(#10274) Nullify addresses with zero prefixlen #80
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Document the current behaviour of Util::Firewall.host_to_ip before it is modified to handle addresses with zero prefix lengths.
Modify the behaviour of Util::Firewall.host_to_ip, as used by the type to parse source and destination addresses, to return nil if the resulting CIDR represented address has a prefix length of zero. Includes type and provider tests for IPv4 and IPv6. IPtables silently omits rules with source and destination addresses that have a prefix length of zero (eg. 0.0.0.0/0) because they are functionally equivialent to not specifying any address. This was causing rules to be unecessarily reloaded. The behaviour of Util::IPcidr remains the same. Now includes some additional tests for it's identification of zero prefixlen IPv4 and IPv6 addresses.
kbarber
added a commit
that referenced
this pull request
May 28, 2012
(#10274) Nullify addresses with zero prefixlen
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Modify the behaviour of Util::Firewall.host_to_ip, as used by the type to
parse source and destination addresses, to return nil if the resulting CIDR
represented address has a prefix length of zero. Includes type and provider
tests for IPv4 and IPv6.
IPtables silently omits rules with source and destination addresses that
have a prefix length of zero (eg. 0.0.0.0/0) because they are functionally
equivialent to not specifying any address. This was causing rules to be
unecessarily reloaded.
The behaviour of Util::IPcidr remains the same. Now includes some additional
tests for it's identification of zero prefixlen IPv4 and IPv6 addresses.
This is a rework of @nanliu's private branch which we didn't have a PR for. I've moved the logic up from the type to
Firewall.host_to_ipso that:IPCidr.cidrto properly identify the prefixlen.