Hi Maros, FV7: Ok, but KIP needs update.
FV8: Fine with me. Thanks On Tue, Apr 28, 2026 at 1:50 PM Maroš Orsák <[email protected]> wrote: > > Thanks Luke and Fede for the reviews. > > > Could we use the built-in java InetAddress class to have a safer check? > > True, that is a good point. Already addressed that in my PoC. Thanks. > > > FV7: Downgrades safety: Should we list the offending ACLs in the error > message? I think it would be better and more helpful than just an error > message. So +1. So users would see something like this: ``` > Cannot downgrade below IBP_4_4_IV0 while CIDR-based ACL host patterns > exist: [192.168.0.0/24, 2001:db8::/32, ... ]. Remove all CIDR ACLs first. > ``` > FV8: IPv4-mapped IPv6 address: Are we detecting this notation and > returning an error to the user? I don't currently handle that case. It is a > rare scenario IMO, and supporting it would add complexity to the code. > Maybe I can update the KIP so that admins/devs should use IPv4 CIDR > notation for IPv4 subnets and similarly for IPv6 rather than relying on > IPv4-mapped IPv6 host patterns in ACLs? > > Cheers, > > Maros
