Date: Mon, 17 Jun 2024 18:33:44 +0000 From: Shawn Webb <shawn.webb@hardenedbsd.org> To: Ed Maste <emaste@freebsd.org> Cc: FreeBSD Current <freebsd-current@freebsd.org> Subject: Re: Heads-up: ifconfig address without a mask/width to become an error Message-ID: <qolms2iusi6gubkn4nq2yim3e3gchy2qge3jpihyhb5h4ye2ec@ls7doe4pkft4> In-Reply-To: <CAPyFy2AkVrwhPUNjrAM_aGprkJLJzEVcjV_9k7akAV=zVV%2BbFg@mail.gmail.com> References: <CAPyFy2AkVrwhPUNjrAM_aGprkJLJzEVcjV_9k7akAV=zVV%2BbFg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--trxhggq75bjp7vod Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Jun 17, 2024 at 10:54:29AM -0400, Ed Maste wrote: > It is currently possible to specify an IPv4 address without a > netmask/width to ifconfig or in rc.conf, e.g.: >=20 > ifconfig_igb0=3D"192.168.0.2" >=20 > phk recently discovered[1] that ifconfig chose a poor netmask/width > when none was specified. This was not an intentional change in > defaults but rather a bug that has now been fixed by grembo@, in > commit 8a9f0fa42b1c and merged to stable/14 in 048ad7a9ef9f. The fix > will be in FreeBSD 14.2. I am unsure if there will be an EN update for > 14.0/14.1. The bug does not exist in FreeBSD 13.x. >=20 > Specifying an IPv4 address without a mask/width has been deprecated > since the deprecation of classful addressing. As of FreeBSD 13.1 > ifconfig has emitted a warning when no mask/width is specified, and > the intent was to make it an error after a sufficient amount of time > passed. >=20 > I've opened a Phabricator review[2] for ifconfig to change the warning > into an error. I included a link to the review in phk's thread, and > asked for input on timing for landing the change. As there seems to be > consensus to include this change in FreeBSD 15.0 I plan to commit it > soon and am sending this note to increase the visibility of the > upcoming change. >=20 > This will be prominently noted in the 15.0 release notes, and should > be mentioned in release notes for upcoming 13.x and 14.x releases. Hey Ed, I hope I don't sound pathetically verbose here, but I just wanted to make sure to remove any sense of ambiguity. Would the "netmask <value>" option still work? For example: # ifconfig em0 inet 192.168.0.1 netmask 255.255.255.0 I suspect the answer is "yes". Thanks, --=20 Shawn Webb Cofounder / Security Engineer HardenedBSD Tor-ified Signal: +1 303-901-1600 / shawn_webb_opsec.50 https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A= 4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc --trxhggq75bjp7vod Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEA6TL67gupaZ9nzhT/y5nonf44foFAmZwgYgACgkQ/y5nonf4 4fpWag//R94G1dIMVguw1kJ7xjZTPGGXDpaPFDGQojfcqTP0e5iH2QeFEvNwOM5W gDGQRaf9rk5/gepcujxjvYQBSC5p80+Ykf3rWTgRvjnq70LWYbkCziIwcAtnlybE 0uWuabYaXPcNaL1dv2ADWeMLWQGmM/keS9DY/7jN2hsFY94AUkl2dpush6Fx8/i5 gyDrzTfbSptZjXQnXOE9yKpuGUPbJz2bDHIDNrxBzfQUxiyKN5sHvah3yfsnMUGo 7N8DoHuCpMeRfSnUSgnN1lHfXkqWgN1uWb+WPOLSZqm9uv9Nn7mZkIY/efUSwDtn EcGeJ4y4hcPin0sBsA9mcOimekMjfSE5yYudgpviTccfEgPltQB/bnn0pqt5UYj9 iB+k8lfbq7tvbqeHfd5+WEFc+G9Qx1Wkucz89HoCrcfqNXGWuiebo1cJygJrMcs1 TxR+tDn7kfliCCklcg6nk7Jk4q8QCl7MOfxNI6wwPq0b2tiSsWiK1YnnMPM8lEYB knAFAPact4A18fbnyabfh3U6SR9OCoutlD732Qv2njfpH7q2e4XQgwLbwvVRCAYy weU9uw8P+bGSWksQAIg1c5V74aRahfkoNcYc+aKXcolMvFh4xRgOPTbdybPMVoI5 17qOX3UBtZQVQw4jld6Q56AZbpxx15iYHGabTzIcrTvJ0fXxy98= =bjH4 -----END PGP SIGNATURE----- --trxhggq75bjp7vod--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?qolms2iusi6gubkn4nq2yim3e3gchy2qge3jpihyhb5h4ye2ec>