[cifs-protocol] 115102913315679 [MS-ADTS] 6.1.1.2.2.2.1 Subnet Object address range

Jeff McCashland jeffm at microsoft.com
Tue Jan 19 17:15:56 UTC 2016 

Hi Doug,

Interesting catch!

Could you forward it to our DocHelp alias so I can follow up?

It's best to send all new issues to the DocHelp alias (even if addressed to me), so that someone can follow up if I'm out of the office.

Best regards,
Jeff McCashland | Senior Escalation Engineer | Microsoft Protocol Open Specifications Team 
Phone: +1 (425) 703-8300 x38300 | Hours: 9am-5pm | Time zone: (UTC-08:00) Pacific Time (US and Canada)
Local country phone number found here: http://support.microsoft.com/globalenglish | Extension 1138300
We value your feedback.  My manager is Nam Su Kang (nkang), +1 (980) 776-7499


-----Original Message-----
From: Douglas Bagnall [mailto:douglas.bagnall at catalyst.net.nz] 
Sent: Monday, January 18, 2016 4:26 PM
To: Jeff McCashland <jeffm at microsoft.com>
Cc: cifs-protocol at lists.samba.org; MSSolve Case Email <casemail at microsoft.com>
Subject: Re: 115102913315679 [MS-ADTS] 6.1.1.2.2.2.1 Subnet Object address range

Jeff,

I discovered another quirk which might be worth mentioning.

Addresses in the form "::FFFF:x:x" or "::x:x", which would map to IPv4 addresses under some old schemes are forbidden. The inet_ntop() function in the C standard library renders these as embedded dotted decimal addresses (i.e. "::FFFF:x.x.x.x").

The exception is "::FFFF:0:0" which Windows allows. That would map to "0.0.0.0" under the mapping scheme.

