On 2/5/20 12:23 PM, Christian Göttsche wrote:
Hi, what is the correct way of specifying an ipv6 netmask in the nodecon statement? I am searching for a valid netmask for localhost (::1). 'fe80::/10' should be one, but since the syntax does not support any prefix-length, this is not compiling. Using 'fe80::' seems to work fine, but setools is complaining [1]. Or should I use the full netmask: 'ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff' ? [1]: https://github.com/SELinuxProject/setools/issues/40
I think the userspace uses inet_pton(3) to convert both the mask and the address strings to values, so it would have to be something accepted by inet_pton(3).
In theory one could alter the userspace scanners/parsers and code to also support the slash notation and use inet_net_pton(3) instead for the mask. Don't think that was available when we started or at least didn't know about it and it is a non-standard interface,
http://man7.org/linux/man-pages/man3/inet_net_pton.3.html
