From nobody Sat Jul 16 12:41:39 2022
X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4LlSXS398Jz4TSS3;
	Sat, 16 Jul 2022 12:41:44 +0000 (UTC)
	(envelope-from mjguzik@gmail.com)
Received: from mail-lf1-x12c.google.com (mail-lf1-x12c.google.com [IPv6:2a00:1450:4864:20::12c])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4LlSXR3qBLz3HYR;
	Sat, 16 Jul 2022 12:41:43 +0000 (UTC)
	(envelope-from mjguzik@gmail.com)
Received: by mail-lf1-x12c.google.com with SMTP id u19so3033624lfs.0;
        Sat, 16 Jul 2022 05:41:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=mime-version:in-reply-to:references:from:date:message-id:subject:to
         :cc;
        bh=eTtcaAeC5MT8WsLysoy88B58DgJvfDRIn7rJKpvMD0Q=;
        b=b0nyDQ6Cw6Mpuac+8d3gCyUP5c02D9tjmszY4V25ZoiSPiNMCpuJ8korieBlB/s6QV
         /ZBiv/SyDcLmUCde3wPe7NORyENspE3TMqQ2Dt2ymjIyUJgvUpj9MspYzQISvoaVfR7T
         AJOCRbKvI50GqeVJi8a52TrIbSNPop5P1WJrhFNGoPeKZ51aI0/2o8X+tJkpIUht3lwy
         44miUL/lkI+C/2Da7N27r9iQDjXysh4q2mSBPeah6Badouew2yAa/vMZLf9v61QZjmEE
         TCXn+J7rGkq6Vgt2b/BwC4TuNrQoFje1SfjsNdmNkbQ21cu4JvaIdQGdF0dJvl6+y8kW
         ZDpw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:mime-version:in-reply-to:references:from:date
         :message-id:subject:to:cc;
        bh=eTtcaAeC5MT8WsLysoy88B58DgJvfDRIn7rJKpvMD0Q=;
        b=g0XgVwOTNrWa+shy3hjTLm6RYRmy/MszJpyeSLcdg8n2LjeEnMN/Zz2o9Yupg9KFEg
         dhHrxgvrseUOntPBivNg9wcPs6q4ybQD9Vw8sPwusfFY3ySKqPT3y2mwF/TVDOcKsChz
         TMmXoLjo4EY4/6zQEc6VVJS0AqGh0j9c3eakjiJBnJydbkl7w3Z3a96xQPuyRG6sC01D
         D636uuFqmLa/RvqeEz4c9dOeakNZhagtDF28pYGh9K2AD4eJtIkpOSq/ewzZMMI3fGuH
         zqRwXDERAjMXQ+6Q7BJKGUonTXySOIyhSQ9JfdcWG+/4IVpFUK9NwfNAVIvYdJg/167K
         /PvQ==
X-Gm-Message-State: AJIora9j+d3GJZJsnDjV4c0jIUwJ9erL0LuTPZ4VmODcCEcvye/MWdA5
	z4XjgI8osXtLjaHM9wZdj9IU1IVicU93JMcQLLtWUtAb
X-Google-Smtp-Source: AGRyM1uLukLC2AQn/jw+RlFu2TEWjQ5lLGagyUR7n4eo5CGQFzcpaI12G8GvqLaH3Ys9MsPwgbmcn9mRiYGyYy5qUJ8=
X-Received: by 2002:a05:6512:224a:b0:489:db85:53c6 with SMTP id
 i10-20020a056512224a00b00489db8553c6mr10085923lfu.383.1657975300628; Sat, 16
 Jul 2022 05:41:40 -0700 (PDT)
List-Id: Commit messages for the main branch of the src repository <dev-commits-src-main.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main
List-Help: <mailto:dev-commits-src-main+help@freebsd.org>
List-Post: <mailto:dev-commits-src-main@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-main+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-main+unsubscribe@freebsd.org>
Sender: owner-dev-commits-src-main@freebsd.org
X-BeenThere: dev-commits-src-main@freebsd.org
MIME-Version: 1.0
Received: by 2002:a05:6520:244e:b0:1f8:f8e3:65ed with HTTP; Sat, 16 Jul 2022
 05:41:39 -0700 (PDT)
In-Reply-To: <202207131449.26DEnh0G089612@gitrepo.freebsd.org>
References: <202207131449.26DEnh0G089612@gitrepo.freebsd.org>
From: Mateusz Guzik <mjguzik@gmail.com>
Date: Sat, 16 Jul 2022 14:41:39 +0200
Message-ID: <CAGudoHGnDCCsXqakusJNhK5E3g1Xfm+zUedUUF8nn3R8wp51iA@mail.gmail.com>
Subject: Re: git: efe58855f3ea - main - IPv4: experimental changes to allow
