LXC IP Tag script error prevents tagging of IPs in 172.16.0.0/12

[Duratori]

✅ Have you read and understood the above guidelines?

yes

📜 What is the name of the script you are using?

add-iptag.sh

📂 What was the exact command used to execute the script?

bash -c "$(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/tools/pve/add-iptag.sh)"

⚙️ What settings are you using?

• Default Settings
• Advanced Settings

🖥️ Which Linux distribution are you using?

Debian 12

📝 Provide a clear and concise description of the issue.

LXCs and VMs with IPs in 172.16.0.0/12 are NOT getting tagged, but 192.168.0.0/16 IPs are getting tagged.

The problem is in the ip_in_cidr function in the iptag script. Here's what is wrong:

1. Root Cause: The function is using ipcalc -c to check if an IP is in a CIDR range (which works correctly), but then it is doing its own manual validation that only handled specific prefix lengths: /8, /16, /24, and /32.
2. Specific Issue: My configuration includes 172.16.0.0/12 in the CIDR_LIST, but the manual check didn't handle /12 prefixes, so it would fall through to the default case and return false, even though ipcalc had correctly determined the IP was in the range.
3. Why 192.168.5.x worked: The 192.168.5.x addresses matched against 192.168.0.0/16, and /16 was one of the handled prefix lengths in the manual check.
4. The Fix: I simplified the ip_in_cidr function to only use ipcalc -c and removed the problematic manual validation. The ipcalc command handles all CIDR ranges correctly, including /12. However, the ipcalc command is returning exit code 0 even when the IP doesn't match. This seems to be because it's printing errors but still returning success. This explains why your original script had the redundant manual check - it was trying to work around this ipcalc quirk.
5. It seems the best solution is to add handling of the /12 prefix to your script.

🔄 Steps to reproduce the issue.

Installed IP Tag and a brind new, clean install of Proxmox and let it run. Anything with a 172.16.x.x IP did not get tagged.

❌ Paste the full error output (if available).

None captured by me.

🖼️ Additional context (optional).

No response

[MickLesk]

@DesertGamer

[DesertGamer]

It is interesting... I will try to do it today, and I will write about the results.

[DesertGamer]

There really was such a mistake, I fixed it in the new version, and also seriously worked out the rest of the possible methods, covered it all with tests, and I got a 99% result, thank you for your message.

[DesertGamer]

The update has been downloaded, please use the command:

bash -c "$(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/tools/pve/add-iptag.sh)"

You can save your old config using an additional option when updating, but I strongly recommend overwriting it.

[MickLesk]

[kendikaku]

Hello,
after updating, the processing power consumption is very high, reaching 100% and consequently the temperature is also very high. After uninstalling iptag, both returned to normal.

[MickLesk]

new issue

[kendikaku]

new issue

#5701 (comment)