Date: Thu, 14 Aug 2014 11:53:06 -0400 From: Lee Dilkie <lee@dilkie.com> To: Willem Jan Withagen <wjw@digiware.nl>, Luigi Rizzo <rizzo@iet.unipi.it>, "Alexander V. Chernikov" <melifaro@yandex-team.ru> Cc: "freebsd-net@freebsd.org" <freebsd-net@freebsd.org>, Luigi Rizzo <luigi@freebsd.org>, freebsd-ipfw <freebsd-ipfw@freebsd.org>, "Andrey V. Elsukov" <ae@freebsd.org> Subject: Re: [CFT] new tables for ipfw Message-ID: <53ECDB62.5030708@dilkie.com> In-Reply-To: <53ECD576.8040801@digiware.nl> References: <53EBC687.9050503@yandex-team.ru> <CA%2BhQ2%2Bg=A_rLHCVpBqn0AtFLu_gNGtzbmXvc-7JhpLqPSWw44A@mail.gmail.com> <53EC880B.3020903@yandex-team.ru> <CA%2BhQ2%2BiPPhy47eN0=KaSYBaNMdObY20yko7dRY1MMuP_mfnmOQ@mail.gmail.com> <53EC960A.1030603@yandex-team.ru> <CA%2BhQ2%2BgxVYmXb%2BHOw4qUm6tykmEvBRkrV0RhZsnC6B08FLKvdA@mail.gmail.com> <53ECA6B2.8010003@digiware.nl> <53ECAFB9.50507@dilkie.com> <53ECD576.8040801@digiware.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
On 8/14/2014 11:27 AM, Willem Jan Withagen wrote: > On 14-8-2014 14:46, Lee Dilkie wrote: >> On 8/14/2014 08:08, Willem Jan Withagen wrote: >>> I've found the notation ipnr:something rather frustrating when using >>> ipv6 addresses. Sort of like typing a ipv6 address in a browser, the >>> last :xx is always interpreted as portnumber, UNLESS you wrap it in []'s. >>> compare >>> 2001:4cb8:3:1::1 >>> 2001:4cb8:3:1::1:80 >>> [2001:4cb8:3:1::1]:80 >>> The first and the last are the same host but a different port, the >>> middle one is just a different host. >>> >>> Could/should we do the same in ipfw? >> the first and second forms are valid, but as ipv6 addresses *with no port*, >> >> The third is an ipv6 address with a port. >> >> If the intent of the second form is an address and port, it will not be >> parsed that way by standard parsers and violates the ivp6 addressing rfc's. > I agree, but ipfw does not understand [2001:4cb8:3:1::1] last time I tried. > So I think you rephrased what I meant to say. > > Thanx, > --WjW > and re-reading your original post, yes you did state it correctly. ipfw needs to be fixed to understand the correct format of ipv6 addresses. however, this isn't the only offender. netstat's output is also incorrect (linux example) tcp 0 0 :::22 :::* LISTEN should be tcp 0 0 [::]:22 [::]:* LISTEN I don't understand why folks dream up incompatible, and unparsable, ipv6 address formats. Why bother with rfc's if no-one writes to them. (see rfc5952) -lee
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?53ECDB62.5030708>