cheers,
Douglas

On 25/11/15 06:56, Jeff McCashland wrote:
> Hi Douglas,
> 
> Here is what we came up with:
> s is a valid subnet name if:
> 1. There is only one occurrence of the character "/" in s. Let i be the index of the character "/" in s.
> 2. The substring s[0, i-1] is either a valid IPv4 address in dotted decimal notation (as specified in [RFC1166]) or a valid IPv6 address in colon-hexadecimal form or compressed form (as specified in [RFC 4291]), and must meet the following constraints:
> §	IPv4 addresses must not have any leading zeros in any individual component of the address
> §	IPv6 addresses must be in canonical text representation format (as specified in [RFC 5952] section 4), except that the addresses are treated as case insensitive.
> Examples:
> Valid IPV4 subnet names:
> §	https://na01.safelinks.protection.outlook.com/?url=10.2.1.0%2f24&data=01%7c01%7cjeffm%40microsoft.com%7c057fffcd02b8410632d708d32067178f%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=5w%2fC8iNxZHYS%2bpGs8jx204pW33wZqwCU5AxbZOCa2Xk%3d
> §	https://na01.safelinks.protection.outlook.com/?url=10.20.1.0%2f24&data=01%7c01%7cjeffm%40microsoft.com%7c057fffcd02b8410632d708d32067178f%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=cNcZD3mopCgYF4HdKDjwM4In7tVS3LRcQbyvmnYiA2s%3d
> Invalid IPV4 subnet names:
> §	https://na01.safelinks.protection.outlook.com/?url=10.02.0.0%2f16&data=01%7c01%7cjeffm%40microsoft.com%7c057fffcd02b8410632d708d32067178f%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=zhYhuEB7pYVLNY7IUWUUKA%2bBU6e%2fLwBRJlLxWcweCBM%3d
> Valid IPv6 subnet names:
> 	A:A:A:A::/64
> §	a:b::c:d:0:0/64
> §	0:0:e0::/48
> §	A:b:C::/128
> §	A:B::F:0/128
> §	12AB:0:0:CD30::/60
> §	A:a:e:b:0:d:e:f/128
> Invalid IPv6 subnet names:
> §	A:B:0C:D::/64
> §	A:B:0:0:0:0:E:F/128
> §	12AB::CD30:0:0:0:0/60
> §	12AB:0:0:CD30::F:0/60
> §	A:a:e:b::d:e:f/128
> 
> Best regards,
> Jeff McCashland | Senior Escalation Engineer | Microsoft Protocol Open 
> Specifications Team
> Phone: +1 (425) 703-8300 x38300 | Hours: 9am-5pm | Time zone: 
> (UTC-08:00) Pacific Time (US and Canada) Local country phone number 
> found here: 
> https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fsuppor
> t.microsoft.com%2fglobalenglish&data=01%7c01%7cjeffm%40microsoft.com%7
> c057fffcd02b8410632d708d32067178f%7c72f988bf86f141af91ab2d7cd011db47%7
> c1&sdata=jib%2bmYn8IvTmnuz4IaUQTfqCXzru36JpNv9aKoS9Gkw%3d | Extension 
> 1138300 We value your feedback.  My manager is Nam Su Kang (nkang), +1 
> (980) 776-7499
> 
> -----Original Message-----
> From: Jeff McCashland
> Sent: Thursday, November 19, 2015 9:20 AM
> To: 'Douglas Bagnall' <douglas.bagnall at catalyst.net.nz>
> Cc: cifs-protocol at lists.samba.org
> Subject: RE: 115102913315679 [MS-ADTS] 6.1.1.2.2.2.1 Subnet Object 
> address range
> 
> Hi Douglas,
> 
> Good observations. Thank you for the feedback!
> 
> Best regards,
> Jeff McCashland | Senior Escalation Engineer | Microsoft Protocol Open 
> Specifications Team
> Phone: +1 (425) 703-8300 x38300 | Hours: 9am-5pm | Time zone: 
> (UTC-08:00) Pacific Time (US and Canada) Local country phone number 
> found here: 
> https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fsuppor
> t.microsoft.com%2fglobalenglish&data=01%7c01%7cjeffm%40microsoft.com%7
> c057fffcd02b8410632d708d32067178f%7c72f988bf86f141af91ab2d7cd011db47%7
> c1&sdata=jib%2bmYn8IvTmnuz4IaUQTfqCXzru36JpNv9aKoS9Gkw%3d | Extension 
> 1138300 We value your feedback.  My manager is Nam Su Kang (nkang), +1 
> (980) 776-7499
> 
> -----Original Message-----
> From: Douglas Bagnall [mailto:douglas.bagnall at catalyst.net.nz]
> Sent: Wednesday, November 18, 2015 5:31 PM
> To: Jeff McCashland <jeffm at microsoft.com>
> Cc: cifs-protocol at lists.samba.org
> Subject: Re: 115102913315679 [MS-ADTS] 6.1.1.2.2.2.1 Subnet Object 
> address range
> 
> hi Jeff,
> 
>> To follow up on this issue, how does this look?:
>>
>> 2. The substring s[0, i-1] is either a valid IPv4 address in dotted decimal notation (as specified in [RFC1166]) or a valid IPv6 address in colon-hexadecimal form (as specified in [RFC2373]), and must meet the following additional constraints:  
>> 	IPV4 addresses must not have any leading zeros in any individual component of the address.
>> 	IPV6 addresses must not have any leading zeros in any individual component of the address.
>> 	IPV6 addresses must be in compressed form (as specified in [RFC2373]) when possible; the compressed sequence must be the longest such possible.
>> 	IPV6 addresses are treated as case insensitive
> 
> That is good, though the maximally compressed criteria doesn't quite specify a unique form (which I believe is the point). For example, the subnet that in uncompressed form looks like:
> 
>     1:0:0:2:3:0:0:4/128
> 
> can be compressed equally well in either of these two ways:
> 
>     1::2:3:0:0:4/128
>     1:0:0:2:3::4/128
> 
> Windows 2012R2, as far as I can tell, mandates the first representation (as does RFC5952 section 4.2.3).
> 
> Also in RFC5952 section 4.2.2 says that single zeros should not be collapsed into "::" -- that is, it wants "2001:db8:0:1:1:1:1:1"
> instead of "2001:db8::1:1:1:1:1". Windows 2012R2 also seems to follow this, which is strictly speaking a violation of the compression heuristic.
> 
> It looks as if Windows 2012 does in fact follow the RFC with the caveat of case insensitivity. But not 2008R2, which allows invalid subnet names like "a:b::/31", where the masked bits are not all zero (online tools differ on whether that would refer to the same range as "a:a::/31" or "a:b::/32", but either way its a duplicate).
> 
> thanks for your help,
> 
> Douglas
>

More information about the cifs-protocol mailing list