Date: Thu, 14 Aug 2014 17:58:47 +0200 From: Willem Jan Withagen <wjw@digiware.nl> To: Lee Dilkie <lee@dilkie.com>, Luigi Rizzo <rizzo@iet.unipi.it>, "Alexander V. Chernikov" <melifaro@yandex-team.ru> Cc: "freebsd-net@freebsd.org" <freebsd-net@freebsd.org>, Luigi Rizzo <luigi@freebsd.org>, freebsd-ipfw <freebsd-ipfw@freebsd.org>, "Andrey V. Elsukov" <ae@freebsd.org> Subject: Re: [CFT] new tables for ipfw Message-ID: <53ECDCB7.8090703@digiware.nl> In-Reply-To: <53ECDB62.5030708@dilkie.com> References: <53EBC687.9050503@yandex-team.ru> <CA%2BhQ2%2Bg=A_rLHCVpBqn0AtFLu_gNGtzbmXvc-7JhpLqPSWw44A@mail.gmail.com> <53EC880B.3020903@yandex-team.ru> <CA%2BhQ2%2BiPPhy47eN0=KaSYBaNMdObY20yko7dRY1MMuP_mfnmOQ@mail.gmail.com> <53EC960A.1030603@yandex-team.ru> <CA%2BhQ2%2BgxVYmXb%2BHOw4qUm6tykmEvBRkrV0RhZsnC6B08FLKvdA@mail.gmail.com> <53ECA6B2.8010003@digiware.nl> <53ECAFB9.50507@dilkie.com> <53ECD576.8040801@digiware.nl> <53ECDB62.5030708@dilkie.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 14-8-2014 17:53, Lee Dilkie wrote: > > On 8/14/2014 11:27 AM, Willem Jan Withagen wrote: >> On 14-8-2014 14:46, Lee Dilkie wrote: >>> On 8/14/2014 08:08, Willem Jan Withagen wrote: >>>> I've found the notation ipnr:something rather frustrating when using >>>> ipv6 addresses. Sort of like typing a ipv6 address in a browser, the >>>> last :xx is always interpreted as portnumber, UNLESS you wrap it in []'s. >>>> compare >>>> 2001:4cb8:3:1::1 >>>> 2001:4cb8:3:1::1:80 >>>> [2001:4cb8:3:1::1]:80 >>>> The first and the last are the same host but a different port, the >>>> middle one is just a different host. >>>> >>>> Could/should we do the same in ipfw? >>> the first and second forms are valid, but as ipv6 addresses *with no port*, >>> >>> The third is an ipv6 address with a port. >>> >>> If the intent of the second form is an address and port, it will not be >>> parsed that way by standard parsers and violates the ivp6 addressing rfc's. >> I agree, but ipfw does not understand [2001:4cb8:3:1::1] last time I tried. >> So I think you rephrased what I meant to say. >> >> Thanx, >> --WjW >> > > and re-reading your original post, yes you did state it correctly. > > ipfw needs to be fixed to understand the correct format of ipv6 addresses. > > however, this isn't the only offender. netstat's output is also > incorrect (linux example) > > > tcp 0 0 :::22 > :::* LISTEN > > should be > > tcp 0 0 [::]:22 > [::]:* LISTEN > > I don't understand why folks dream up incompatible, and unparsable, ipv6 > address formats. Why bother with rfc's if no-one writes to them. > > (see rfc5952) It think that that was the RFC I found when looking into getting the browser to do the right thing when I want it to go to: [2001:4cb8:3:1::1]:8080 Well the RFC would be an argument to at least spec an IPv6 address in a ipfw rule to be allowed either with or without []'s. And if you run into trouble by not using the []'s, they are "easily" added. --WjW
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?53ECDCB7.8090703>