Re: Bug with PF IPv6 subnet calculation, or my brain?
On Feb 1, 2011, at 11:00 PM, Paul de Weerd wrote: > On Tue, Feb 01, 2011 at 10:51:00PM -0800, Brian Keefer wrote: > | 4.9 GENERIC#626 i386 > | > | I write a rule that says this: > | pass in on $ext_if inet6 proto ipv6-icmp from any to 2620:0100:900f:c9::/56 > | > | and pfctl shows this: > | pass in on em2 inet6 proto ipv6-icmp from any to 2620:100:900f::/56 keep > | state > | > | Maybe I'm crazy, but it seems 2620:100:900f:: would be /48 (assuming > | everything to the right is dynamic, no assumed zeros), and my original rule > | seems to have 56 bits to the left, unless I'm bad at counting, which is > | entirely possible. > | > | Is this a bug? > > No, you're bad at counting. "c9" is an 8 bit value, represented as a > 16-bit value you'd get "00c9". So the IPv6 network you're really using > is 2620:0100:900f:00c9::::/56 .. which is the same as > 2620:0100:900f:00__::::/56 (with random hexadecimal > numbers in the place of all those _'s). > > Either you meant 2620:0100:900f:c900::/56 or you really want to use > 2620:0100:900f:c9::/64. > > Paul 'WEiRD' de Weerd > > -- >> [<++>-]<+++.>+++[<-->-]<.>+++[<+ > +++>-]<.>++[<>-]<+.--.[-] > http://www.weirdnet.nl/ I looked the first two sentences and got it. Sigh. Thanks for the fast response. -- bk
Re: Bug with PF IPv6 subnet calculation, or my brain?
On Tue, Feb 01, 2011 at 10:51:00PM -0800, Brian Keefer wrote: | 4.9 GENERIC#626 i386 | | I write a rule that says this: | pass in on $ext_if inet6 proto ipv6-icmp from any to 2620:0100:900f:c9::/56 | | and pfctl shows this: | pass in on em2 inet6 proto ipv6-icmp from any to 2620:100:900f::/56 keep | state | | Maybe I'm crazy, but it seems 2620:100:900f:: would be /48 (assuming | everything to the right is dynamic, no assumed zeros), and my original rule | seems to have 56 bits to the left, unless I'm bad at counting, which is | entirely possible. | | Is this a bug? No, you're bad at counting. "c9" is an 8 bit value, represented as a 16-bit value you'd get "00c9". So the IPv6 network you're really using is 2620:0100:900f:00c9::::/56 .. which is the same as 2620:0100:900f:00__::::/56 (with random hexadecimal numbers in the place of all those _'s). Either you meant 2620:0100:900f:c900::/56 or you really want to use 2620:0100:900f:c9::/64. Paul 'WEiRD' de Weerd -- >[<++>-]<+++.>+++[<-->-]<.>+++[<+ +++>-]<.>++[<>-]<+.--.[-] http://www.weirdnet.nl/
Bug with PF IPv6 subnet calculation, or my brain?
4.9 GENERIC#626 i386 I write a rule that says this: pass in on $ext_if inet6 proto ipv6-icmp from any to 2620:0100:900f:c9::/56 and pfctl shows this: pass in on em2 inet6 proto ipv6-icmp from any to 2620:100:900f::/56 keep state Maybe I'm crazy, but it seems 2620:100:900f:: would be /48 (assuming everything to the right is dynamic, no assumed zeros), and my original rule seems to have 56 bits to the left, unless I'm bad at counting, which is entirely possible. Is this a bug? -- bk
