On 6/3/2022 23:45 PM, Stefan Riha wrote:
Read the manpage: "Address can
be either a network name, a network IP address (with /mask), or a plain IP
address".
The manpage states that the input can be either of three:
1) a network name
2) network IP address (with /mask) (i.e. 10.0.0.0/24 in the example)
3) a plain IP address (i.e. 10.0.0.2 or equivalently 10.0.0.2/32 in the example)
and the input 10.0.0.2/24 is neither of those three (it's a contextually inappropriate combination of 2 and 3). It therefore should be rejected, but instead it is reinterpreted to be of type 2), i.e. a network IP address (with /mask). What do you think?
It can be argued that due to the specified mask, `/24` above, that the
`10.0.0` portion (that is, the first 24 bits) is what is relevant. It is
trivial to determine the actual network address from an IP address that
falls within it, given the mask. Therefore it is normalized to
`10.0.0.0`, by just bitwise ANDing the provided address with the
provided netmask, not unlike the example script I wrote below:
```
$ perl
my ($ip, $sm) = qw(10.0.0.2 255.255.255.0);
# Convert from dotted quad to a 4 byte representation.
for ($ip, $sm) { $_ = pack 'C4', split /\./, $_; }
# This is the important part: Bitwise AND the IP with the MASK.
my $net = $ip & $sm;
# Convert back to a dotted quad and print the resulting address.
print join '.', unpack 'C4', $net;
10.0.0.0
```
That is, by providing a mask, that mask is applied which is consistent
to any other working related utility that I can think of that expects
either just a network address with a mask, or with a plain IP without a
mask as an option (like `iptables` and `ip route` do.)
--
gordonfish
