[Swan-dev] addresspool and handing out network/broadcast addresses
D. Hugh Redelmeier
hugh at mimosa.com
Fri May 2 21:30:31 EEST 2014
| From: Paul Wouters <paul at nohats.ca>
| One of the test cases showed an issue with binding a received address
| from the addresspool by an XAUTH client. It turned out it was 192.0.2.0.
|
| I would suggest that if an addresspool is defined that includes
| a.b.c.0/32 that we actually skip that address and not hand it out.
|
| And do the same with a.b.c.255/32
Are you saying we don't live in a classless world?
This is embarassing.
Do we have a way of knowing the whole local subnet? If so, we might
ban the top and bottom addresses of it (not the top and bottom of the
addressrange).
Or if we know the gateway (us), we might ban that.
But banning ought to be: refuse the addresspool, not silently trim it.
Don't work around idiots, educate them (convert them from being
idiots).
More information about the Swan-dev
mailing list