Edit report at http://bugs.php.net/bug.php?id=47435&edit=1
ID: 47435 Updated by: il...@php.net Reported by: valli at icsurselva dot ch Summary: FILTER_FLAG_NO_PRIV_RANGE and FILTER_FLAG_NO_RES_RANGE don't work with ipv6 -Status: Open +Status: Closed Type: Bug Package: Filter related Operating System: linux PHP Version: 5.*, 6CVS (2009-02-18) -Assigned To: +Assigned To: iliaa Block user comment: N Private report: N New Comment: This bug has been fixed in SVN. Snapshots of the sources are packaged every three hours; this change will be in the next snapshot. You can grab the snapshot at http://snaps.php.net/. Thank you for the report, and for helping us make PHP better. Previous Comments: ------------------------------------------------------------------------ [2010-12-12 20:54:23] il...@php.net Automatic comment from SVN on behalf of iliaa Revision: http://svn.php.net/viewvc/?view=revision&revision=306290 Log: Fixed bug #47435 (FILTER_FLAG_NO_RES_RANGE don't work with ipv6). ------------------------------------------------------------------------ [2010-04-07 21:14:15] zippy1981 at gmail dot com I implemented Valli's suggestion with two caveats: 1) I have to do the IPv4 mapping addresses. I will do that next. 2) FILTER_VALIDATE_IP does not handle subnets, only IPs. ------------------------------------------------------------------------ [2010-04-07 19:27:13] mikeg at bsd-box dot net Valli's comment seems to be the right solution: It correctly identifies & differentiates the RFC-listed private & reserved space. I would propose an additional "FILTER_FLAG_NO_SPECIAL_RANGE" that captures the union of the other sets as a convenient shortcut, but that's just laziness on my part. ------------------------------------------------------------------------ [2009-03-03 06:42:20] valli at icsurselva dot ch Yes, fc00::/7 is the one and only IPv6 private range. But there are also a lot of reserved ranges. FILTER_FLAG_NO_PRIV_RANGE (IP not from private ranges) fc00::/7 // unique-local addresses (rfc4193) FILTER_FLAG_NO_RES_RANGE (IP not from reserved ranges) ::/128 // unspecified address (rfc4291) ::1/128 // loopback address (rfc4291) fe80::/10 // link local unicast (rfc4291) 2001:db8::/32 // documentation addresses (rfc3849) 5f00::/8 // 6Bone 3ffe::/16 // 6Bone ::ffff:0:0/96 // IPv4-Mapped addresses (rfc4291) 2001:10::/28 // ORCHID addresses (rfc4843) ::/0 // default unicast route address FYI the following ranges are implemented for IPv4 in logical_filters.c FILTER_FLAG_NO_PRIV_RANGE (IP not from private ranges) 10.0.0.0/8 // private use network (rfc1918) 172.16.0.0/12 // private use network (rfc1918) 192.168.0.0/16 // private use network (rfc1918) FILTER_FLAG_NO_RES_RANGE (IP not from reserved ranges) 0.0.0.0/8 // "this" network (rfc1700) 169.254.0.0/16 // link local network (rfc3927) 192.0.2.0/24 // test net (rfc3330) 224.0.0.0/4 // Multicast (rfc3171) 240.0.0.0/4 // Reserved for Future Use (rfc1700) ------------------------------------------------------------------------ [2009-03-03 01:20:16] il...@php.net According to the RFC I saw, the indicated ranges are the only ones identified as private. ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/bug.php?id=47435 -- Edit this bug report at http://bugs.php.net/bug.php?id=47435&edit=1