From nobody Fri Nov 12 12:55:18 2021 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 5442A185B6CC; Fri, 12 Nov 2021 12:55:26 +0000 (UTC) (envelope-from mike@karels.net) Received: from mail.karels.net (mail.karels.net [216.160.39.52]) by mx1.freebsd.org (Postfix) with ESMTP id 4HrJTn2XrVz4n5V; Fri, 12 Nov 2021 12:55:25 +0000 (UTC) (envelope-from mike@karels.net) Received: from mail.karels.net (localhost [127.0.0.1]) by mail.karels.net (8.16.1/8.16.1) with ESMTP id 1ACCtIFY027646; Fri, 12 Nov 2021 06:55:18 -0600 (CST) (envelope-from mike@karels.net) Received: from [10.0.2.130] ([10.0.1.1]) by mail.karels.net with ESMTPSA id 96M8OTZkjmH8awAA4+wvSQ (envelope-from ); Fri, 12 Nov 2021 06:55:18 -0600 From: Mike Karels To: rgrimes@freebsd.org Cc: Gleb Smirnoff , src-committers@freebsd.org, dev-commits-src-all@freebsd.org, dev-commits-src-main@freebsd.org Subject: Re: git: 20d59403961d - main - kernel: deprecate Internet Class A/B/C Date: Fri, 12 Nov 2021 06:55:18 -0600 X-Mailer: MailMate (1.14r5818) Message-ID: <572EFCEA-C881-4442-9EAF-A06FF9B8CD6E@karels.net> In-Reply-To: <202111120112.1AC1CBTj061103@gndrsh.dnsmgr.net> References: <202111120112.1AC1CBTj061103@gndrsh.dnsmgr.net> List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-MIME-Autoconverted: from 8bit to quoted-printable by mail.karels.net id 1ACCtIFY027646 X-Rspamd-Queue-Id: 4HrJTn2XrVz4n5V X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of mike@karels.net designates 216.160.39.52 as permitted sender) smtp.mailfrom=mike@karels.net X-Spamd-Result: default: False [-1.11 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; ARC_NA(0.00)[]; FREEFALL_USER(0.00)[mike]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:216.160.39.52]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[karels.net]; NEURAL_HAM_LONG(-0.97)[-0.973]; RCPT_COUNT_FIVE(0.00)[5]; RCVD_COUNT_THREE(0.00)[3]; NEURAL_HAM_MEDIUM(-0.16)[-0.159]; NEURAL_SPAM_SHORT(0.23)[0.226]; RCVD_NO_TLS_LAST(0.10)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:209, ipnet:216.160.36.0/22, country:US]; MID_RHS_MATCH_FROM(0.00)[] X-ThisMailContainsUnwantedMimeParts: N The review for this is now https://reviews.freebsd.org/D32951. On 11 Nov 2021, at 19:12, Rodney W. Grimes wrote: > [ Charset UTF-8 unsupported, converting... ] >> I?m going to top-post my reply to highlight this question: >> It is proposed to revert the change to the default mask when setting >> an Internet interface address without a mask, returning to the use of >> the Class A/B/C mask as the default. We would still warn if there >> was no mask supplied, except on loopback and point-to-point interfaces. > > I would not have the exception on loopback or P2P. I still don=E2=80=99t know of any use or significance of the mask on loop= back or P2P interfaces, so I don=E2=80=99t know of any reason to require a mas= k. >> Does anyone object, or otherwise have comments? > > Mostly. I=E2=80=99m not sure how to interpret this. Mike >> >> On 10 Nov 2021, at 10:38, Gleb Smirnoff wrote: >> >>> On Wed, Nov 10, 2021 at 09:36:03AM -0600, Mike Karels wrote: >>> M> > The new /24 default is no better than classes. The only differen= ce >>> M> > that classes maintained POLA and new default doesn't. For exampl= e, >>> M> > in my home network I have default router 10.0.0.1 and since it i= s >>> M> > class A network on my VMs and test boxes I can type >>> M> >>> M> > # ifconfig vtnet0 10.6.6.6 >>> M> >>> M> > and that is going to work. With this change no longer. >>> M> >>> M> I suspect that /8 is by far the minority these days, even with a >>> M> "Class A" net. I also use net 10 at home, and at the last several= jobs, >>> M> but it is subnetted in each case. I would peridically add an addr= ess, >>> M> forgetting a mask, only to find that a route for 10/8 isolated the= machine. >>> >>> The 10/8 can be used at home as a huge personal address space, just l= ike >>> a /64 IPv6 prefix. All addresses added without masks and everything w= orks. >>> >>> M> That said, my main objective was to deprecate usage without a mask= , and >>> M> to warn in that case. Both the kernel and ifconfig now warn when = a default >>> M> mask is used. In the discussion on freebsd-net and in the review,= the >>> M> main thought was that masks should be required. But it isn't prac= tical to >>> M> fail and return an error with no mask, at least not without a sign= ificant >>> M> period with warnings, or some systems would stop coming up on the = network. >>> M> >>> M> One reviewer was going to comment on the /24 default, but thought = it was >>> M> better than the previous. I'm open to hearing more opinions. >>> >>> Although I don't internally agree that we really need to police peopl= e to >>> always specify masks, I would make step forward and agree with that. = So, >>> let's do print loud warning on every attempt to set IP address withou= t a >>> mask. But I can not agree that change from class based guess to /24 i= s a >>> right thing to do. A proper deprecation process goes like this: >>> >>> Step 1: Print warning, don't change legacy behavior. >>> <... people adopt ...> >>> Step 2: Return error. Remove deprecated behavior. >>> >>> What we did is that we changed behavior together with warning. The ne= w >>> behavior is neither the legacy one nor the desired one, where mask is >>> a must. Look from a user perspective: for class C nothing changed, bu= t >>> changed for A and B. >>> >>> --=20 >>> Gleb Smirnoff >> >> > > --=20 > Rod Grimes rgrimes@free= bsd.org