From nobody Thu Nov 04 14:30:25 2021 X-Original-To: freebsd-net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 522CB1829C2A for ; Thu, 4 Nov 2021 14:30:32 +0000 (UTC) (envelope-from freebsd-rwg@gndrsh.dnsmgr.net) Received: from gndrsh.dnsmgr.net (br1.CN84in.dnsmgr.net [69.59.192.140]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4HlQzD0DWrz3rQV for ; Thu, 4 Nov 2021 14:30:31 +0000 (UTC) (envelope-from freebsd-rwg@gndrsh.dnsmgr.net) Received: from gndrsh.dnsmgr.net (localhost [127.0.0.1]) by gndrsh.dnsmgr.net (8.13.3/8.13.3) with ESMTP id 1A4EUPiw029662; Thu, 4 Nov 2021 07:30:25 -0700 (PDT) (envelope-from freebsd-rwg@gndrsh.dnsmgr.net) Received: (from freebsd-rwg@localhost) by gndrsh.dnsmgr.net (8.13.3/8.13.3/Submit) id 1A4EUPOe029661; Thu, 4 Nov 2021 07:30:25 -0700 (PDT) (envelope-from freebsd-rwg) From: "Rodney W. Grimes" Message-Id: <202111041430.1A4EUPOe029661@gndrsh.dnsmgr.net> Subject: Re: netmask for loopback interfaces In-Reply-To: <202111041303.1A4D3T0r091830@donotpassgo.dyslexicfish.net> To: Jamie Landeg-Jones Date: Thu, 4 Nov 2021 07:30:25 -0700 (PDT) CC: shuriku@shurik.kiev.ua, freebsd-net@FreeBSD.org X-Mailer: ELM [version 2.4ME+ PL121h (25)] List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@freebsd.org MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII X-Rspamd-Queue-Id: 4HlQzD0DWrz3rQV X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; none X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[] X-ThisMailContainsUnwantedMimeParts: N > Oleksandr Kryvulia wrote: > > > 04.11.21 01:01, Mike Karels ?????: > > > I have a pending change to stop using class A/B/C netmasks when setting > > > an interface address without an explicit mask, and instead to use a default > > > mask (24 bits). A question has arisen as to what the default mask should > > > be for loopback interfaces. The standard 127.0.0.1 is added with an 8 bit > > > mask currently, but additions without a mask would default to 24 bits. > > > There is no warning for missing masks for loopback in the current code. > > > I'm not convinced that the mask has any meaning here; only a host route > > > to the assigned address is created. Does anyone know of any meaning or > > > use of the mask on a loopback address? > > > > > > Thanks, > > > Mike > > > > > > > /8 mask on loopback prevetnts using of 127.x.x.x network anywhere > > outside of the localhost. This described in RFC 5735 [1] and 1122 [2] > > > > [1] https://datatracker.ietf.org/doc/html/rfc5735 > > [2] https://datatracker.ietf.org/doc/html/rfc1122 > > There is a push by some people to release 127.0.0.0/8 address space, > leaving only 127.0.0.0/16 as reserved for localhost. > > https://www.spinics.net/lists/netdev/msg598545.html > > https://github.com/schoen/unicast-extensions/blob/master/127.md > > https://github.com/schoen/unicast-extensions/ > > I make no comment on the feasability of doing this! > > However, that aside, aren't you just confusing the mask with routing? > > I think the mask on any IP on a loopback interface should be /32 > (if you want to add a "127.0.0.0/8 -local" route even if done > automatically", then so be it) > > Note, the default FreeBSD firewall rules already have: > > ${fwcmd} add 100 pass all from any to any via lo0 > ${fwcmd} add 200 deny all from any to 127.0.0.0/8 > ${fwcmd} add 300 deny ip from 127.0.0.0/8 to any Which no longer work correctly since the "to 127.0.0.0/8" packets SHALL go out what ever interface the route table tells them to (often the default route), AND NOT lo0. oot {1003}# route -n get 127.1.1.1 route to: 127.1.1.1 destination: 0.0.0.0 mask: 0.0.0.0 gateway: 192.168.32.8 fib: 0 interface: em0 flags: recvpipe sendpipe ssthresh rtt,msec mtu weight expire 0 0 0 0 1500 1 0 > Cheers, Jamie -- Rod Grimes rgrimes@freebsd.org