Date: Mon, 17 Jun 2024 20:40:17 +0200 From: Michael Gmelin <grembo@freebsd.org> To: Shawn Webb <shawn.webb@hardenedbsd.org> Cc: Ed Maste <emaste@freebsd.org>, FreeBSD Current <freebsd-current@freebsd.org> Subject: Re: Heads-up: ifconfig address without a mask/width to become an error Message-ID: <108590EB-1A14-4565-86FD-120C6CA4F007@freebsd.org> In-Reply-To: <qolms2iusi6gubkn4nq2yim3e3gchy2qge3jpihyhb5h4ye2ec@ls7doe4pkft4> References: <qolms2iusi6gubkn4nq2yim3e3gchy2qge3jpihyhb5h4ye2ec@ls7doe4pkft4>
next in thread | previous in thread | raw e-mail | index | archive | help
> On 17. Jun 2024, at 20:34, Shawn Webb <shawn.webb@hardenedbsd.org> wrote: >=20 > =EF=BB=BFOn Mon, Jun 17, 2024 at 10:54:29AM -0400, Ed Maste wrote: >> It is currently possible to specify an IPv4 address without a >> netmask/width to ifconfig or in rc.conf, e.g.: >>=20 >> ifconfig_igb0=3D"192.168.0.2" >>=20 >> phk recently discovered[1] that ifconfig chose a poor netmask/width >> when none was specified. This was not an intentional change in >> defaults but rather a bug that has now been fixed by grembo@, in >> commit 8a9f0fa42b1c and merged to stable/14 in 048ad7a9ef9f. The fix >> will be in FreeBSD 14.2. I am unsure if there will be an EN update for >> 14.0/14.1. The bug does not exist in FreeBSD 13.x. >>=20 >> Specifying an IPv4 address without a mask/width has been deprecated >> since the deprecation of classful addressing. As of FreeBSD 13.1 >> ifconfig has emitted a warning when no mask/width is specified, and >> the intent was to make it an error after a sufficient amount of time >> passed. >>=20 >> I've opened a Phabricator review[2] for ifconfig to change the warning >> into an error. I included a link to the review in phk's thread, and >> asked for input on timing for landing the change. As there seems to be >> consensus to include this change in FreeBSD 15.0 I plan to commit it >> soon and am sending this note to increase the visibility of the >> upcoming change. >>=20 >> This will be prominently noted in the 15.0 release notes, and should >> be mentioned in release notes for upcoming 13.x and 14.x releases. >=20 > Hey Ed, >=20 > I hope I don't sound pathetically verbose here, but I just wanted to > make sure to remove any sense of ambiguity. >=20 > Would the "netmask <value>" option still work? For example: >=20 > # ifconfig em0 inet 192.168.0.1 netmask 255.255.255.0 >=20 > I suspect the answer is "yes". >=20 Yes, this affects only configs without any netmask. So 192.168.0.1/24 =3D> ok 192.168.0.1 netmask 255.255.255.0 =3D> ok 192.168.0.1 =3D> deprecated now, error then Best > Thanks, >=20 > --=20 > Shawn Webb > Cofounder / Security Engineer > HardenedBSD >=20 > Tor-ified Signal: +1 303-901-1600 / shawn_webb_opsec.50 > https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03= A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?108590EB-1A14-4565-86FD-120C6CA4F007>