fix for issue #332: The validation for an Ipv6PrefixAttribute incorre… #333
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Issue Ipv6PrefixAttribute validation failure
Summary
The validation for an Ipv6PrefixAttribute incorrectly rejects valid values. It works properly only when prefix sizes are multiple of 8.
For example,
2001:0:0:1650:0:0:0:0/60
will not be validated, although it is correct (the bits after the 60 are zero). Instead, and exception is thrown with the following message:Analysis
The issue is due to the fact that the number of non-zero bits of the IPv6 prefix are calculated using a
java.util.BitSet
, which is initialized by passing the 16 bytes of the IPv6 address withBitSet.valueOf()
. But the created bits are using a little-endian representation (https://docs.oracle.com/javase/8/docs/api/java/util/BitSet.html#valueOf-byte:A-), instead of a big-endian as required to do the comparation properly.For example, the prefix above is represented as shown below by BitSet
This has been produced using the following code snippet
Fix
The class
Ipv6PrefixAttribute.java
must be updated.Since probably you don't want to introduce external dependencies to libraries such as
https://seancfoley.github.io/IPAddress/
orhttps://mvnrepository.com/artifact/com.github.jgonian/commons-ip-math
, the checking can be done using pure java. The code is not trivial to read but only has two linesSince BitSet is not used, the building of the attributes must be slightly changed. I'd like better just to have all the bytes in the attribute sent, even if zero, so using...
...but this breaks the
BaseRadiusPacketTest.addAttribute()
test, because it is checking a string output that includes the expected length, and I'd rather minimize the proposed changes in this pull request.Testing
A new test is added for an IPv6 prefix with a prefix which is not a multipe of 8
This test will fail in the current implementation and will pass with the fix.