 net 0/8, 240/4, part of 127/8
To: Mike Karels <karels@freebsd.org>
Cc: src-committers@freebsd.org, dev-commits-src-all@freebsd.org, 
	dev-commits-src-main@freebsd.org
Content-Type: text/plain; charset="UTF-8"
X-Rspamd-Queue-Id: 4LlSXR3qBLz3HYR
X-Spamd-Bar: --
Authentication-Results: mx1.freebsd.org;
	dkim=pass header.d=gmail.com header.s=20210112 header.b=b0nyDQ6C;
	dmarc=pass (policy=none) header.from=gmail.com;
	spf=pass (mx1.freebsd.org: domain of mjguzik@gmail.com designates 2a00:1450:4864:20::12c as permitted sender) smtp.mailfrom=mjguzik@gmail.com
X-Spamd-Result: default: False [-2.26 / 15.00];
	NEURAL_HAM_LONG(-0.95)[-0.953];
	NEURAL_HAM_SHORT(-0.91)[-0.906];
	NEURAL_SPAM_MEDIUM(0.60)[0.597];
	DMARC_POLICY_ALLOW(-0.50)[gmail.com,none];
	R_DKIM_ALLOW(-0.20)[gmail.com:s=20210112];
	R_SPF_ALLOW(-0.20)[+ip6:2a00:1450:4000::/36:c];
	MIME_GOOD(-0.10)[text/plain];
	FROM_EQ_ENVFROM(0.00)[];
	ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US];
	RCVD_IN_DNSWL_NONE(0.00)[2a00:1450:4864:20::12c:from];
	FREEMAIL_ENVFROM(0.00)[gmail.com];
	MIME_TRACE(0.00)[0:+];
	MLMMJ_DEST(0.00)[dev-commits-src-all@freebsd.org,dev-commits-src-main@freebsd.org];
	ARC_NA(0.00)[];
	RCVD_COUNT_THREE(0.00)[3];
	MID_RHS_MATCH_FROMTLD(0.00)[];
	RCPT_COUNT_THREE(0.00)[4];
	FROM_HAS_DN(0.00)[];
	DKIM_TRACE(0.00)[gmail.com:+];
	FREEMAIL_FROM(0.00)[gmail.com];
	TO_DN_SOME(0.00)[];
	TO_MATCH_ENVRCPT_ALL(0.00)[];
	RCVD_TLS_LAST(0.00)[];
	DWL_DNSWL_NONE(0.00)[gmail.com:dkim]
X-ThisMailContainsUnwantedMimeParts: N

On 7/13/22, Mike Karels <karels@freebsd.org> wrote:
> The branch main has been updated by karels:
>
> URL:
> https://cgit.FreeBSD.org/src/commit/?id=efe58855f3ea2cfc24cb705aabce3bc0fe1fb6d5
>
> commit efe58855f3ea2cfc24cb705aabce3bc0fe1fb6d5
> Author:     Mike Karels <karels@FreeBSD.org>
> AuthorDate: 2022-05-24 19:26:25 +0000
> Commit:     Mike Karels <karels@FreeBSD.org>
> CommitDate: 2022-07-13 14:46:05 +0000
>
>     IPv4: experimental changes to allow net 0/8, 240/4, part of 127/8
>

This cause LINT-NOIP builds to fail:
ld: error: undefined symbol: vnet_entry_in_loopback_mask
>>> referenced by ib_cma.c
>>>               ib_cma.o:(rdma_destroy_id)
>>> referenced by ib_cma.c
>>>               ib_cma.o:(rdma_resolve_addr)
>>> referenced by ib_cma.c
>>>               ib_cma.o:(rdma_bind_addr)
>>> referenced 11 more times


>     Combined changes to allow experimentation with net 0/8 (network 0),
>     240/4 (Experimental/"Class E"), and part of the loopback net 127/8
>     (all but 127.0/16).  All changes are disabled by default, and can be
>     enabled by the following sysctls:
>
>         net.inet.ip.allow_net0=1
>         net.inet.ip.allow_net240=1
>         net.inet.ip.loopback_prefixlen=16
>
>     When enabled, the corresponding addresses can be used as normal
>     unicast IP addresses, both as endpoints and when forwarding.
>
>     Add descriptions of the new sysctls to inet.4.
>
>     Add <machine/param.h> to vnet.h, as CACHE_LINE_SIZE is undefined in
>     various C files when in.h includes vnet.h.
