All,
I was looking at some CIDR expressions for large network blocks recently
and I found that some of them are a little odd. Here is an example:
::FFFF:4.68.70.223/128
This is an IPv4 address embedded inside an IPv6 address, with a CIDR
/network mask tacked on the end. When asking RemoteIPFilter|Valve to
allow this address, it complains:
SEVERE: ::FFFF:4.68.70.223/128: The CIDR [128] is greater than the
address length [32]
I think this is because the NetMask class isn't sensitive to these kinds
of addresses. In the NetMask code, the 'cidr' (128, in bits) is compared
to the 'addrlen' (32, in bits) and an error is thrown because one
exceeds the other.
For IPv4-in-IPv6 addresses, I believe that the IP prefix is always
"::FFFF:" and that the network is actually 0:0:0:0:0FFFF:0:0/96
For IPv4-in-IPv6, I think we need to subtract 96 from the
cidr-length-in-bits which, in this case would end up being /32 instead
of /128 like the original string for the address.
Does that match up with everyone's expectations of what should happen in
these cases?
The next question is how to detect when these cases occur so we can
adjust the number of CIDR bits by subtracting 96. NetMask delegates most
of the real work over to InetAddress.getByName() and so I think we can
only look at the original string.
Does anyone have any ideas for how to do this cleanly?
-chris
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
