On Sat, 4 Jun 2022, Stefan Riha wrote: > >> Read the manpage: "Address can > be either a network name, a network IP address (with /mask), or a plain IP > address". > > The manpage states that the input can be either of three: > > 1) a network name > 2) network IP address (with /mask) (i.e. 10.0.0.0/24 in the example) > 3) a plain IP address (i.e. 10.0.0.2 or equivalently 10.0.0.2/32 in the > example) > > and the input 10.0.0.2/24 is neither of those three (it's a contextually > inappropriate combination of 2 and 3). It therefore should be rejected, > but instead it is reinterpreted to be of type 2), i.e. a network IP > address (with /mask). What do you think? > > My point is, I think this re-interpretation dangerous. I think the > appropriate behaviour would be to error on incorrect/ambiguous input. > > >> The input is interpreted accordingly, therefore 10.0.0.2/24 is > equal to 10.0.0.0/24. > > But would you agree that if the input isn't of the 3 three types > explicitly allowed in the manpage, it should be rejected? The word > "either" in the manpage gives the impression that the three options are > mutually exclusive, and not a contextually inappropriate mixture. The second form is interpreted as a network IP address and mask. The input is normalized by default, so if the IP address is not the network IP address, that is automatically converted to it. You may say that it's not appropriate, dangerous, incorrect. But that is how the system works for decades. Nothing can be changed about it, because it could break configurations which rely on this behaviour. Best regards, Jozsef - E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlecsik.jozsef@xxxxxxxxx PGP key : https://wigner.hu/~kadlec/pgp_public_key.txt Address : Wigner Research Centre for Physics H-1525 Budapest 114, POB. 49, Hungary