>
>     The proposals motivating this experimentation can be found in
>
>         https://datatracker.ietf.org/doc/draft-schoen-intarea-unicast-0
>         https://datatracker.ietf.org/doc/draft-schoen-intarea-unicast-240
>         https://datatracker.ietf.org/doc/draft-schoen-intarea-unicast-127
>
>     Reviewed by:    rgrimes, pauamma_gundo.com; previous versions melifaro,
> glebius
>     Differential Revision: https://reviews.freebsd.org/D35741
> ---
>  share/man/man4/inet.4 | 11 +++++++++++
>  sys/net/vnet.h        |  1 +
>  sys/netinet/in.c      | 50
> ++++++++++++++++++++++++++++++++++++++++++++++++--
>  sys/netinet/in.h      | 18 ++++++++++++++++++
>  sys/netinet/ip_icmp.c |  4 ++--
>  5 files changed, 80 insertions(+), 4 deletions(-)
>
> diff --git a/share/man/man4/inet.4 b/share/man/man4/inet.4
> index dbab301302b1..60b2e588500d 100644
> --- a/share/man/man4/inet.4
> +++ b/share/man/man4/inet.4
> @@ -284,6 +284,17 @@ Integer: maximum number of fragments the host will
> accept and hold
>  in the reassembly queue for a packet.
>  0 means that the host will not accept any fragmented packets for the VNET.
>  This is a per-VNET limit.
> +.It Va ip.allow_net0
> +Boolean: allow experimental use of addresses in 0.0.0.0/8 as endpoints,
> +and allow forwarding of packets with these addresses.
> +.It Va ip.allow_net240
> +Boolean: allow experimental use of addresses in 240.0.0.0/4 as endpoints,
> +and allow forwarding of packets with these addresses.
> +.It Va ip.loopback_prefixlen
> +Integer: prefix length of the address space reserved for loopback
> purposes.
> +The default is 8, meaning that 127.0.0.0/8 is reserved for loopback,
> +and cannot be sent, received, or forwarded on a non-loopback interface.
> +Use of other values is experimental.
>  .El
>  .Sh SEE ALSO
>  .Xr ioctl 2 ,
> diff --git a/sys/net/vnet.h b/sys/net/vnet.h
> index afb6857bbccc..d0ede39c0cb1 100644
> --- a/sys/net/vnet.h
> +++ b/sys/net/vnet.h
> @@ -65,6 +65,7 @@
>   * as required for libkvm.
>   */
>  #if defined(_KERNEL) || defined(_WANT_VNET)
> +#include <machine/param.h>	/* for CACHE_LINE_SIZE */
>  #include <sys/queue.h>
>
>  struct vnet {
> diff --git a/sys/netinet/in.c b/sys/netinet/in.c
> index 9e4b677cf7e1..c3880c4ba983 100644
> --- a/sys/netinet/in.c
> +++ b/sys/netinet/in.c
> @@ -97,6 +97,28 @@ SYSCTL_BOOL(_net_inet_ip, OID_AUTO, broadcast_lowest,
> CTLFLAG_VNET | CTLFLAG_RW,
>  	&VNET_NAME(broadcast_lowest), 0,
>  	"Treat lowest address on a subnet (host 0) as broadcast");
>
> +VNET_DEFINE(bool, ip_allow_net240) = false;
> +#define	V_ip_allow_net240		VNET(ip_allow_net240)
> +SYSCTL_BOOL(_net_inet_ip, OID_AUTO, allow_net240,
> +	CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ip_allow_net240), 0,
> +	"Allow use of Experimental addresses, aka Class E (240/4)");
> +/* see https://datatracker.ietf.org/doc/draft-schoen-intarea-unicast-240
> */
> +
> +VNET_DEFINE(bool, ip_allow_net0) = false;
> +SYSCTL_BOOL(_net_inet_ip, OID_AUTO, allow_net0,
> +	CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ip_allow_net0), 0,
> +	"Allow use of addresses in network 0/8");
> +/* see https://datatracker.ietf.org/doc/draft-schoen-intarea-unicast-0 */
> +
> +VNET_DEFINE(uint32_t, in_loopback_mask) = IN_LOOPBACK_MASK_DFLT;
> +#define	V_in_loopback_mask	VNET(in_loopback_mask)
> +static int sysctl_loopback_prefixlen(SYSCTL_HANDLER_ARGS);
> +SYSCTL_PROC(_net_inet_ip, OID_AUTO, loopback_prefixlen,
> +	CTLFLAG_VNET | CTLTYPE_INT | CTLFLAG_RW,
> +	NULL, 0, sysctl_loopback_prefixlen, "I",
> +	"Prefix length of address space reserved for loopback");
> +/* see https://datatracker.ietf.org/doc/draft-schoen-intarea-unicast-127
> */
> +
>  VNET_DECLARE(struct inpcbinfo, ripcbinfo);
>  #define	V_ripcbinfo			VNET(ripcbinfo)
>
> @@ -251,12 +273,36 @@ in_canforward(struct in_addr in)
>  {
>  	u_long i = ntohl(in.s_addr);
>
> -	if (IN_EXPERIMENTAL(i) || IN_MULTICAST(i) || IN_LINKLOCAL(i) ||
> -	    IN_ZERONET(i) || IN_LOOPBACK(i))
> +	if (IN_MULTICAST(i) || IN_LINKLOCAL(i) || IN_LOOPBACK(i))
> +		return (0);
> +	if (IN_EXPERIMENTAL(i) && !V_ip_allow_net240)
> +		return (0);
> +	if (IN_ZERONET(i) && !V_ip_allow_net0)
>  		return (0);
>  	return (1);
>  }
>
> +/*
> + * Sysctl to manage prefix of reserved loopback network; translate
> + * to/from mask.  The mask is always contiguous high-order 1 bits
> + * followed by all 0 bits.
