[cifs-protocol] 115102913315679 [MS-ADTS] 6.1.1.2.2.2.1 Subnet Object address range

Douglas Bagnall douglas.bagnall at catalyst.net.nz
Fri Oct 30 05:11:45 UTC 2015


thanks Jeff,

After a bit more testing, I have revised my questions.

I wrote:

> According to that document (and a small amount of testing against
> Windows 2012), a subnet IP range can't start with a leading zero.
> But with IPv6 it is possible create subnets with implicit leading
> zeros. For example, "::ff00/120" and "0::ff00/120" refer to the same
> address range, but only the latter is forbidden. (right?)

Here, it seems "0::ff00/120" fails on Windows2012r2 because it doesn't
like inefficient IPv6 zero packing. In short, you can't have "0::" or
"::0" in your address. Or is there something more subtle?

MS-ADTS says "[the IP address string] does not have any leading zeros"
which turns out not to mean zeros at the beginning of the string but
zeros at the beginning of each number. That is, subnets like these are
forbidden:

            000a:bbbb::/32
            3.01.2.0/24
            3.1.2.00/24
            22.001.0.0/16
            3.01.02.0/24
            100a:0bbb:0023::/48
            100a::0023/128

though MS-ADTS doesn't really say that, referring instead to leading
zeros of the string as a whole. Is that right?

Also unmentioned is that no form of zero address seems to be
acceptable to Windows 2012r2. Things like this are rejected:

            0.0.0.0/8
            0:0:0:0:0:0:0:0/8
            ::/48
            ::/0

>Can I thus infer that no attempt is made to canonicalise an IPv6
>subnet name, and collisions are only avoided by DN uniqueness? That
>is, could I simultaneously have subnets called "2001:DA8::/48" and
>"2001:DA8:0::/48" which evaluate to the same address range?

I now understand from the first point above that the address
"2001:DA8:0::/48" would be rejected, but "2001:DA8:0:0:0:0:0:0/48"
would not be. Is that right?

cheers,
Douglas

On 30/10/15 05:24, Jeff McCashland wrote:
> Thank you Sree! [Sreekanth to BCC]
> 
> Hi Douglas,
> 
> My name is Jeff, and I would like to work with you on this issue. 
> 
> I will research the question, and let you know as soon as I have more information.
> 
> Best regards,
> Jeff McCashland | Senior Escalation Engineer | Microsoft Protocol Open Specifications Team 
> Phone: +1 (425) 703-8300 x38300 | Hours: 9am-5pm | Time zone: (UTC-08:00) Pacific Time (US and Canada)
> Local country phone number found here: http://support.microsoft.com/globalenglish | Extension 1138300
> We value your feedback.  My manager is Nam Su Kang (nkang), +1 (980) 776-7499
> 
> -----Original Message-----
> From: Sreekanth Nadendla 
> Sent: Wednesday, October 28, 2015 5:22 PM
> To: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
> Cc: cifs-protocol at lists.samba.org; MSSolve Case Email <casemail at microsoft.com>
> Subject: 115102913315679 [MS-ADTS] 6.1.1.2.2.2.1 Subnet Object address range
> 
> Dochelp in Bcc
> Casemail in Cc
> 
> Hello Douglas,
> Thank you for your inquiry about MS-ADTS specification. We have created incident 115102913315679 for investigating this issue. One of the Open specifications team member will contact you shortly.
>  
> Regards,
> Sreekanth Nadendla
> Microsoft Windows Open specifications
> 
> -----Original Message-----
> From: Douglas Bagnall [mailto:douglas.bagnall at catalyst.net.nz] 
> Sent: Wednesday, October 28, 2015 5:48 PM
> To: Interoperability Documentation Help
> Cc: cifs-protocol at lists.samba.org
> Subject: MS-ADTS 6.1.1.2.2.2.1 Subnet Object address range
> 
> hi dochelp,
> 
> I just wish to clarify my interpretation of MS-ADTS 6.1.1.2.2.2.1 (v20150630).
> 
> According to that document (and a small amount of testing against Windows 2012), a subnet IP range can't start with a leading zero. But with IPv6 it is possible create subnets with implicit leading zeros.
> For example, "::ff00/120" and "0::ff00/120" refer to the same address range, but only the latter is forbidden. (right?)
>
>Can I thus infer that no attempt is made to canonicalise an IPv6 subnet name, and collisions are only avoided by DN uniqueness? That is, could I simultaneously have subnets called "2001:DA8::/48" and "2001:DA8:0::/48" which evaluate to the same address range?
> 
> Also (as I understand point 6) it says the address part of an IPv4 CIDR can't exactly equal the implied mask. For example, "255.128.0.0/9" is not allowed because the "/9" implies a mask of "255.128.0.0". Just for clarity can you confirm that there is no analogous constraint on IPv6?
> 
> thanks
> 
> Douglas
> 




More information about the cifs-protocol mailing list