From: Gordon Fisher <gordfisherman@gmail.com>
Cc: "netfilter@vger.kernel.org" <netfilter@vger.kernel.org>
Subject: Re: Possibly dangerous interpretation of address/prefix pair in -s option
Date: Thu, 9 Jun 2022 07:21:37 -0700 [thread overview]
Message-ID: <62A201F1.9080401@gmail.com> (raw)
In-Reply-To: <010201812aced64c-cfcce59b-f83c-4892-b6eb-43b9b0a2fc64-000000@eu-west-1.amazonses.com>
On 6/3/2022 11:23 AM, Stefan Riha wrote:
> Hmm, but don't other programs do indeed interpret 10.0.0.2/24
> differently? For example systemd-networkd interprets 10.0.0.2/24 as a
> single Ip address in the subnet 10.0.0.0/24. Which makes a lot of
> sense to me, because why would one specify the .2 at the end, if one
> meant the subnet?
I would say that it depends on context; that is, what the parameter is
supposed to be. Is it meant to specify single address, a network, or either?
In the your systemd-networkd example, IIRC, that is supposed to be a
single IP address, and `10.0.0.2/24` is a short hand for entering
`10.0.0.2` and `255.255.255.0` for a network interface.
Another example that comes to mind where context matters, is the older
`route` command (that predates `ip route`), which has `-host` and `-net`
arguments for `route add` commands, that tell the program whether to
interpret the address part as a network based on the mask given, or as a
single host (where the mask can be omitted.)
`ip route` on the other hand just goes by the mask given similar to `-s`
and `-d` in `iptables`, where it really just does as it is told: check
this address according to the given mask. And like `iptables`, assumes
/32 if no mask is given.
--
gordonfish
prev parent reply other threads:[~2022-06-09 14:21 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <mail.629a20b0.7e37.7f80bf761b5d8a04@storage.wm.amazon.com>
2022-06-03 14:54 ` Possibly dangerous interpretation of address/prefix pair in -s option Stefan Riha
2022-06-03 15:21 ` Reindl Harald
2022-06-08 10:38 ` Chris Hall
2022-06-08 11:21 ` Florian Westphal
2022-06-09 17:52 ` Chris Hall
2022-06-09 18:38 ` Reindl Harald
2022-06-09 19:21 ` Joshua Moore
2022-06-09 19:23 ` Jozsef Kadlecsik
2022-06-08 11:34 ` matt
2022-06-08 11:37 ` Matt
2022-06-08 12:59 ` Reindl Harald
2022-06-08 13:30 ` Benny Lyne Amorsen
2022-06-03 17:30 ` Kamil Jońca
[not found] ` <010201812a366a81-2f2bc7f3-e142-4807-9742-bfa7b19dd468-000000@eu-west-1.amazonses.com>
[not found] ` <e2ba2738-2eff-3e97-a389-77abd17664dd@thelounge.net>
[not found] ` <mail.629a2dfb.57ab.496a0a414c9495b2@storage.wm.amazon.com>
[not found] ` <010201812a43a0d9-c4953858-f0e1-48db-a7a3-420d53a11cd7-000000@eu-west-1.amazonses.com>
[not found] ` <df64386a-5daf-6f97-3d37-b0c9b7c25537@thelounge.net>
[not found] ` <mail.629a3289.7fbb.1b2912350cfc7c1b@storage.wm.amazon.com>
[not found] ` <010201812a556c50-7856ee86-1a5a-4135-8acf-869a930d54c8-000000@eu-west-1.amazonses.com>
[not found] ` <768e4d99-0c50-01af-4434-20378c06a3cf@thelounge.net>
[not found] ` <mail.629a35d7.2a64.4a0b184f3a85fa1c@storage.wm.amazon.com>
[not found] ` <010201812a625427-9b51500d-3126-4b6f-95d0-d71702c349a7-000000@eu-west-1.amazonses.com>
[not found] ` <b6945516-3120-24f0-9990-294f1653c9a4@thelounge.net>
[not found] ` <mail.629a388a.7bba.0e9843742ea45568@storage.wm.amazon.com>
[not found] ` <010201812a6ce183-1a849304-791a-4874-9668-23f871060bac-000000@eu-west-1.amazonses.com>
[not found] ` <mail.629a3f4f.4e0b.2e3e82745c98ed1d@storage.wm.amazon.com>
[not found] ` <06924b12-8664-1e96-2a0b-d3711bbb67d7@thelounge.net>
2022-06-03 17:05 ` Stefan Riha
2022-06-03 17:28 ` Alex Buie
2022-06-03 17:30 ` Alex Buie
2022-06-03 18:23 ` Stefan Riha
2022-06-03 21:40 ` Jozsef Kadlecsik
2022-06-04 6:45 ` Stefan Riha
2022-06-04 11:34 ` Jozsef Kadlecsik
2022-06-04 12:32 ` Reindl Harald
2022-06-04 13:06 ` Jozsef Kadlecsik
2022-06-04 13:11 ` Reindl Harald
2022-06-04 14:07 ` Stefan Riha
2022-06-08 13:56 ` Jozsef Kadlecsik
2022-06-08 14:34 ` Stefan Riha
2022-06-09 20:28 ` Gordon Fisher
2022-06-03 23:37 ` Timothy Ham
2022-06-04 5:29 ` pigi
2022-06-09 14:21 ` Gordon Fisher [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=62A201F1.9080401@gmail.com \
--to=gordfisherman@gmail.com \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox