From nobody Wed Jun 12 09:46:49 2024
X-Original-To: current@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Vzgg54XpJz5P6Hk
	for <current@mlmmj.nyi.freebsd.org>; Wed, 12 Jun 2024 09:46:57 +0000 (UTC)
	(envelope-from SRS0=uYUV=NO=klop.ws=ronald-lists@realworks.nl)
Received: from smtp-relay-int.realworks.nl (smtp-relay-int.realworks.nl [194.109.157.24])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mx1.freebsd.org (Postfix) with ESMTPS id 4Vzgg52YLgz4hQp
	for <current@freebsd.org>; Wed, 12 Jun 2024 09:46:57 +0000 (UTC)
	(envelope-from SRS0=uYUV=NO=klop.ws=ronald-lists@realworks.nl)
Authentication-Results: mx1.freebsd.org;
	none
Date: Wed, 12 Jun 2024 11:46:49 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=klop.ws; s=rw2;
	t=1718185609;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 in-reply-to:in-reply-to:references:references;
	bh=+VP6Q8TuLjCksNdqCDyBJ+q+W22HieAJwxUuGdSlIgk=;
	b=XDtWHBgLoSt3RZZY1ZEVpSCLmiYUsqkhPqkqPwOUxH46/DgrANmGNMIsLx+Zyfa6sXN9iI
	hW59UKteObH9GN5ql96pYMffbLqkFCKrK8CvrrGB9sA8maPnr6n8xqdH8J4iEt3vX4LSfY
	zJp5aMWvTy0hyxcp9wzmfiJlIGr1GdoOJXZIMnS2pB6yxWLp06h6wOOqez3QyssvHvsPeO
	dyk3gvu4C74fDXrFEr9+LFGzlkWmANt9DEr4dXxD6Fe96aUeTW1JjmwbSRM/Fm0eVUs1XE
	uF9eq1pQHvOFh/mrm896XE4eKhlsXe2Z8GoelrVGn2c8OsaCXHjmpNWt+qsayQ==
From: Ronald Klop <ronald-lists@klop.ws>
To: Poul-Henning Kamp <phk@phk.freebsd.dk>
Cc: current@freebsd.org
Message-ID: <413984193.6719.1718185609109@localhost>
In-Reply-To: <202406120747.45C7lRGZ009491@critter.freebsd.dk>
References: <202406120747.45C7lRGZ009491@critter.freebsd.dk>
Subject: Re: 14.1-R rc.conf/ifconfig netmask issue was really hard to figure
 out
List-Id: Discussions about the use of FreeBSD-current <freebsd-current.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-current
List-Help: <mailto:freebsd-current+help@freebsd.org>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Subscribe: <mailto:freebsd-current+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-current+unsubscribe@freebsd.org>
Sender: owner-freebsd-current@FreeBSD.org
MIME-Version: 1.0
Content-Type: multipart/alternative; 
	boundary="----=_Part_6718_235755784.1718185609092"
X-Mailer: Realworks (705.87)
Importance: Normal
X-Priority: 3 (Normal)
X-Spamd-Bar: ----
X-Rspamd-Pre-Result: action=no action;
	module=replies;
	Message is reply to one we originated
X-Spamd-Result: default: False [-4.00 / 15.00];
	REPLY(-4.00)[];
	ASN(0.00)[asn:3265, ipnet:194.109.0.0/16, country:NL]
X-Rspamd-Queue-Id: 4Vzgg52YLgz4hQp

------=_Part_6718_235755784.1718185609092
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit

