address entered has either too few (less than 3), too
many (more than 8), or not enough segments, separated by
colons.
5* The IPv4 address at the end of the IPv6 address is invalid.
* When there is an error with the dotted-quad IPv4 address at
the
end of the IPv6 address, the return value of 5 is OR'd with
a
bit-shifted (<< 4) return of f_validate_ipaddr.
>>> Functions in networking/ipaddr.subr matching `ip.*6':
+ f_dialog_ip6error $error $ipv6_addr
Display a msgbox with the appropriate error message for an error returned
by
the f_validate_ipaddr6 function above.
+ f_dialog_validate_ipaddr6 $ipv6_addr
Returns zero if the given argument (an IPv6 address) is of the proper
format.
If the IP address is determined to be invalid, the appropriate error will
be
displayed using the f_dialog_ip6error function above.
(end pasted output)
Yes, the code is shell. But you can trivially convert the logic into
something like C using nothing more than strchr, strlen, and
fnmatch.
--
Devin
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?046e01cfb80d$5aada9d0$1008fd70$>