[Swan-dev] address range starting with 0 ?
Andrew Cagney
andrew.cagney at gmail.com
Mon Mar 22 14:58:39 UTC 2021
On Mon, 22 Mar 2021 at 10:07, Paul Wouters <paul at nohats.ca> wrote:
>
>
>
> commit 6cb075ac1f1b563c629011fa9e961ca22a9c7ab1
> Author: Andrew Cagney <cagney at gnu.org>
> Date: Sun Mar 21 21:18:55 2021 -0400
>
> xauth: cleanup passing password file's <addresspool>
>
> - drop the ttorange(<address>-<address>) hack since ttorange()
> parses <address>
> - explicitly reject an empty range, and range starting at zero
(we're talking about the IKEv1 XAUTH password file, ranges, and the
addresspool, not subnets and clients).
The commit goes hand-in-hand with:
commit 024c567c64189ca7a53724be83736af3a0c3a0ac (HEAD -> main,
origin/main, origin/HEAD)
Author: Andrew Cagney <cagney at gnu.org>
Date: Sun Mar 21 20:48:31 2021 -0400
ip: in ttorange() allow :: as the start address
Technically it is valid. Let caller decide if it is reasonable.
More consistent - ::/0 is accepted by ranges, subnets, and selectors.
So as a pair they just moved the deck chair:
+ if (non_zero){
+ uint32_t addr = ntohl(addr_start_tmp.u.v4.sin_addr.s_addr);
+ if (addr == 0)
+ return "'0.0.0.0' not allowed as start";
+ }
in ttorange() to its callers - xauth / addresspool server code. It
code snippet be traced back to:
commit 709100e6ebba15f9bdc8cc6f2532ebc4248a878e
Author: Antony Antony <antony at phenome.org>
Date: Mon Apr 21 18:00:18 2014 +0200
addresspool: code review and improvements by DHR
I suspect this was to stop the addresspool handing out the zero
address, i.e., :: or 0.0.0.0?
(if the address pool range ::-:: aka ::/128 was allowed I'm really not
sure what would happen)
> What is wrong with address ranges starting at 0? Did you mean 0.0.0.0/0 ?
> Because I'm using a /28 that starts at the .0 and it works fine and we
> should not block the zero address from being used as a valid address.
As the code stands, the server would need to be configured with
0.0.0.1-0.0.0.15?
More information about the Swan-dev
mailing list