From owner-freebsd-stable@FreeBSD.ORG Tue Nov 26 00:39:55 2013 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id A242DA5F for ; Tue, 26 Nov 2013 00:39:55 +0000 (UTC) Received: from mx.pao1.isc.org (mx.pao1.isc.org [IPv6:2001:4f8:0:2::2b]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 82095257D for ; Tue, 26 Nov 2013 00:39:55 +0000 (UTC) Received: from mx.pao1.isc.org (localhost [127.0.0.1]) by mx.pao1.isc.org (Postfix) with ESMTP id F3D98C94DB; Tue, 26 Nov 2013 00:39:41 +0000 (UTC) (envelope-from marka@isc.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=isc.org; s=dkim2012; t=1385426395; bh=nS0liiWQP//UXhWJcAxupqtnXqgDR3JOxJdogH1w5zs=; h=To:Cc:From:References:Subject:In-reply-to:Date; b=DEdkcjC3/CUQ5OmdKbjoJeC90k4yCcCFRRwBBPxZJ3bftJbuNY5mEMW/km6W+DYvd iXogHObm4TKEh2OvDsa20tjc1LMXpl5o3ipopBTDAtXb4wyhHU/K+tgrG8SJtQC2e2 kFIRCNMzFaPgXoVfeemJ6P8N70VZF/zz8nl/XbCo= Received: from zmx1.isc.org (zmx1.isc.org [149.20.0.20]) by mx.pao1.isc.org (Postfix) with ESMTP; Tue, 26 Nov 2013 00:39:41 +0000 (UTC) (envelope-from marka@isc.org) Received: from zmx1.isc.org (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTP id 58E83160436; Tue, 26 Nov 2013 00:46:54 +0000 (UTC) Received: from rock.dv.isc.org (c211-30-183-50.carlnfd1.nsw.optusnet.com.au [211.30.183.50]) by zmx1.isc.org (Postfix) with ESMTPSA id EA71316042E; Tue, 26 Nov 2013 00:46:53 +0000 (UTC) Received: from rock.dv.isc.org (localhost [IPv6:::1]) by rock.dv.isc.org (Postfix) with ESMTP id 1ACD9AD41B4; Tue, 26 Nov 2013 11:39:41 +1100 (EST) To: Michael Butler From: Mark Andrews References: <52911993.8010108@ipfw.ru> <529259DE.2040701@FreeBSD.org> <20131125152238.S78756@sola.nimnet.asn.au> <1385391778.1220.4.camel@revolution.hippie.lan> <20131126001806.27951AD3DBF@rock.dv.isc.org> <5293EBD6.8010009@protected-networks.net> Subject: Re: ipfw table add problem In-reply-to: Your message of "Mon, 25 Nov 2013 19:31:18 -0500." <5293EBD6.8010009@protected-networks.net> Date: Tue, 26 Nov 2013 11:39:40 +1100 Message-Id: <20131126003941.1ACD9AD41B4@rock.dv.isc.org> X-DCC--Metrics: post.isc.org; whitelist X-Spam-Status: No, score=-2.3 required=5.0 tests=AWL, BAYES_00, RP_MATCHES_RCVD, SPF_PASS autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mx.pao1.isc.org Cc: freebsd-stable@freebsd.org X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Nov 2013 00:39:55 -0000 In message <5293EBD6.8010009@protected-networks.net>, Michael Butler writes: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 11/25/13 19:18, Mark Andrews wrote: > > > > In message <1385391778.1220.4.camel@revolution.hippie.lan>, Ian Lepore writes: > >> On Mon, 2013-11-25 at 15:30 +1100, Ian Smith wrote: > >>> On Sun, 24 Nov 2013 23:56:14 +0400, Alexander V. Chernikov wrote: > >>> > On 24.11.2013 19:43, =D6zkan KIRIK wrote: > >>> > > Hi, > >>> > > = > >> > >>> > > I tested patch. This patch solves, ipfw table 1 add 4899 > >>> > Ok. So I'll commit this fix soon. > >>> > > = > >> > >>> > > But, ipfw table 1 add 10.2.3.01 works incorrectly. > >>> > > output is below. > >>> > > # ./ipfw table 1 flush > >>> > > # ./ipfw table 1 add 10.2.3.01 > >>> > inet_pton() does not recognize this as valid IPv4 address, so it is > >>> > treated as usigned unteger key. It looks like this behavior is mention= > >> ed > >>> > in STANDARDS section. > >>> > > # ./ipfw table 1 list > >>> > > 0.0.0.10/32 0 > >>> = > >> > >>> I'm wondering if "so don't do that" is really sufficient to deal with = > >> > >>> this? If it's not recognised as a valid address, shouldn't it fail to = > >> > >>> add anything, with a complaint? I don't see how a string containing = > >> > >>> dots can be seen as a valid unsigned integer? > >> > >> It's still not clear to me that inet_pton() is doing the right thing. > >> Per the rfc cited earlier in the thread, it's not supposed to interpret > >> the digits as octal or hex -- they are specifically declared to be > >> decimal numbers. There's nothing invalid about "01" as a decimal > >> number. The fact that many of us have a C-programming background and > >> tend to think of leading-zero as implying octal doesn't change that. > > > > But it does result in unexpected results when there is code that > > does treat 070 as 56 not 70. Rejecting ambigious input is a good > > thing. Part of what inet_pton() was trying to do was to get rid > > of the ambiguity in address inputs by tightening up the specification. > > > > 10.2.3.70 is not ambigious > > 10.2.3.070 is ambigious > > > > When the "STANDARDS" section of the inet_pton() man page explicitly > defines the interpretation to be decimal, its rejection of a leading > zero or misinterpretation as octal defies that definition. It does not > say "decimal except when a leading zero is present". > > As long as the input string can be be properly interpreted as a decimal > number, it should be. > > Misinterpreting "10.2.3.01" as "0.0.0.10/32" without so much as a > warning from either inet_pton() or ipfw is an egregious breach of POLA, When inet_pton() implementations have been rejecting leading zero's since they were first written their can't be a POLA. There can be a difference but not a POLA. To make is now accept a leading zero would be a POLA as there is code that depends on leading zeros being rejected by it. > imb > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.15 (FreeBSD) > > iEYEARECAAYFAlKT69YACgkQQv9rrgRC1JKNKgCgj4WOaZ4neyDEdkbVyVDqoKbz > vf8AnRV3uv/LCzO+OjXiIGA6S8eGQqAm > =tjly > -----END PGP SIGNATURE----- > _______________________________________________ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org