On Wed, 30 May 2018, at 17:46, Rodney W. Grimes wrote: > > > > > > ifconfig_lo1_aliases="inet 10.241.0.0-15/16"
> > > > > > lo1: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384 > > > > > > inet 10.241.0.0 netmask 0xffff0000 > > > > > > inet 10.241.0.1 netmask 0xffffffff > > > > > > inet 10.241.0.2 netmask 0xffffffff Thanks Rod, Andreas, Herbert for your help! Back at a proper computer now. I think there are 2 things; invalid IP (see end for some interesting notes), and also expansion of ifconfig_<if>_aliases. # ifconfig_$(if)_aliases This is my config: > cloned_interfaces="lo1" > ifconfig_lo1_aliases="inet 10.24 1.0.0-15/16" But, I *don't* have a line like this: > ifconfig_lo1="inet 10.241.0.0/16" and if I add it and bump the range to 10.241.0.1/16, then all is well again and ping $DODGY_IP works again, but I get 2 entries with /16 mask: inet 10.241.0.0 netmask 0xffff0000 inet 10.241.0.1 netmask 0xffff0000 inet 10.241.0.2 netmask 0xffffffff So the solution seems to be this, to keep the 0xfff0000 to just 1 IP: > cloned_interfaces="lo1" > ifconfig_lo1="inet 10.241.0.0/16" > ifconfig_lo1_aliases="inet 10.24 1.0.0-15/16" Presumably I've copy-pasted this a long time ago and never questioned it. I checked several random websites, and there are quite a few skipping `ifconfig_lo1`, using just the aliases, and mainly with jail configs, so I guess this change will catch other people too. I'm not sure what's changed, as nothing recent in /etc/rc.d or /etc/network.subr commits seems related. What's the best option here? Just a doc patch saying you can't use aliases without a prior ifconfig_<if> ? # invalid IP TLDR 10.241.0.0/16 is technically not a valid host IP but it has obviously worked in the past. I've been binding 10.241.0.1-15 to jail IPs, and abusing 10.241.0.0 as the "magic ip" that is bound to net/haproxy or spiped in the host system to broker exernal connections into the jail IP ranges from external internet. I will rectify my configuration but I will miss the symmetry :-) https://tools.ietf.org/html/rfc1122#section-3.3.6 is the closest description I could find for this. Interestingly, they blame 4.2BSD for this and say it's addressed since 4.3: ## 3.3.6 Broadcasts Section 3.2.1.3 defined the four standard IP broadcast address forms: Limited Broadcast: {-1, -1} Directed Broadcast: {<Network-number>,-1} Subnet Directed Broadcast: {<Network-number>,<Subnet-number>,-1} All-Subnets Directed Broadcast: {<Network-number>,-1,-1} A host MUST recognize any of these forms in the destination address of an incoming datagram. There is a class of hosts* that use non-standard broadcast address forms, substituting 0 for -1. All hosts SHOULD recognize and accept any of these non-standard broadcast addresses as the destination address of an incoming datagram. _________________________ *4.2BSD Unix and its derivatives, but not 4.3BSD. _______________________________________________ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
