From owner-freebsd-net@freebsd.org Thu May 31 06:41:47 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E822FF7E23A for ; Thu, 31 May 2018 06:41:46 +0000 (UTC) (envelope-from andrnils@gmail.com) Received: from mail-lf0-x233.google.com (mail-lf0-x233.google.com [IPv6:2a00:1450:4010:c07::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4159E73322 for ; Thu, 31 May 2018 06:41:46 +0000 (UTC) (envelope-from andrnils@gmail.com) Received: by mail-lf0-x233.google.com with SMTP id t134-v6so8038265lff.6 for ; Wed, 30 May 2018 23:41:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=X39gax4RFR6ModUSE6bNEoNelov1oaa39p3zBKUAp2w=; b=VXnSCr4iHcKghuHFBBlrjXlMRh7/qSXnrh9cLOOVL+KnodxXSf2ZWnTRb7hNdqNc78 atwOVw6hMbDEzhKzXFjgAFgKhcZzYJ3+d5I0qbZ6GYt0IcUk/E+JTEVrbWpVj1c/MjnF /9aQMK7YkZO+bSPMYe9JzmtpyOgGaflUMhZWqQPgu5yURoB4rer4WAWjl6zaL2//6NB8 k3jmZQMFYBklfL2EOmF3dOUdF0s5t48LKKCx73Eu+4/jb6MtAOy/jzZtBZkU3dVJ99v3 UbukZmfevKJs0enO7d8vVPXDCTO5fD0vWfURi/3H+BqS3FtY4beUxSFD/z6vZ2mGitIH 8EJw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=X39gax4RFR6ModUSE6bNEoNelov1oaa39p3zBKUAp2w=; b=j2tn/nFRboBLOyLoH1zh9ZCSjFCsU4C6T6mwfffk9z0HBIyb+ZEON6ncj8Vr8lBGNk iylwU2bQCKjcNbFIxh8Xx0oH/AA7r3aB9Z0URPM4aFuFYQfnm2Cyx89h/a1vAQAcTQzk j7p7gtRvVqKzSHYO8d40eU2ra41A0q2jqdOQ+RtlJfA8Sh0Xpodb3ppnE8XxC6rINzek jeijZgAWlAiyC9gbg6EAXB8awOa0kqqH1l4Oz5FJwjQ0+6nKhhiaKOdGQHOsx7nw7GxH K6iRNq4MtAnISa+WJ5LK0VaNK/R9dCJrfKiOPbgjUpE7sqe0iQTmjmffrUH1gNHV++6X aJ5Q== X-Gm-Message-State: ALKqPwfosyeiKH7JNkRtRvfeoHj9ece+niCkWjyc+1uZq2dS7EdbF9sp B3xS1SvrOoEVcC6Qu9s0jEQi1GoUOO/ZBf61MBw= X-Google-Smtp-Source: ADUXVKKDcPF/0EF3i8rMSWPuHkYpriit/3JEgcUMNeak4GOj3wTa1kLXkzAeDEgh2q5qa5CT2jrqsGdn2yghWuqEiTY= X-Received: by 2002:a19:cf46:: with SMTP id f67-v6mr3393055lfg.101.1527748904852; Wed, 30 May 2018 23:41:44 -0700 (PDT) MIME-Version: 1.0 References: <1527716153.582028.1390935528.1D317B9B@webmail.messagingengine.com> <201805302211.w4UMBWTb073856@pdx.rh.CN85.dnsmgr.net> In-Reply-To: <201805302211.w4UMBWTb073856@pdx.rh.CN85.dnsmgr.net> From: Andreas Nilsson Date: Thu, 31 May 2018 08:41:33 +0200 Message-ID: Subject: Re: 'no route to host" for cloned lo1 iface 12.0-CURRENT r334376+56a973815425(master) amd64 To: "Rodney W. Grimes" Cc: Dave Cottlehuber , FreeBSD Net Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.26 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 May 2018 06:41:47 -0000 On Thu, May 31, 2018, 00:13 Rodney W. Grimes < freebsd-rwg@pdx.rh.cn85.dnsmgr.net> wrote: > > On Wed, 30 May 2018, at 17:46, Rodney W. Grimes wrote: > > > > > > > > ifconfig_lo1_aliases=3D"inet 10.241.0.0-15/16" > > > > > > > > > > lo1: flags=3D8049 metric 0 m= tu > 16384 > > > > > > > > inet 10.241.0.0 netmask 0xffff0000 > > > > > > > > inet 10.241.0.1 netmask 0xffffffff > > > > > > > > inet 10.241.0.2 netmask 0xffffffff > > > > Thanks Rod, Andreas, Herbert for your help! Back at a proper computer > now. > > > > I think there are 2 things; invalid IP (see end for some interesting > notes), and also expansion of ifconfig__aliases. > > > > # ifconfig_$(if)_aliases > > > > This is my config: > > > > > cloned_interfaces=3D"lo1" > > > ifconfig_lo1_aliases=3D"inet 10.24 1.0.0-15/16" > I am not even sure that parses???? > > > > > But, I *don't* have a line like this: > > > > > ifconfig_lo1=3D"inet 10.241.0.0/16" > > This should be an error, or as per rfc treated as > "10.241.255.255/16" which should also be an error. > > > > > and if I add it and bump the range to 10.241.0.1/16, then all is well > again and ping $DODGY_IP works again, but I get 2 entries with /16 mask: > > > > inet 10.241.0.0 netmask 0xffff0000 > This should not be