Re: Proposal to apply mask to IP address set on rule

[Mouse <mouse%Rodents-Montreal.ORG@localhost>]

> My main question is, I got informations on the internet that it is
> also not wrong to write 192.168.64.7/24 to refer to a sub network.

And I got information on the Internet that Paul McCartney is dead, that
binary 11111111 is decimal 256, I think it is (yes, really - the same
document also says it's 255, IIRC, and makes numerous other fascinating
claims), that humans never made it to the Moon, and other interesting
but dubious claims.

192.168.64.7/24 *is* perfectly valid - in some contexts.  In NetBSD,
one of the most obvious is as an interface address.

But you said "to refer to a sub network".  Whether it's valid as a
description of a netblock, that depends on the definition of the
description language in question.  For filtering, well, as we've seen,
some reject it and some accept it, and the ones that accept it don't
all treat it identically.

I would say that silently accepting it but never matching because
filtervalue!=packetvalue&mask is broken; that is not useful behaviour.
I'd say it either should accept it and silently apply the mask, accept
it and apply the mask with a warning, or reject it.  Depending on the
details, I could argue for any of those three.

/~\ The ASCII				  Mouse
\ / Ribbon Campaign
 X  Against HTML		mouse%rodents-montreal.org@localhost
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B