Re: Heads-up: ifconfig address without a mask/width to become an error
- In reply to: Shawn Webb : "Re: Heads-up: ifconfig address without a mask/width to become an error"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 17 Jun 2024 18:40:17 UTC
> On 17. Jun 2024, at 20:34, Shawn Webb <shawn.webb@hardenedbsd.org> wrote: > > On Mon, Jun 17, 2024 at 10:54:29AM -0400, Ed Maste wrote: >> It is currently possible to specify an IPv4 address without a >> netmask/width to ifconfig or in rc.conf, e.g.: >> >> ifconfig_igb0="192.168.0.2" >> >> phk recently discovered[1] that ifconfig chose a poor netmask/width >> when none was specified. This was not an intentional change in >> defaults but rather a bug that has now been fixed by grembo@, in >> commit 8a9f0fa42b1c and merged to stable/14 in 048ad7a9ef9f. The fix >> will be in FreeBSD 14.2. I am unsure if there will be an EN update for >> 14.0/14.1. The bug does not exist in FreeBSD 13.x. >> >> Specifying an IPv4 address without a mask/width has been deprecated >> since the deprecation of classful addressing. As of FreeBSD 13.1 >> ifconfig has emitted a warning when no mask/width is specified, and >> the intent was to make it an error after a sufficient amount of time >> passed. >> >> I've opened a Phabricator review[2] for ifconfig to change the warning >> into an error. I included a link to the review in phk's thread, and >> asked for input on timing for landing the change. As there seems to be >> consensus to include this change in FreeBSD 15.0 I plan to commit it >> soon and am sending this note to increase the visibility of the >> upcoming change. >> >> This will be prominently noted in the 15.0 release notes, and should >> be mentioned in release notes for upcoming 13.x and 14.x releases. > > Hey Ed, > > I hope I don't sound pathetically verbose here, but I just wanted to > make sure to remove any sense of ambiguity. > > Would the "netmask <value>" option still work? For example: > > # ifconfig em0 inet 192.168.0.1 netmask 255.255.255.0 > > I suspect the answer is "yes". > Yes, this affects only configs without any netmask. So 192.168.0.1/24 => ok 192.168.0.1 netmask 255.255.255.0 => ok 192.168.0.1 => deprecated now, error then Best > Thanks, > > -- > Shawn Webb > Cofounder / Security Engineer > HardenedBSD > > Tor-ified Signal: +1 303-901-1600 / shawn_webb_opsec.50 > https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc