From owner-freebsd-net@freebsd.org Wed May 30 21:35:55 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id ABA80F701FA for ; Wed, 30 May 2018 21:35:55 +0000 (UTC) (envelope-from dch@skunkwerks.at) Received: from out1-smtp.messagingengine.com (out1-smtp.messagingengine.com [66.111.4.25]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 554FB7BAA4 for ; Wed, 30 May 2018 21:35:54 +0000 (UTC) (envelope-from dch@skunkwerks.at) Received: from compute7.internal (compute7.nyi.internal [10.202.2.47]) by mailout.nyi.internal (Postfix) with ESMTP id 11A7221B3E for ; Wed, 30 May 2018 17:35:54 -0400 (EDT) Received: from web6 ([10.202.2.216]) by compute7.internal (MEProxy); Wed, 30 May 2018 17:35:54 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=skunkwerks.at; h=content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc; s=fm2; bh=bgYH0wo/lA/eSdVu821PlAA/gYC0R jhPXunlmMI6hkY=; b=G6OvweOfJRAZmr58B6RKCbCHy8bnbNW5RwSiFTtZka2zb FtPdu6FNdDkXEWx6FWIiy2GpjQhzRn4m3NCNbX8xSIhPpZZXmNGRwVwjYeBj0Usj TOnSjDvLVFB9RTHC3Ueq3YSTGYKWta/XXRmyAH+qJ0Drw59zc8bd0YI947blJwVJ UhSLwW3fU6UKN2UIvohIJ2iIrmNHJL5SvPOCQkgDXJgf8WtW/LjIopaSEWRlAYki 4fvNoJRb/3dLPL9DQSRqzyywfYkb6Dyl6FBt/EGo0Ewtc17zQp62Qoqkb36UcAtr 7Esyuz/ERJRrr1z5H6mmB2aKs0jzSgdUJjOpFmSAg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=bgYH0w o/lA/eSdVu821PlAA/gYC0RjhPXunlmMI6hkY=; b=me7LZSItA/xJzY2/TXYMqr swMiVPRe5IQf0IcMftpnEONwdcC5cMzjqNLl7bNFytSfgvmh1jcIRGN5PBR3+mQK jkXeKIThWl2m4SNwnVv7rP2JciJ4mTZ6sLawMPL3ANkGVupbPiwnDCjg7xoyWezF LJ+NJp1bp1rHEqHU+jwLUiThDnMdBK8t61GWWlpLkRxh1msa8xGoxH+uifDYw01G MB0S9TejRNi24/9QEkH/HEgKILsS/pJ08PlJuxq7huNdhnxqFzjXOEOc5tPwFc1m HRQUNfeSc+hBcpAYA9vLOFKxkanjDi6acmTNfBOq7q8lBAneC+iKUth8xrZC0uSQ == X-ME-Proxy: X-ME-Proxy: X-ME-Proxy: X-ME-Proxy: X-ME-Proxy: X-ME-Proxy: X-ME-Sender: Received: by mailuser.nyi.internal (Postfix, from userid 99) id C77294196; Wed, 30 May 2018 17:35:53 -0400 (EDT) Message-Id: <1527716153.582028.1390935528.1D317B9B@webmail.messagingengine.com> From: Dave Cottlehuber To: freebsd-net@freebsd.org MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="utf-8" X-Mailer: MessagingEngine.com Webmail Interface - ajax-397f98d6 References: <201805301546.w4UFk659072611@pdx.rh.CN85.dnsmgr.net> Subject: Re: 'no route to host" for cloned lo1 iface 12.0-CURRENT r334376+56a973815425(master) amd64 Date: Wed, 30 May 2018 23:35:53 +0200 In-Reply-To: <201805301546.w4UFk659072611@pdx.rh.CN85.dnsmgr.net> X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 May 2018 21:35:56 -0000 On Wed, 30 May 2018, at 17:46, Rodney W. Grimes wrote: > > > > > > ifconfig_lo1_aliases="inet 10.241.0.0-15/16" > > > > > > lo1: flags=8049 metric 0 mtu 16384 > > > > > > inet 10.241.0.0 netmask 0xffff0000 > > > > > > inet 10.241.0.1 netmask 0xffffffff > > > > > > inet 10.241.0.2 netmask 0xffffffff Thanks Rod, Andreas, Herbert for your help! Back at a proper computer now. I think there are 2 things; invalid IP (see end for some interesting notes), and also expansion of ifconfig__aliases. # ifconfig_$(if)_aliases This is my config: > cloned_interfaces="lo1" > ifconfig_lo1_aliases="inet 10.24 1.0.0-15/16" But, I *don't* have a line like this: > ifconfig_lo1="inet 10.241.0.0/16" and if I add it and bump the range to 10.241.0.1/16, then all is well again and ping $DODGY_IP works again, but I get 2 entries with /16 mask: inet 10.241.0.0 netmask 0xffff0000 inet 10.241.0.1 netmask 0xffff0000 inet 10.241.0.2 netmask 0xffffffff So the solution seems to be this, to keep the 0xfff0000 to just 1 IP: > cloned_interfaces="lo1" > ifconfig_lo1="inet 10.241.0.0/16" > ifconfig_lo1_aliases="inet 10.24 1.0.0-15/16" Presumably I've copy-pasted this a long time ago and never questioned it. I checked several random websites, and there are quite a few skipping `ifconfig_lo1`, using just the aliases, and mainly with jail configs, so I guess this change will catch other people too. I'm not sure what's changed, as nothing recent in /etc/rc.d or /etc/network.subr commits seems related. What's the best option here? Just a doc patch saying you can't use aliases without a prior ifconfig_ ? # invalid IP TLDR 10.241.0.0/16 is technically not a valid host IP but it has obviously worked in the past. I've been binding 10.241.0.1-15 to jail IPs, and abusing 10.241.0.0 as the "magic ip" that is bound to net/haproxy or spiped in the host system to broker exernal connections into the jail IP ranges from external internet. I will rectify my configuration but I will miss the symmetry :-) https://tools.ietf.org/html/rfc1122#section-3.3.6 is the closest description I could find for this. Interestingly, they blame 4.2BSD for this and say it's addressed since 4.3: ## 3.3.6 Broadcasts Section 3.2.1.3 defined the four standard IP broadcast address forms: Limited Broadcast: {-1, -1} Directed Broadcast: {,-1} Subnet Directed Broadcast: {,,-1} All-Subnets Directed Broadcast: {,-1,-1} A host MUST recognize any of these forms in the destination address of an incoming datagram. There is a class of hosts* that use non-standard broadcast address forms, substituting 0 for -1. All hosts SHOULD recognize and accept any of these non-standard broadcast addresses as the destination address of an incoming datagram. _________________________ *4.2BSD Unix and its derivatives, but not 4.3BSD.