Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

net/netip: Prefix, the range of bits for 4in6 addresses must be restricted to [96,128] #53153

Open
gaissmai opened this issue May 30, 2022 · 4 comments
Labels
NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.

Comments

@gaissmai
Copy link

@gaissmai gaissmai commented May 30, 2022

What version of Go are you using (go version)?

$ go version
go version go1.18.2 linux/amd64

Does this issue reproduce with the latest release?

yes, I use the latst stable release

What operating system and processor architecture are you using (go env)?

go env Output
$ go env
GO111MODULE=""
GOARCH="amd64"
GOBIN=""
GOCACHE="/home/gaissmai/.cache/go-build"
GOENV="/home/gaissmai/.config/go/env"
GOEXE=""
GOEXPERIMENT=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOINSECURE=""
GOMODCACHE="/home/gaissmai/go/pkg/mod"
GONOPROXY=""
GONOSUMDB=""
GOOS="linux"
GOPATH="/home/gaissmai/go"
GOPRIVATE=""
GOPROXY="https://proxy.golang.org,direct"
GOROOT="/snap/go/9760"
GOSUMDB="sum.golang.org"
GOTMPDIR=""
GOTOOLDIR="/snap/go/9760/pkg/tool/linux_amd64"
GOVCS=""
GOVERSION="go1.18.2"
GCCGO="gccgo"
GOAMD64="v1"
AR="ar"
CC="gcc"
CXX="g++"
CGO_ENABLED="1"
GOMOD="/home/gaissmai/project/tests/go.mod"
GOWORK=""
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build1518686161=/tmp/go-build -gno-record-gcc-switches"
GOROOT/bin/go version: go version go1.18.2 linux/amd64
GOROOT/bin/go tool compile -V: compile version go1.18.2
uname -sr: Linux 5.13.0-44-generic
Distributor ID:	Ubuntu
Description:	Ubuntu 21.10
Release:	21.10
Codename:	impish
gdb --version: GNU gdb (Ubuntu 11.1-0ubuntu2) 11.1

What did you do?

https://go.dev/play/p/2KQHE36RXEa

The type changes after applying Prefix.Masked() from 4in6 to 6, but Masked() should only mask the hostbits and not producing nonsense.

What did you expect to see?

You should change the limitations for type netip.Prefix to:
// Prefix is an IP address prefix (CIDR) representing an IP network.
//
// The first Bits() of Addr() are specified. The remaining bits match any address.
// The range of Bits() is [0,32] for IPv4 or [0,128] for IPv6.

to

// Prefix is an IP address prefix (CIDR) representing an IP network.
//
// The first Bits() of Addr() are specified. The remaining bits match any address.
// The range of Bits() is [0,32] for IPv4 or [0,128] for IPv6 and [96,128] for IP4In6

and netip.ParsePrefix should return an error

What did you see instead?

after applying netip.Prefix.Masked() the type of the IP address changed from IP4In6 to IP6 and the result is nonsense, because more than the hostbits are masked.

prefix: ::ffff:10.5.6.7/88, addr: ::ffff:10.5.6.7, is4in6: true
masked: ::ff00:0:0/88, addr: ::ff00:0:0, is4in6: false

@seankhliao seankhliao changed the title net/netip.Prefix, the range of bits for 4in6 addresses must be restricted to [96,128] net/netip: Prefix, the range of bits for 4in6 addresses must be restricted to [96,128] May 30, 2022
@seankhliao seankhliao added the NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. label May 30, 2022
@seankhliao
Copy link
Member

@seankhliao seankhliao commented May 30, 2022

It looks to me that the current behavior is correct: 4in6 is a property of the specific address, while the mask is for the entire ipv6 range, which may include/overlap with 4in6 space.

cc @bradfitz @josharian

@gaissmai
Copy link
Author

@gaissmai gaissmai commented May 30, 2022

Hi, thanks for the reply, and BTW, thank you very much for golang!

I don't think this is correct, after applying Masked() on a prefix it should not be possible that the underlying address type changes from v4in6 to v6 magically. This is only possible because the masks for v4in6 are allowed to be less than 96 bits.
netip.ParsePrefix should catch this cause of hidden errors at a distance

@gaissmai
Copy link
Author

@gaissmai gaissmai commented Jul 14, 2022

ping

@gaissmai
Copy link
Author

@gaissmai gaissmai commented Jul 15, 2022

Addresses of the format ::ffff:1.2.3.4 are reserved by IANA for ::ffff:0:0/96. The only reason a user will use it with a masklen <96 is for a typo or ignorance, we should protect the user from these mistakes.

Maybe we should add a strict version of ParsePrefix (ParsePrefixStrict and other prefix constructors) as other language IP libraries do, where the given address must match the start of the CIDR range, then we can eliminate this ambiguity.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Projects
None yet
Development

No branches or pull requests

2 participants