RFC: Partial IP4 syntax

Henrik Nordstrom hno at marasystems.com
Wed Sep 29 19:05:15 CEST 2004


On Wed, 29 Sep 2004, Simon Lodal wrote:

> 1) iptables input: iptables' support for full 32bit format addresses is both 
> lacking and undocumented and could disappear without notice. So if any 
> programs use it they should rather be fixed.

I repead once again, introducing a new notation looking the same as an 
older well established (even if depreated) notation but with a different 
meaning is a terribly bad idea.

> iptables -L is for human eyes while iptables-save is for machine parsing. So 
> what if we make iptables -L print in any format it likes (not intended for 
> machine parsing anyway), but have iptables-save always print addresses in 
> full dotted quad?

Having iptables -L output anything else than quad dotted format is an even 
worse idea. Why outputting any other notation than the official standard?

> The question is how to interpret a single number. Implicitly append or 
> prepend a dot? Or interpret as full 32bit notation? Or ignore it?

Depends on if it is a CIDR number or not.

The following syntaxes I see as acceptable


quad dotted IP, hex or dec

N dotted IP (less than quad), hex or dec notation

CIDR notation
   N octets (up to four) / masksize. Only decimal.

   10/8 == 10.0.0.0/8

Mask notation

   quad or N dotted IP / netmask in quad or N dotted IP form. hex or dec.

To differentiate between CIDR and Mask notation when the mask is specified 
using a single number use the <=32 magics.


I do not find 10. as suitable shorthand for 10.0.0.0/8 even if this form 
is currently not in use in any of the established notations. The problem 
with 10. is that this could just as well be a partially typed IP address 
where the administrator meant to enter more information but forgot. These 
things happens more often than one would think.

Regards
Henrik



More information about the netfilter-devel mailing list