SPF/term/cidr-length

from HTYP, the free directory anyone can edit if they can prove to me that they're not a spambot
< SPF‎ | term
Jump to navigation Jump to search

About

<cidr-length> refers to the CIDR (Classless Inter-Domain Routing) convention for specifying blocks of IP addresses.

SPF uses three possible versions of this:

  • <ip4-cidr-length>: defaults to "/32"
  • <ip6-cidr-length>: defaults to "/128"
  • <dual-cidr-length>: includes at least one of <ip4-cidr-length> and <ip6-cidr-length>, and possibly both
    • If <ip6-cidr-length> appears, it must be prefixed with "/".
    • If both appear, <ip4-cidr-length> must be first.

The official and almost-comprehensible RFC documentation has this to say (Section 5.6): 

  ip4              = "ip4"      ":" ip4-network   [ ip4-cidr-length ]
  ip6              = "ip6"      ":" ip6-network   [ ip6-cidr-length ]

  ip4-cidr-length  = "/" ("0" / %x31-39 0*1DIGIT) ; value range 0-32
  ip6-cidr-length  = "/" ("0" / %x31-39 0*2DIGIT) ; value range 0-128
  dual-cidr-length = [ ip4-cidr-length ] [ "/" ip6-cidr-length ]

  ip4-network      = qnum "." qnum "." qnum "." qnum
  qnum             = DIGIT                 ; 0-9
                     / %x31-39 DIGIT       ; 10-99
                     / "1" 2DIGIT          ; 100-199
                     / "2" %x30-34 DIGIT   ; 200-249
                     / "25" %x30-35        ; 250-255
           ; as per conventional dotted-quad notation, e.g., 192.0.2.0

  ip6-network      = <as per Section 2.2 of [RFC4291]>
           ; e.g., 2001:db8::cd30

The <ip> is compared to the given network. If CIDR prefix length high-order bits match, the mechanism matches.

If ip4-cidr-length is omitted, it is taken to be "/32". If ip6-cidr-length is omitted, it is taken to be "/128". It is not permitted to omit parts of the IP address instead of using CIDR notations. That is, use 192.0.2.0/24 instead of 192.0.2.

Retrieved from "https://htyp.org/mw/index.php?title=SPF/term/cidr-length&oldid=28456"