Date: Thu, 04 Nov 2021 08:56:40 -0500 From: Mike Karels <mike@karels.net> To: Jamie Landeg-Jones <jamie@catflap.org> Cc: shuriku@shurik.kiev.ua, freebsd-net@FreeBSD.org Subject: Re: netmask for loopback interfaces Message-ID: <202111041356.1A4DueIJ078223@mail.karels.net> In-Reply-To: Your message of Thu, 04 Nov 2021 13:03:29 -0000. <202111041303.1A4D3T0r091830@donotpassgo.dyslexicfish.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Jamie wrote: > Oleksandr Kryvulia <shuriku@shurik.kiev.ua> wrote: > > 04.11.21 01:01, Mike Karels wrote: > > > I have a pending change to stop using class A/B/C netmasks when sett= ing > > > an interface address without an explicit mask, and instead to use a = default > > > mask (24 bits). A question has arisen as to what the default mask s= hould > > > be for loopback interfaces. The standard 127.0.0.1 is added with an= 8 bit > > > mask currently, but additions without a mask would default to 24 bit= s. > > > There is no warning for missing masks for loopback in the current co= de. > > > I'm not convinced that the mask has any meaning here; only a host ro= ute > > > to the assigned address is created. Does anyone know of any meaning= or > > > use of the mask on a loopback address? > > > > > > Thanks, > > > Mike > > > > > > > /8 mask on loopback prevetnts using of 127.x.x.x network anywhere = > > outside of the localhost. This described in RFC 5735 [1] and 1122 [2] > > > > [1] https://datatracker.ietf.org/doc/html/rfc5735 > > [2] https://datatracker.ietf.org/doc/html/rfc1122 It's true that 127/8 is currently reserved, but that isn't enforced by FreeBSD using the mask on the interface. Such packets are prevented from forwarding by in_canforward(), which in turn uses IN_LOOPBACK(). The latter uses a compiled-in 8-bit mask. > There is a push by some people to release 127.0.0.0/8 address space, > leaving only 127.0.0.0/16 as reserved for localhost. > https://www.spinics.net/lists/netdev/msg598545.html > https://github.com/schoen/unicast-extensions/blob/master/127.md > https://github.com/schoen/unicast-extensions/ > I make no comment on the feasability of doing this! > However, that aside, aren't you just confusing the mask with routing? The two masks (interface and route) are separate, but the routing mask is set from the interface mask for most interfaces (broadcast or NBMA, but not loopback or point-to-point). The interface mask is visible to user level, including routing daemons. But I think it would be wrong for a routing daemon to infer anything from the mask on a loopback route. But the reason for my question was to find out if there is anything that uses the interface mask in this case, and thus whether a change in the default matters. > I think the mask on any IP on a loopback interface should be /32 > (if you want to add a "127.0.0.0/8 -local" route even if done > automatically", then so be it) Using /32 on loopback is not a bad idea. /etc/network.subr is wired to 127.0.0.1/8 currently. I don't think I'll change it in this pass though. > Note, the default FreeBSD firewall rules already have: > ${fwcmd} add 100 pass all from any to any via lo0 > ${fwcmd} add 200 deny all from any to 127.0.0.0/8 > ${fwcmd} add 300 deny ip from 127.0.0.0/8 to any If you use the default rules... Mike
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202111041356.1A4DueIJ078223>