allowed. > > > inet 10.241.0.1 netmask 0xffff0000 > This is correct. > > > inet 10.241.0.2 netmask 0xffffffff > > > > So the solution seems to be this, to keep the 0xfff0000 to just 1 IP: > > > > > cloned_interfaces=3D"lo1" > > > ifconfig_lo1=3D"inet 10.241.0.0/16" > > > ifconfig_lo1_aliases=3D"inet 10.24 1.0.0-15/16" > How about cloned_interfaces=3D"lo1" ifconfig_lo1=3D"inet 10.241.0.0/16=E2=80=9D ifconfig_lo1_aliases=3D"10.241.0.1-15/32=E2=80=9D There is one other way, but I need to get to a computer to verify it. > > > Presumably I've copy-pasted this a long time ago and never questioned > it. I checked several random websites, and there are quite a few skipping > `ifconfig_lo1`, using just the aliases, and mainly with jail configs, so = I > guess this change will catch other people too. > > > > I'm not sure what's changed, as nothing recent in /etc/rc.d or > /etc/network.subr commits seems related. What's the best option here? > > > > Just a doc patch saying you can't use aliases without a prior > ifconfig_ ? > > I do not believe that needs to be a requirement. > > > > > # invalid IP > > > > TLDR 10.241.0.0/16 is technically not a valid host IP but it has > obviously worked in the past. > Yes, and that working in the past is bad, > probably need to see how far back this bug goes. > Eeekks.. it goes back to at least 5.4 which means > it is bad behavior we are probably going to have to fix. :-( > > > I've been binding 10.241.0.1-15 to jail IPs, and abusing 10.241.0.0 as > the "magic ip" that is bound to net/haproxy or spiped in the host system = to > broker exernal connections into the jail IP ranges from external internet= . > I will rectify my configuration but I will miss the symmetry :-) > > > > https://tools.ietf.org/html/rfc1122#section-3.3.6 is the closest > description I could find for this. Interestingly, they blame 4.2BSD for > this and say it's addressed since 4.3: > > > > ## 3.3.6 Broadcasts > ^^^^^^^^^^ > This is not the all 0's host value, but the all 1's host value, > these rules are VERY well known and enforced. I am actually > amazed that this use of 0 has not been RFC'ed out of existance, > as far as I know all the other stuff says that the 0th host > on a network is reserved for indicating the Network. > > If you look at all the tables on cidr and such they say > the valid host ranges are 1 to (END - 1) Leaving out > the host part value of 0. > Well, setting up point-to-point links for bgp and stuff it happens frequently that /31s are used to conserve ip space, which is sort of equivalent to having host ip of .0. > > > Section 3.2.1.3 defined the four standard IP broadcast address > > forms: > > Limited Broadcast: {-1, -1} > > Directed Broadcast: {,-1} > > Subnet Directed Broadcast: > > {,,-1} > > All-Subnets Directed Broadcast: {,-1,-1} > > A host MUST recognize any of these forms in the destination > > address of an incoming datagram. > > There is a class of hosts* that use non-standard broadcast > > address forms, substituting 0 for -1. All hosts SHOULD > ^^^^^^ > > recognize and accept any of these non-standard broadcast > ^^^^^^^^^^^ > > addresses as the destination address of an incoming datagram. > > Ok, so we *SHOULD* be mapping the 10.241.0.0 to 10.241.255.255 which > should of caused ALL the hosts on that subnet to respond to the ping. > > Someone want to investiage linux on this one? > > > _________________________ > > *4.2BSD Unix and its derivatives, but not 4.3BSD. > > -- > Rod Grimes > rgrimes@freebsd.org > _______________________________________________ > freebsd-net@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >