Re: netmask for loopback interfaces

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Mike Karels <mike_at_karels.net>
Date: Thu, 04 Nov 2021 13:56:40 UTC
Jamie wrote:

> Oleksandr Kryvulia <shuriku@shurik.kiev.ua> wrote:

> > 04.11.21 01:01, Mike Karels wrote:
> > > I have a pending change to stop using class A/B/C netmasks when setting
> > > an interface address without an explicit mask, and instead to use a default
> > > mask (24 bits).  A question has arisen as to what the default mask should
> > > be for loopback interfaces.  The standard 127.0.0.1 is added with an 8 bit
> > > mask currently, but additions without a mask would default to 24 bits.
> > > There is no warning for missing masks for loopback in the current code.
> > > I'm not convinced that the mask has any meaning here; only a host route
> > > to the assigned address is created.  Does anyone know of any meaning or
> > > use of the mask on a loopback address?
> > >
> > > Thanks,
> > > 		Mike
> > >
> >
> > /8 mask on loopback prevetnts using of 127.x.x.x network anywhere 
> > outside of the localhost. This described in RFC 5735 [1] and 1122 [2]
> >
> > [1] https://datatracker.ietf.org/doc/html/rfc5735
> > [2] https://datatracker.ietf.org/doc/html/rfc1122

It's true that 127/8 is currently reserved, but that isn't enforced
by FreeBSD using the mask on the interface.  Such packets are prevented
from forwarding by in_canforward(), which in turn uses IN_LOOPBACK().
The latter uses a compiled-in 8-bit mask.

> There is a push by some people to release 127.0.0.0/8 address space,
> leaving only 127.0.0.0/16 as reserved for localhost.

> https://www.spinics.net/lists/netdev/msg598545.html

> https://github.com/schoen/unicast-extensions/blob/master/127.md

> https://github.com/schoen/unicast-extensions/

> I make no comment on the feasability of doing this!

> However, that aside, aren't you just confusing the mask with routing?

The two masks (interface and route) are separate, but the routing mask
is set from the interface mask for most interfaces (broadcast or NBMA,
but not loopback or point-to-point).  The interface mask is visible to
user level, including routing daemons.  But I think it would be wrong
for a routing daemon to infer anything from the mask on a loopback
route.  But the reason for my question was to find out if there is
anything that uses the interface mask in this case, and thus whether
a change in the default matters.

> I think the mask on any IP on a loopback interface should be /32
> (if you want to add a "127.0.0.0/8 -local" route even if done
> automatically", then so be it)

Using /32 on loopback is not a bad idea.  /etc/network.subr is wired
to 127.0.0.1/8 currently.  I don't think I'll change it in this pass
though.

> Note, the default FreeBSD firewall rules already have:

>     ${fwcmd} add 100 pass all from any to any via lo0
>     ${fwcmd} add 200 deny all from any to 127.0.0.0/8
>     ${fwcmd} add 300 deny ip from 127.0.0.0/8 to any

If you use the default rules...

		Mike