From nobody Thu Nov 04 13:03:29 2021 X-Original-To: freebsd-net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 00B30183EC05 for ; Thu, 4 Nov 2021 13:03:33 +0000 (UTC) (envelope-from jamie@catflap.org) Received: from donotpassgo.dyslexicfish.net (donotpassgo.dyslexicfish.net [IPv6:2001:19f0:300:2185:123::1]) by mx1.freebsd.org (Postfix) with ESMTP id 4HlP2r6RP8z4nHn for ; Thu, 4 Nov 2021 13:03:32 +0000 (UTC) (envelope-from jamie@catflap.org) Received: from donotpassgo.dyslexicfish.net (donotpassgo.dyslexicfish.net [104.207.135.49]) by donotpassgo.dyslexicfish.net (8.14.5/8.14.5) with ESMTP id 1A4D3V22091831; Thu, 4 Nov 2021 13:03:31 GMT (envelope-from jamie@donotpassgo.dyslexicfish.net) Received: (from jamie@localhost) by donotpassgo.dyslexicfish.net (8.14.5/8.14.5/Submit) id 1A4D3T0r091830; Thu, 4 Nov 2021 13:03:29 GMT (envelope-from jamie) From: Jamie Landeg-Jones Message-Id: <202111041303.1A4D3T0r091830@donotpassgo.dyslexicfish.net> Date: Thu, 04 Nov 2021 13:03:29 +0000 Organization: Dyslexic Fish To: shuriku@shurik.kiev.ua, freebsd-net@FreeBSD.org Subject: Re: netmask for loopback interfaces References: <202111032301.1A3N121R075694@mail.karels.net> <3244c917-d08a-c72b-5b5a-f74233cf47f5@shurik.kiev.ua> In-Reply-To: <3244c917-d08a-c72b-5b5a-f74233cf47f5@shurik.kiev.ua> User-Agent: Heirloom mailx 12.4 7/29/08 List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.2.7 (donotpassgo.dyslexicfish.net [104.207.135.49]); Thu, 04 Nov 2021 13:03:31 +0000 (GMT) X-Rspamd-Queue-Id: 4HlP2r6RP8z4nHn X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; none X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[] X-ThisMailContainsUnwantedMimeParts: N Oleksandr Kryvulia wrote: > 04.11.21 01:01, Mike Karels пишет: > > I have a pending change to stop using class A/B/C netmasks when setting > > an interface address without an explicit mask, and instead to use a default > > mask (24 bits). A question has arisen as to what the default mask should > > be for loopback interfaces. The standard 127.0.0.1 is added with an 8 bit > > mask currently, but additions without a mask would default to 24 bits. > > There is no warning for missing masks for loopback in the current code. > > I'm not convinced that the mask has any meaning here; only a host route > > to the assigned address is created. Does anyone know of any meaning or > > use of the mask on a loopback address? > > > > Thanks, > > Mike > > > > /8 mask on loopback prevetnts using of 127.x.x.x network anywhere > outside of the localhost. This described in RFC 5735 [1] and 1122 [2] > > [1] https://datatracker.ietf.org/doc/html/rfc5735 > [2] https://datatracker.ietf.org/doc/html/rfc1122 There is a push by some people to release 127.0.0.0/8 address space, leaving only 127.0.0.0/16 as reserved for localhost. https://www.spinics.net/lists/netdev/msg598545.html https://github.com/schoen/unicast-extensions/blob/master/127.md https://github.com/schoen/unicast-extensions/ I make no comment on the feasability of doing this! However, that aside, aren't you just confusing the mask with routing? I think the mask on any IP on a loopback interface should be /32 (if you want to add a "127.0.0.0/8 -local" route even if done automatically", then so be it) Note, the default FreeBSD firewall rules already have: ${fwcmd} add 100 pass all from any to any via lo0 ${fwcmd} add 200 deny all from any to 127.0.0.0/8 ${fwcmd} add 300 deny ip from 127.0.0.0/8 to any Cheers, Jamie