Van: Poul-Henning Kamp <phk@phk.freebsd.dk>
Datum: woensdag, 12 juni 2024 09:47
Aan: current@freebsd.org
Onderwerp: 14.1-R rc.conf/ifconfig netmask issue was really hard to figure out
> 
> I had a machine with this line in /etc/rc.conf:
> 
>     ifconfig_bla0="192.168.87.11"
> 
> I found out the hard way, that this defaults to /8 now.
> 
> The main symptom was that DNS was /really/ busted, which makes sense
> when none of the DNS servers in the 192/8 "swamp" can be reached.
> 
> Since we all know that it is always DNS(SEC), I spent a lot of time
> having fun with that, before I noticed the /8 netmask on the interface.
> 
> I agree that the class A/B/C netmask assumptions should have died long ago.
> 
> But from a foot-shooting point of view, it makes no sense to default
> 192.168/16 to a /8 netmask.
> 
> If we're going to default to /8, at the very least ifconfig should
> spitting out a very noisy warning and wait 5 seconds before proceeding,
> when the netmask is not explicitly specified.
> 
> But I also think we can do better than /8.
> 
> One option is to go for "limit the damage in RFC1918" and default
> them according to their size: reach:
> 
>     10/8
>     172.16/12
>     192.168/16
> 
> That will prevent the DNS weirdness I had to figure out, and probably
> still DWIM in most cases.
> 
> Another option is to default all three to /24, which in my experience
> is how people deploy RFC1918.
> 
> A third option is to default any missing netmask to /24 instead of /8,
> which would be what I would personally have done in the first place.
> 
> Poul-Henning
> 
> -- 
> Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
> phk@FreeBSD.ORG         | TCP/IP since RFC 956
> FreeBSD committer       | BSD since 4.3-tahoe
> Never attribute to malice what can adequately be explained by incompetence.
>  
> 
> 
> 


What do you thing about defaulting to /32 on a missing netmask?
An interface with 1 IP address without any information about the network. All traffic can go to the gateway.

Regards,
Ronald.
 
------=_Part_6718_235755784.1718185609092
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit

<html><head></head><body><br>
<p><strong>Van:</strong> Poul-Henning Kamp &lt;phk@phk.freebsd.dk&gt;<br>
<strong>Datum:</strong> woensdag, 12 juni 2024 09:47<br>
<strong>Aan:</strong> current@freebsd.org<br>
<strong>Onderwerp:</strong> 14.1-R rc.conf/ifconfig netmask issue was really hard to figure out</p>

<blockquote style="padding-right: 0px; padding-left: 5px; margin-left: 5px; border-left: #000000 2px solid; margin-right: 0px">
<div class="MessageRFC822Viewer" id="P">
<div class="TextPlainViewer" id="P.P">I had a machine with this line in /etc/rc.conf:<br>
<br>
&nbsp;&nbsp;&nbsp;&nbsp;ifconfig_bla0="192.168.87.11"<br>
<br>
I found out the hard way, that this defaults to /8 now.<br>
<br>
The main symptom was that DNS was /really/ busted, which makes sense<br>
when none of the DNS servers in the 192/8 "swamp" can be reached.<br>
<br>
Since we all know that it is always DNS(SEC), I spent a lot of time<br>
having fun with that, before I noticed the /8 netmask on the interface.<br>
<br>
I agree that the class A/B/C netmask assumptions should have died long ago.<br>
<br>
But from a foot-shooting point of view, it makes no sense to default<br>
192.168/16 to a /8 netmask.<br>
<br>
If we're going to default to /8, at the very least ifconfig should<br>
spitting out a very noisy warning and wait 5 seconds before proceeding,<br>
when the netmask is not explicitly specified.<br>
<br>
But I also think we can do better than /8.<br>
<br>
One option is to go for "limit the damage in RFC1918" and default<br>
them according to their size: reach:<br>
<br>
&nbsp;&nbsp;&nbsp;&nbsp;10/8<br>
&nbsp;&nbsp;&nbsp;&nbsp;172.16/12<br>
&nbsp;&nbsp;&nbsp;&nbsp;192.168/16<br>
<br>
That will prevent the DNS weirdness I had to figure out, and probably<br>
still DWIM in most cases.<br>
<br>
Another option is to default all three to /24, which in my experience<br>
is how people deploy RFC1918.<br>
<br>
A third option is to default any missing netmask to /24 instead of /8,<br>
which would be what I would personally have done in the first place.<br>
<br>
Poul-Henning<br>
<br>
--&nbsp;<br>
Poul-Henning Kamp &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;| UNIX since Zilog Zeus 3.20<br>
phk@FreeBSD.ORG &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;| TCP/IP since RFC 956<br>
FreeBSD committer &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;| BSD since 4.3-tahoe<br>
Never attribute to malice what can adequately be explained by incompetence.<br>
&nbsp;</div>

<hr></div>
</blockquote>
<br>
<br>
What do you thing about defaulting to /32 on a missing netmask?<br>
An interface with 1 IP address without any information about the network. All traffic can go to the gateway.<br>
<br>
Regards,<br>
Ronald.<br>
&nbsp;</body></html>
------=_Part_6718_235755784.1718185609092--