> + */
> +static int
> +sysctl_loopback_prefixlen(SYSCTL_HANDLER_ARGS)
> +{
> +	int error, preflen;
> +
> +	/* ffs is 1-based; compensate. */
> +	preflen = 33 - ffs(V_in_loopback_mask);
> +	error = sysctl_handle_int(oidp, &preflen, 0, req);
> +	if (error || !req->newptr)
> +		return (error);
> +	if (preflen < 8 || preflen > 32)
> +		return (EINVAL);
> +	V_in_loopback_mask = 0xffffffff << (32 - preflen);
> +	return (0);
> +}
> +
>  /*
>   * Trim a mask in a sockaddr
>   */
> diff --git a/sys/netinet/in.h b/sys/netinet/in.h
> index 1fc5c173b33c..44d64190ed01 100644
> --- a/sys/netinet/in.h
> +++ b/sys/netinet/in.h
> @@ -383,7 +383,13 @@ __END_DECLS
>  #define	IN_BADCLASS(i)		(((in_addr_t)(i) & 0xf0000000) == 0xf0000000)
>
>  #define IN_LINKLOCAL(i)		(((in_addr_t)(i) & 0xffff0000) == 0xa9fe0000)
> +#ifdef _KERNEL
> +#define IN_LOOPBACK(i) \
> +    (((in_addr_t)(i) & V_in_loopback_mask) == 0x7f000000)
> +#define IN_LOOPBACK_MASK_DFLT	0xff000000
> +#else
>  #define IN_LOOPBACK(i)		(((in_addr_t)(i) & 0xff000000) == 0x7f000000)
> +#endif
>  #define IN_ZERONET(i)		(((in_addr_t)(i) & 0xff000000) == 0)
>
>  #define	IN_PRIVATE(i)	((((in_addr_t)(i) & 0xff000000) == 0x0a000000) || \
> @@ -414,6 +420,18 @@ __END_DECLS
>
>  #define	IN_RFC3021_MASK		((in_addr_t)0xfffffffe)
>
> +#ifdef _KERNEL
> +#include <net/vnet.h>
> +
> +VNET_DECLARE(bool, ip_allow_net0);
> +VNET_DECLARE(bool, ip_allow_net240);
> +/* Address space reserved for loopback */
> +VNET_DECLARE(uint32_t, in_loopback_mask);
> +#define	V_ip_allow_net0		VNET(ip_allow_net0)
> +#define	V_ip_allow_net240	VNET(ip_allow_net240)
> +#define	V_in_loopback_mask	VNET(in_loopback_mask)
> +#endif
> +
>  /*
>   * Options for use with [gs]etsockopt at the IP level.
>   * First word of comment is data type; bool is stored in int.
> diff --git a/sys/netinet/ip_icmp.c b/sys/netinet/ip_icmp.c
> index 76bce4b38e24..a710cc2ba8cd 100644
> --- a/sys/netinet/ip_icmp.c
> +++ b/sys/netinet/ip_icmp.c
> @@ -775,8 +775,8 @@ icmp_reflect(struct mbuf *m)
>  	NET_EPOCH_ASSERT();
>
>  	if (IN_MULTICAST(ntohl(ip->ip_src.s_addr)) ||
> -	    IN_EXPERIMENTAL(ntohl(ip->ip_src.s_addr)) ||
> -	    IN_ZERONET(ntohl(ip->ip_src.s_addr)) ) {
> +	    (IN_EXPERIMENTAL(ntohl(ip->ip_src.s_addr)) && !V_ip_allow_net240) ||
> +	    (IN_ZERONET(ntohl(ip->ip_src.s_addr)) && !V_ip_allow_net0) ) {
>  		m_freem(m);	/* Bad return address */
>  		ICMPSTAT_INC(icps_badaddr);
>  		goto done;	/* Ip_output() will check for broadcast */
>


-- 
Mateusz Guzik <mjguzik gmail.com>