Tolerate non-zero bits beyond the prefix in IPv6Prefix (fixes #119)#141
Open
jamiesun wants to merge 1 commit into
Open
Tolerate non-zero bits beyond the prefix in IPv6Prefix (fixes #119)#141jamiesun wants to merge 1 commit into
jamiesun wants to merge 1 commit into
Conversation
IPv6Prefix rejected any Framed-IPv6-Prefix/Delegated-IPv6-Prefix attribute whose bits past the Prefix-Length were non-zero, returning "invalid prefix data". Real-world equipment frequently leaves those padding bits set (for example sending a /64 with the host identifier still present, or a non-octet-aligned prefix with a trailing bit), so valid prefixes failed to decode. Clear the bits beyond the prefix length instead of erroring: mask the partial byte and zero every whole byte after it. This restores the lenient behaviour that predated the issue layeh#118 fix while still keeping that fix's tolerance for trailing zero bytes being omitted. Closes layeh#119 Refs layeh#118 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This was referenced Jun 8, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Fixes #119 (follow-up to #118).
IPv6Prefixrejected anyFramed-IPv6-Prefix/Delegated-IPv6-Prefixattribute whose bits beyond thePrefix-Lengthwere non-zero, returninginvalid prefix data.The validation loop added in 1006025 (the #118 fix) is too strict. Real-world equipment frequently leaves the padding bits set — for example:
/64sent with the host identifier still present (2001:db8::1/64), or/47with bit 47 set).Per RFC 3162 those bits should be zero, but rejecting otherwise-valid prefixes breaks decoding of packets from common gear.
Fix
Clear the bits beyond the prefix length instead of erroring:
ip[prefixLength/8] &^= 0xff >> (prefixLength%8)), andThis restores the lenient behaviour that predated #118 while keeping that fix's tolerance for omitted trailing zero bytes. The approach matches the suggestion in review comment r134862652 on the original commit.
Tests
TestIPv6Prefix_issue119covers both the host-bits-set/64case and the non-octet/47case; both fail on the previous code withinvalid prefix dataand pass now. ExistingTestIPv6PrefixandTestIPv6Prefix_issue118continue to pass, andgo test ./.../go vet ./...are clean.Thanks to @dav-komarek for the report and reproduction.