bugzilla-daemon at netfilter.org
2013-Jul-09 01:45 UTC
[Bug 616] Duplicate rules for multi-homed hostnames. IPv4 and IPv6 inconsistent treatment.
https://bugzilla.netfilter.org/show_bug.cgi?id=616 --- Comment #5 from - <kd6lvw at yahoo.com> 2013-07-09 03:45:06 CEST --- Re: Comment #4. One doesn't know what the addresses are until they are retrieved from the DNS. The point is that the routines which generate the rules are NOT checking the values AFTER the CIDR netmask is applied to eliminate POST-MASK duplicate answers. The mask used comes from the rule, not the DNS. In the example I gave in the initial report, note that there are three distinct IPv4 addresses which are in separate /24's, but when the CIDR netmask of /22 (from the rule) is applied, all three of these differing addresses produce the same masked result. Thus the example produces the same rule THREE times even though there is only a single, unique result of the masking. The current implementation assumes that because there are three DNS results, three rules are needed. It fails to check for duplicate results AFTER applying the mask. Whether the current code checks for duplicate addresses before applying a netmask I have not checked, nor would such a check be necessary. It might be assumed from the DNS data that there are no duplicates for fully specified addresses (i.e. IPv4 /32 and IPv6 /128). However, it is improper to assume that there will be no post-mask duplicates. -- Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes.
Apparently Analagous Threads
- [Bug 616] New: Duplicate rules for multi-homed hostnames. IPv4 and IPv6 inconsistent treatment.
- [Bug 616] Duplicate rules for multi-homed hostnames. IPv4 and IPv6 inconsistent treatment.
- [Bug 616] Duplicate rules for multi-homed hostnames. IPv4 and IPv6 inconsistent treatment.
- [Bug 616] Duplicate rules for multi-homed hostnames. IPv4 and IPv6 inconsistent treatment.
- [Bug 616] Duplicate rules for multi-homed hostnames. IPv4 and IPv6 inconsistent treatment.