[Swan-dev] addresspool and handing out network/broadcast addresses

Lennart Sorensen lsorense at csclub.uwaterloo.ca
Mon May 5 01:00:55 EEST 2014


On Sun, May 04, 2014 at 03:54:55PM -0400, Paul Wouters wrote:
> I'm suggesting to block *.*.*.0 and *.*.*.255 irrespective of netmask.
> This of course only prevents network/broadcast addresses for the "class
> A, B and C" networks. Perhaps we can assume people using differently
> sized pool know enough about network/broadcast address to exclude these.

If the netmask is /20, then you clearly should NOT block *.*.*.0, only
the first address in the range.

Better to assume people DO know what they are doing than to screw things
up for those that actually do know what they are doing with no way for
them to fix it.

> Although we could attempt to convert the range to CIDR and find out if
> we understand the broadcast/network address, we might not be able to
> know if they specify a random section, eg 192.0.2.14-192.0.2.139.
> 
> If we do allow CIDR, we should again blacklist the first+last address of
> the pool to avoid problems.

That ought to work.

-- 
Len Sorensen


More information about the Swan-dev mailing list