Edit report at http://bugs.php.net/bug.php?id=47435&edit=1
ID: 47435
Comment by: mikeg at bsd-box dot net
Reported by: valli at icsurselva dot ch
Summary: FILTER_FLAG_NO_PRIV_RANGE and FILTER_FLAG_NO_RES_RANGE
don't work with ipv6
Status: Open
Type: Bug
Package: Filter related
Operating System: linux
PHP Version: 5.*, 6CVS (2009-02-18)
New Comment:
Valli's comment seems to be the right solution: It correctly identifies
& differentiates the RFC-listed private & reserved space.
I would propose an additional "FILTER_FLAG_NO_SPECIAL_RANGE" that
captures the union of the other sets as a convenient shortcut,
but that's just laziness on my part.
Previous Comments:
------------------------------------------------------------------------
[2009-03-03 06:42:20] valli at icsurselva dot ch
Yes, fc00::/7 is the one and only IPv6 private range.
But there are also a lot of reserved ranges.
FILTER_FLAG_NO_PRIV_RANGE (IP not from private ranges)
fc00::/7 // unique-local addresses (rfc4193)
FILTER_FLAG_NO_RES_RANGE (IP not from reserved ranges)
::/128 // unspecified address (rfc4291)
::1/128 // loopback address (rfc4291)
fe80::/10 // link local unicast (rfc4291)
2001:db8::/32 // documentation addresses (rfc3849)
5f00::/8 // 6Bone
3ffe::/16 // 6Bone
::ffff:0:0/96 // IPv4-Mapped addresses (rfc4291)
2001:10::/28 // ORCHID addresses (rfc4843)
::/0 // default unicast route address
FYI the following ranges are implemented for IPv4 in logical_filters.c
FILTER_FLAG_NO_PRIV_RANGE (IP not from private ranges)
10.0.0.0/8 // private use network (rfc1918)
172.16.0.0/12 // private use network (rfc1918)
192.168.0.0/16 // private use network (rfc1918)
FILTER_FLAG_NO_RES_RANGE (IP not from reserved ranges)
0.0.0.0/8 // "this" network (rfc1700)
169.254.0.0/16 // link local network (rfc3927)
192.0.2.0/24 // test net (rfc3330)
224.0.0.0/4 // Multicast (rfc3171)
240.0.0.0/4 // Reserved for Future Use (rfc1700)
------------------------------------------------------------------------
[2009-03-03 01:20:16] il...@php.net
According to the RFC I saw, the indicated ranges are the only ones
identified as private.
------------------------------------------------------------------------
[2009-02-26 11:17:20] valli at icsurselva dot ch
Sorry,
I've checked the wrong file when I wrote the last comment.
Now I've seen your fixes. But there are a lot more
ranges to check (not only fc00::/7)
At least the following IPv6 ranges should match when
FILTER_FLAG_NO_RES_RANGE is set (rfc5156):
::/128 // unspecified address (rfc4291)
fe80::/10 // link local unicast (rfc4291)
2001:db8::/32 // documentation addresses (rfc3849)
5f00::/8 // 6Bone
3ffe::/16 // 6Bone
------------------------------------------------------------------------
[2009-02-24 07:55:51] valli at icsurselva dot ch
Can't find any code in the snapshots
regarding this issue.
Will this be fixed in php-5.3?
------------------------------------------------------------------------
[2009-02-23 16:52:50] il...@php.net
This bug has been fixed in CVS.
Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
Thank you for the report, and for helping us make PHP better.
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/bug.php?id=47435
--
Edit this bug report at http://bugs.php.net/bug.php?id=47435&edit=1
