OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

openc2 message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Language Spec Comment: CIDR address ranges


In Sections and 3.4.1, define a new ip_net target consisting of a network address and a CIDR prefix length.  In section modify the ip_connection target to add src_net and dst_net fields of type IP-Net, with the restriction that IP-Connection may have either src_addr or src_net but not both, and the same restriction for dst_addr and dst_net.


The IP-Addr target defined in Section is used where a single IP Address is valid, for example in the source or destination address of an IP packet (RFC 791 section 3.1).

In use cases such as those involving routing and filtering, an IP Network target (a contiguous range of IP addresses - RFC 4632) is needed.

It would be possible to overload the IP-Addr target with an optional prefix-length field that would denote a network when present and an endpoint address when absent.  Explicitly defining separate targets allows the syntax to specify when one or the other is required, rather than relying on non-syntax text to describe when an optional prefix-length must or must not be present.

If the predominate use cases for the IP-Connection target involve CIDR ranges, the src_addr and dst_addr fields could be replaced by src_net and dst_net, and a prefix length of /32 would be specified to denote a "host route" when the connection involves only a single address.  This would eliminate the complexity of allowing src_addr or src_net but not both.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]