From nobody Thu Jul 21 16:51:27 2022
X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4LpdrR3Ghtz4X3KW;
	Thu, 21 Jul 2022 16:51:35 +0000 (UTC)
	(envelope-from mike@karels.net)
Received: from mail.karels.net (mail.karels.net [216.160.39.52])
	by mx1.freebsd.org (Postfix) with ESMTP id 4LpdrR0Mnjz3CDW;
	Thu, 21 Jul 2022 16:51:35 +0000 (UTC)
	(envelope-from mike@karels.net)
Received: from mail.karels.net (localhost [127.0.0.1])
	by mail.karels.net (8.16.1/8.16.1) with ESMTP id 26LGpSI7003769;
	Thu, 21 Jul 2022 11:51:28 -0500 (CDT)
	(envelope-from mike@karels.net)
Received: from [10.0.2.130] ([10.0.1.1])
	by mail.karels.net with ESMTPSA
	id WB5WARCE2WK3DgAA4+wvSQ
	(envelope-from <mike@karels.net>); Thu, 21 Jul 2022 11:51:28 -0500
From: Mike Karels <mike@karels.net>
To: rgrimes@freebsd.org
Cc: Mike Karels <karels@freebsd.org>, src-committers@freebsd.org,
        dev-commits-src-all@freebsd.org, dev-commits-src-main@freebsd.org
Subject: Re: git: fb8ef16bab0d - main - IPv4: correct limit on loopback_prefix
Date: Thu, 21 Jul 2022 11:51:27 -0500
X-Mailer: MailMate (1.14r5895)
Message-ID: <80467AB6-DB3E-44CA-A67F-A246420014B5@karels.net>
In-Reply-To: <202207211621.26LGLkNn078062@gndrsh.dnsmgr.net>
References: <202207211621.26LGLkNn078062@gndrsh.dnsmgr.net>
List-Id: Commit messages for all branches of the src repository <dev-commits-src-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all
List-Help: <mailto:dev-commits-src-all+help@freebsd.org>
List-Post: <mailto:dev-commits-src-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-all+unsubscribe@freebsd.org>
Sender: owner-dev-commits-src-all@freebsd.org
X-BeenThere: dev-commits-src-all@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
X-Spamd-Bar: ----
Authentication-Results: mx1.freebsd.org;
	none
X-Rspamd-Queue-Id: 4LpdrR0Mnjz3CDW
X-Rspamd-Pre-Result: action=no action;
	module=replies;
	Message is reply to one we originated
X-Spamd-Result: default: False [-4.00 / 15.00];
	REPLY(-4.00)[]
X-ThisMailContainsUnwantedMimeParts: N

On 21 Jul 2022, at 11:21, Rodney W. Grimes wrote:

>> The branch main has been updated by karels:
>>
>> URL: https://cgit.FreeBSD.org/src/commit/?id=3Dfb8ef16bab0d23e185deed5=
a6b2e44e72ad53d43
>>
>> commit fb8ef16bab0d23e185deed5a6b2e44e72ad53d43
>> Author:     Mike Karels <karels@FreeBSD.org>
>> AuthorDate: 2022-07-21 13:10:15 +0000
>> Commit:     Mike Karels <karels@FreeBSD.org>
>> CommitDate: 2022-07-21 14:38:17 +0000
>>
>>     IPv4: correct limit on loopback_prefix
>>
>>     Commit efe58855f3ea allowed the net.inet.ip.loopback_prefix value
>>     to be 32.  However, with a 32-bit mask, 127.0.0.1 is not included
>>     in the reserved loopback range, which should not be allowed.
>>     Change the max prefix length to 31.
>
> Hummm... 127.0.0.1/32 specifices exactly and ONLY 127.0.0.1, and
> this should be fine.  Looking at the mask calculated below with
> loopback_prefix=3D32 this should yeild a mask of 0xffffffff, which
> appears to be exactly what is correct.  What DOES become an issue
> when /32 is used is that the loopback ROUTE 127.0.0.0/32 is wrong
> now, but then with a /32 you dont need a network route, as you
> should have a host route to exactly 127.0.0.1.
>
> Can you be more descriptive on what problem arrose with /32?

You are thinking about this the way I did originally; but the mask
doesn=E2=80=99t apply to 127.0.0.1 directly.  The test is

#define IN_LOOPBACK(i) \
    (((in_addr_t)(i) & V_in_loopback_mask) =3D=3D 0x7f000000)

So if considering whether to forward 127.0.0.1, we=E2=80=99ll incorrectly=

say it=E2=80=99s OK if the prefixlen is 32 (mask of 255.255.255.255).
In that case, only 127.0.0.0 is considered loopback.

John Gilmore pointed out the problem.

		Mike
>> ---
>>  sys/netinet/in.c | 2 +-
>>  1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/sys/netinet/in.c b/sys/netinet/in.c
>> index c3880c4ba983..1c44623bdec1 100644
>> --- a/sys/netinet/in.c
>> +++ b/sys/netinet/in.c
>> @@ -297,7 +297,7 @@ sysctl_loopback_prefixlen(SYSCTL_HANDLER_ARGS)
>>  	error =3D sysctl_handle_int(oidp, &preflen, 0, req);
>>  	if (error || !req->newptr)
>>  		return (error);
>> -	if (preflen < 8 || preflen > 32)
>> +	if (preflen < 8 || preflen > 31)
>>  		return (EINVAL);
>>  	V_in_loopback_mask =3D 0xffffffff << (32 - preflen);
>>  	return (0);
>>
>
> -- =

> Rod Grimes                                                 rgrimes@free=
bsd.org