Ipv6 host table entries added as a full /32 subnet
-
I don't know how long this has been happening, but I just noticed it today, and it is still happening on the latest snapshot:
2.1-BETA0 (amd64)
built on Thu Jun 28 03:21:18 EDT 2012
FreeBSD 8.3-RELEASE-p3I have lists of FQDN hostnames that I like to either block or allow in some fashion through pfsense.
If the FQDN that I add has an AAAA record it is added to the list but as a /32 network, which is a whole lot of IP addresses in IPv6 but (of course) only one IP in IPv4.
To test:
in webconfigurator:
go to Firewall –> Aliases
under the IP tab, click the + icon to create a new IP alias list
name the list and add a FQDN that contains at least one AAAA record. I suggest www.google-analytics.com
click the save button
click the Apply Changes Button
go to Diagnostics --> Tables
find the newly created table and look at the bottom. In my case the IPv6 alias is there as a /32:
2607:f8b0::/32
Another probably non-important issue with these tables is that when you delete an alias list from Firewall --> Aliases it doesn't get deleted (at least right away) from Diagnostics --> Tables
-
bump
Does anyone else have the same problem? This is kind of major for me as I can't even use a fully qualified domain name in a host alias list if it resolves to an IPv6 IP address. If it does, it will add the IPv6 IP address to the aliases table as a /32 network. This breaks the whole concept of FQDN hosts in an alias table…
I have looked through the code to see if I could find where the /32 is being added in the case where a FQDN host is entered.
It may be in one of these files but I may be wrong ;-) :
/usr/local/www/javascript/jquery.ipv4v6ify.js:
I am not a javascripter so I may be completely wrong, but this seems to leave out the case of is_ipv6
/usr/local/www/guiconfig.inc:
function address_to_pconfig has no case for a /128 and falls through to a /32:
if (!$pmask) $pmask = 32; -
Known issue:
http://redmine.pfsense.org/issues/2506
