From nobody Thu Jul 21 17:21:32 2022
X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4LpfW32vXFz4X6BM;
	Thu, 21 Jul 2022 17:21:35 +0000 (UTC)
	(envelope-from freebsd@gndrsh.dnsmgr.net)
Received: from gndrsh.dnsmgr.net (br1.CN84in.dnsmgr.net [69.59.192.140])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(Client did not present a certificate)
	by mx1.freebsd.org (Postfix) with ESMTPS id 4LpfW26GLCz3FkD;
	Thu, 21 Jul 2022 17:21:34 +0000 (UTC)
	(envelope-from freebsd@gndrsh.dnsmgr.net)
Received: from gndrsh.dnsmgr.net (localhost [127.0.0.1])
	by gndrsh.dnsmgr.net (8.13.3/8.13.3) with ESMTP id 26LHLWeq078430;
	Thu, 21 Jul 2022 10:21:32 -0700 (PDT)
	(envelope-from freebsd@gndrsh.dnsmgr.net)
Received: (from freebsd@localhost)
	by gndrsh.dnsmgr.net (8.13.3/8.13.3/Submit) id 26LHLWwa078429;
	Thu, 21 Jul 2022 10:21:32 -0700 (PDT)
	(envelope-from freebsd)
From: "Rodney W. Grimes" <freebsd@gndrsh.dnsmgr.net>
Message-Id: <202207211721.26LHLWwa078429@gndrsh.dnsmgr.net>
Subject: Re: git: fb8ef16bab0d - main - IPv4: correct limit on loopback_prefix
In-Reply-To: <80467AB6-DB3E-44CA-A67F-A246420014B5@karels.net>
To: Mike Karels <mike@karels.net>
Date: Thu, 21 Jul 2022 10:21:32 -0700 (PDT)
CC: rgrimes@freebsd.org, Mike Karels <karels@freebsd.org>,
        src-committers@freebsd.org, dev-commits-src-all@freebsd.org,
        dev-commits-src-main@freebsd.org
Reply-To: rgrimes@freebsd.org
X-Mailer: ELM [version 2.4ME+ PL121h (25)]
List-Id: Commit messages for the main branch of the src repository <dev-commits-src-main.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main
List-Help: <mailto:dev-commits-src-main+help@freebsd.org>
List-Post: <mailto:dev-commits-src-main@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-main+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-main+unsubscribe@freebsd.org>
Sender: owner-dev-commits-src-main@freebsd.org
X-BeenThere: dev-commits-src-main@freebsd.org
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=US-ASCII
X-Spamd-Bar: ----
Authentication-Results: mx1.freebsd.org;
	none
X-Rspamd-Queue-Id: 4LpfW26GLCz3FkD
X-Rspamd-Pre-Result: action=no action;
	module=replies;
	Message is reply to one we originated
X-Spamd-Result: default: False [-4.00 / 15.00];
	REPLY(-4.00)[]
X-ThisMailContainsUnwantedMimeParts: N

> On 21 Jul 2022, at 11:21, Rodney W. Grimes wrote:
> 
> >> The branch main has been updated by karels:
> >>
> >> URL: https://cgit.FreeBSD.org/src/commit/?id=fb8ef16bab0d23e185deed5a6b2e44e72ad53d43
> >>
> >> commit fb8ef16bab0d23e185deed5a6b2e44e72ad53d43
> >> Author:     Mike Karels <karels@FreeBSD.org>
> >> AuthorDate: 2022-07-21 13:10:15 +0000
> >> Commit:     Mike Karels <karels@FreeBSD.org>
> >> CommitDate: 2022-07-21 14:38:17 +0000
> >>
> >>     IPv4: correct limit on loopback_prefix
> >>
> >>     Commit efe58855f3ea allowed the net.inet.ip.loopback_prefix value
> >>     to be 32.  However, with a 32-bit mask, 127.0.0.1 is not included
> >>     in the reserved loopback range, which should not be allowed.
> >>     Change the max prefix length to 31.
> >
> > Hummm... 127.0.0.1/32 specifices exactly and ONLY 127.0.0.1, and
> > this should be fine.  Looking at the mask calculated below with
> > loopback_prefix=32 this should yeild a mask of 0xffffffff, which
> > appears to be exactly what is correct.  What DOES become an issue
> > when /32 is used is that the loopback ROUTE 127.0.0.0/32 is wrong
> > now, but then with a /32 you dont need a network route, as you
> > should have a host route to exactly 127.0.0.1.
> >
> > Can you be more descriptive on what problem arrose with /32?
> 
> You are thinking about this the way I did originally; but the mask
> doesn?t apply to 127.0.0.1 directly.  The test is
> 
> #define IN_LOOPBACK(i) \
>     (((in_addr_t)(i) & V_in_loopback_mask) == 0x7f000000)
> 
> So if considering whether to forward 127.0.0.1, we?ll incorrectly
> say it?s OK if the prefixlen is 32 (mask of 255.255.255.255).
> In that case, only 127.0.0.0 is considered loopback.
> 
> John Gilmore pointed out the problem.

I see this issue now, but something is bugging me about
being forced to use a /31 when a /32 *would* work if the
0x7f000000 was actually 0x7f000001, but that fails for
other cases.

Note oddly the code would work with /32 if I decided to use
127.0.0.0/32 as the IP address on lo0 so should the expression
become:

#define IN_LOOPBACK(i) \
    (((in_addr_t)(i) & V_in_loopback_mask) == (0x7f000001 & V_in_loopback_mask))

> 
> 		Mike
> >> ---
> >>  sys/netinet/in.c | 2 +-
> >>  1 file changed, 1 insertion(+), 1 deletion(-)
> >>
> >> diff --git a/sys/netinet/in.c b/sys/netinet/in.c
> >> index c3880c4ba983..1c44623bdec1 100644
> >> --- a/sys/netinet/in.c
> >> +++ b/sys/netinet/in.c
> >> @@ -297,7 +297,7 @@ sysctl_loopback_prefixlen(SYSCTL_HANDLER_ARGS)
> >>  	error = sysctl_handle_int(oidp, &preflen, 0, req);
> >>  	if (error || !req->newptr)
> >>  		return (error);
> >> -	if (preflen < 8 || preflen > 32)
> >> +	if (preflen < 8 || preflen > 31)
> >>  		return (EINVAL);
> >>  	V_in_loopback_mask = 0xffffffff << (32 - preflen);
> >>  	return (0);
> >>
> >
> > -- 
> > Rod Grimes                                                 rgrimes@freebsd.org
> 
> 

-- 
Rod Grimes                                                 rgrimes@freebsd.org