Date: Thu, 4 Nov 2021 07:30:25 -0700 (PDT) From: "Rodney W. Grimes" <freebsd-rwg@gndrsh.dnsmgr.net> To: Jamie Landeg-Jones <jamie@catflap.org> Cc: shuriku@shurik.kiev.ua, freebsd-net@FreeBSD.org Subject: Re: netmask for loopback interfaces Message-ID: <202111041430.1A4EUPOe029661@gndrsh.dnsmgr.net> In-Reply-To: <202111041303.1A4D3T0r091830@donotpassgo.dyslexicfish.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> Oleksandr Kryvulia <shuriku@shurik.kiev.ua> wrote: > > > 04.11.21 01:01, Mike Karels ?????: > > > I have a pending change to stop using class A/B/C netmasks when setting > > > an interface address without an explicit mask, and instead to use a default > > > mask (24 bits). A question has arisen as to what the default mask should > > > be for loopback interfaces. The standard 127.0.0.1 is added with an 8 bit > > > mask currently, but additions without a mask would default to 24 bits. > > > There is no warning for missing masks for loopback in the current code. > > > I'm not convinced that the mask has any meaning here; only a host route > > > to the assigned address is created. Does anyone know of any meaning or > > > use of the mask on a loopback address? > > > > > > Thanks, > > > Mike > > > > > > > /8 mask on loopback prevetnts using of 127.x.x.x network anywhere > > outside of the localhost. This described in RFC 5735 [1] and 1122 [2] > > > > [1] https://datatracker.ietf.org/doc/html/rfc5735 > > [2] https://datatracker.ietf.org/doc/html/rfc1122 > > There is a push by some people to release 127.0.0.0/8 address space, > leaving only 127.0.0.0/16 as reserved for localhost. > > https://www.spinics.net/lists/netdev/msg598545.html > > https://github.com/schoen/unicast-extensions/blob/master/127.md > > https://github.com/schoen/unicast-extensions/ > > I make no comment on the feasability of doing this! > > However, that aside, aren't you just confusing the mask with routing? > > I think the mask on any IP on a loopback interface should be /32 > (if you want to add a "127.0.0.0/8 -local" route even if done > automatically", then so be it) > > Note, the default FreeBSD firewall rules already have: > > ${fwcmd} add 100 pass all from any to any via lo0 > ${fwcmd} add 200 deny all from any to 127.0.0.0/8 > ${fwcmd} add 300 deny ip from 127.0.0.0/8 to any Which no longer work correctly since the "to 127.0.0.0/8" packets SHALL go out what ever interface the route table tells them to (often the default route), AND NOT lo0. oot {1003}# route -n get 127.1.1.1 route to: 127.1.1.1 destination: 0.0.0.0 mask: 0.0.0.0 gateway: 192.168.32.8 fib: 0 interface: em0 flags: <UP,GATEWAY,DONE,STATIC> recvpipe sendpipe ssthresh rtt,msec mtu weight expire 0 0 0 0 1500 1 0 > Cheers, Jamie -- Rod Grimes rgrimes@freebsd.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202111041430.1A4EUPOe029661>