Hi, 'ip_addr' and 'mask' columns (in 'address' table) should be a composite UNIQUE key as it doesn't make sense to have two entries sharing both values (the module would always take the first one). This would requiere a change in the DB schema. Opinions?
On 04/15/2010 05:57 AM, Iñaki Baz Castillo wrote:
Hi, 'ip_addr' and 'mask' columns (in 'address' table) should be a composite UNIQUE key as it doesn't make sense to have two entries sharing both values (the module would always take the first one). This would requiere a change in the DB schema. Opinions?
What if you want to have the same CIDR block be a member of different groups (grp) or allow two distinct source ports only (port) from a given block?
Iñaki Baz Castillo writes:
Hi, 'ip_addr' and 'mask' columns (in 'address' table) should be a composite UNIQUE key as it doesn't make sense to have two entries sharing both values (the module would always take the first one). This would requiere a change in the DB schema. Opinions?
i think that grp should also be included in the unique key.
-- juha
2010/4/15 Juha Heinanen jh@tutpro.com:
Juha Heinanen writes:
> i think that grp should also be included in the unique key.
as well as port, but things get tricky, since port can be 0 that matched all ports.
I assume that in case two entries share the same ip_addr but different mask, then the match would be priorized to the entry with greatest mask value, am I right? This is:
1) 1.2.3.0 / 24 2) 1.2.3.4 / 32
If the source IP is 1.2.3.4 then I expect permissions module to retrieve the second entry (as it mask value is the greatest one of all the entries matching the source IP).
Same could be done with the port: If two entries share the same ip_addr and mask, then that with port != 0 would have priority. Does it make sense?
2010/4/15 Juha Heinanen jh@tutpro.com:
Iñaki Baz Castillo writes:
> Hi, 'ip_addr' and 'mask' columns (in 'address' table) should be a > composite UNIQUE key as it doesn't make sense to have two entries > sharing both values (the module would always take the first one). > This would requiere a change in the DB schema. Opinions?
i think that grp should also be included in the unique key.
Humm, I don't think so. Forget now the "port" field (which should also be considered for the composite key):
Imagine two entries with same "ip_addr" and "mask" but differnt "grp". This would be valid as you suggest, but it doesn't make sense as the permissions module would get just the first entry and extract the "grp" from it. This is, the composite key columns must be those used by the search condition ("ip_addr", "mask" and "port").
Iñaki Baz Castillo writes:
Imagine two entries with same "ip_addr" and "mask" but differnt "grp". This would be valid as you suggest, but it doesn't make sense as the permissions module would get just the first entry and extract the "grp" from it. This is, the composite key columns must be those used by the search condition ("ip_addr", "mask" and "port").
which function of permissions module?
-- juha
2010/4/15 Juha Heinanen jh@tutpro.com:
Iñaki Baz Castillo writes:
> Imagine two entries with same "ip_addr" and "mask" but differnt "grp". > This would be valid as you suggest, but it doesn't make sense as the > permissions module would get just the first entry and extract the > "grp" from it. This is, the composite key columns must be those used > by the search condition ("ip_addr", "mask" and "port").
which function of permissions module?
allow_source_address_group()
Iñaki Baz Castillo wrote:
Hi, 'ip_addr' and 'mask' columns (in 'address' table) should be a composite UNIQUE key as it doesn't make sense to have two entries sharing both values (the module would always take the first one). This would requiere a change in the DB schema. Opinions?
Hello,
I have a few questions about the address table:
1. Does it support IPv6 addresses? 2. Along with quad-doted IPv4, there are also the plans to support other IPv4 formats like octal or hexa for IP-addresses? For example 0102.0146.015.0143 http://0102.0146.015.0143/(one www.google.com's IP)
I am very new to permission module but maybe this cases need to be handled also...
Marius
marius zbihlei writes:
- Does it support IPv6 addresses?
no, it does not.
- Along with quad-doted IPv4, there are also the plans to support other
IPv4 formats like octal or hexa for IP-addresses? For example 0102.0146.015.0143 http://0102.0146.015.0143/(one www.google.com's IP)
there are no such plans.
I am very new to permission module but maybe this cases need to be handled also...
you can always add a feature request to the tracker. may be someone show needs the above functionalities will implement them.
-- juha
-
Alex Balashov -
Iñaki Baz Castillo -
jh@tutpro.com -
marius zbihlei