From nobody Wed Jun 12 07:47:27 2024 X-Original-To: current@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Vzd1P36pQz5Nx13 for ; Wed, 12 Jun 2024 07:47:37 +0000 (UTC) (envelope-from phk@critter.freebsd.dk) Received: from phk.freebsd.dk (phk.freebsd.dk [130.225.244.222]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4Vzd1N55nRz4TS6 for ; Wed, 12 Jun 2024 07:47:36 +0000 (UTC) (envelope-from phk@critter.freebsd.dk) Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of phk@critter.freebsd.dk designates 130.225.244.222 as permitted sender) smtp.mailfrom=phk@critter.freebsd.dk Received: from critter.freebsd.dk (unknown [192.168.55.3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by phk.freebsd.dk (Postfix) with ESMTPS id B0410892F8 for ; Wed, 12 Jun 2024 07:47:27 +0000 (UTC) Received: from critter.freebsd.dk (localhost [127.0.0.1]) by critter.freebsd.dk (8.18.1/8.16.1) with ESMTPS id 45C7lRmS009492 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO) for ; Wed, 12 Jun 2024 07:47:27 GMT (envelope-from phk@critter.freebsd.dk) Received: (from phk@localhost) by critter.freebsd.dk (8.18.1/8.16.1/Submit) id 45C7lRGZ009491; Wed, 12 Jun 2024 07:47:27 GMT (envelope-from phk) Message-Id: <202406120747.45C7lRGZ009491@critter.freebsd.dk> To: current@freebsd.org Subject: 14.1-R rc.conf/ifconfig netmask issue was really hard to figure out From: Poul-Henning Kamp List-Id: Discussions about the use of FreeBSD-current List-Archive: https://lists.freebsd.org/archives/freebsd-current List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-current@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <9489.1718178447.1@critter.freebsd.dk> Date: Wed, 12 Jun 2024 07:47:27 +0000 X-Spamd-Bar: -- X-Spamd-Result: default: False [-2.95 / 15.00]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_MEDIUM(-0.98)[-0.976]; NEURAL_HAM_SHORT(-0.97)[-0.973]; FORGED_SENDER(0.30)[phk@phk.freebsd.dk,phk@critter.freebsd.dk]; R_SPF_ALLOW(-0.20)[+mx]; MIME_GOOD(-0.10)[text/plain]; MID_RHS_MATCH_FROMTLD(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; FREEFALL_USER(0.00)[phk]; ASN(0.00)[asn:1835, ipnet:130.225.0.0/16, country:EU]; MISSING_XM_UA(0.00)[]; MIME_TRACE(0.00)[0:+]; R_DKIM_NA(0.00)[]; MLMMJ_DEST(0.00)[current@freebsd.org]; DMARC_NA(0.00)[freebsd.dk]; FROM_NEQ_ENVFROM(0.00)[phk@phk.freebsd.dk,phk@critter.freebsd.dk]; FROM_HAS_DN(0.00)[]; RCVD_COUNT_THREE(0.00)[3]; TO_DN_NONE(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[current@freebsd.org]; TO_MATCH_ENVRCPT_ALL(0.00)[]; RCVD_TLS_LAST(0.00)[]; ARC_NA(0.00)[] X-Rspamd-Queue-Id: 4Vzd1N55nRz4TS6 I had a machine with this line in /etc/rc.conf: ifconfig_bla0="192.168.87.11" I found out the hard way, that this defaults to /8 now. The main symptom was that DNS was /really/ busted, which makes sense when none of the DNS servers in the 192/8 "swamp" can be reached. Since we all know that it is always DNS(SEC), I spent a lot of time having fun with that, before I noticed the /8 netmask on the interface. I agree that the class A/B/C netmask assumptions should have died long ago. But from a foot-shooting point of view, it makes no sense to default 192.168/16 to a /8 netmask. If we're going to default to /8, at the very least ifconfig should spitting out a very noisy warning and wait 5 seconds before proceeding, when the netmask is not explicitly specified. But I also think we can do better than /8. One option is to go for "limit the damage in RFC1918" and default them according to their size: reach: 10/8 172.16/12 192.168/16 That will prevent the DNS weirdness I had to figure out, and probably still DWIM in most cases. Another option is to default all three to /24, which in my experience is how people deploy RFC1918. A third option is to default any missing netmask to /24 instead of /8, which would be what I would personally have done in the first place. Poul-Henning -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence.