Re: allow 240/4 in various network daemons

Tom Smyth Fri, 06 May 2022 05:29:14 -0700

I would agree with the diff.. @claudio  (for what it is worth)

in principle 240.0.0.0/4 was reserved for future use in the past...
so  changing that today makes sense to me ...



On Fri, 6 May 2022 at 13:20, Claudio Jeker <cje...@diehard.n-r-g.com> wrote:
>
> On Thu, May 05, 2022 at 11:37:24AM +0200, Claudio Jeker wrote:
> > So most routing daemons and other network daemons like pppd do not allow
> > 240/4 as IPs because they check the IP against IN_BADCLASS().
> > I think it is time to remove this restriction.
> >
> > Now there is another magical network 0.0.0.0/8 which is not allowed in
> > some but not all of the routing daemons. Not sure if that should be
> > removed or blocked in all daemons.
>
> The discussion about this diff totally derailed so lets try again. Anyone
> wants to OK this?
>
> --
> :wq Claudio
>
> Index: usr.sbin/bgpd/kroute.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/bgpd/kroute.c,v
> retrieving revision 1.244
> diff -u -p -r1.244 kroute.c
> --- usr.sbin/bgpd/kroute.c      8 Mar 2022 12:58:57 -0000       1.244
> +++ usr.sbin/bgpd/kroute.c      5 May 2022 08:48:27 -0000
> @@ -1448,12 +1448,11 @@ kr_redistribute(int type, struct ktable
>                 return;
>
>         /*
> -        * We consider the loopback net, multicast and experimental addresses
> +        * We consider the loopback net and multicast addresses
>          * as not redistributable.
>          */
>         a = ntohl(kr->prefix.s_addr);
> -       if (IN_MULTICAST(a) || IN_BADCLASS(a) ||
> -           (a >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET)
> +       if (IN_MULTICAST(a) || (a >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET)
>                 return;
>
>         /* Check if the nexthop is the loopback addr. */
> Index: usr.sbin/bgpd/rde.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/bgpd/rde.c,v
> retrieving revision 1.544
> diff -u -p -r1.544 rde.c
> --- usr.sbin/bgpd/rde.c 22 Mar 2022 10:53:08 -0000      1.544
> +++ usr.sbin/bgpd/rde.c 5 May 2022 08:48:49 -0000
> @@ -1790,10 +1790,10 @@ bad_flags:
>                 UPD_READ(&nexthop.v4.s_addr, p, plen, 4);
>                 /*
>                  * Check if the nexthop is a valid IP address. We consider
> -                * multicast and experimental addresses as invalid.
> +                * multicast addresses as invalid.
>                  */
>                 tmp32 = ntohl(nexthop.v4.s_addr);
> -               if (IN_MULTICAST(tmp32) || IN_BADCLASS(tmp32)) {
> +               if (IN_MULTICAST(tmp32)) {
>                         rde_update_err(peer, ERR_UPDATE, ERR_UPD_NEXTHOP,
>                             op, len);
>                         return (-1);
> Index: usr.sbin/eigrpd/util.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/eigrpd/util.c,v
> retrieving revision 1.10
> diff -u -p -r1.10 util.c
> --- usr.sbin/eigrpd/util.c      7 Dec 2018 08:40:54 -0000       1.10
> +++ usr.sbin/eigrpd/util.c      5 May 2022 08:53:31 -0000
> @@ -224,7 +224,7 @@ bad_addr_v4(struct in_addr addr)
>
>         if (((a >> IN_CLASSA_NSHIFT) == 0) ||
>             ((a >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET) ||
> -           IN_MULTICAST(a) || IN_BADCLASS(a))
> +           IN_MULTICAST(a))
>                 return (1);
>
>         return (0);
> Index: usr.sbin/ldpd/util.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/ldpd/util.c,v
> retrieving revision 1.5
> diff -u -p -r1.5 util.c
> --- usr.sbin/ldpd/util.c        7 Dec 2018 08:40:54 -0000       1.5
> +++ usr.sbin/ldpd/util.c        5 May 2022 08:54:03 -0000
> @@ -223,7 +223,7 @@ bad_addr_v4(struct in_addr addr)
>
>         if (((a >> IN_CLASSA_NSHIFT) == 0) ||
>             ((a >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET) ||
> -           IN_MULTICAST(a) || IN_BADCLASS(a))
> +           IN_MULTICAST(a))
>                 return (1);
>
>         return (0);
> Index: usr.sbin/mrouted/inet.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/mrouted/inet.c,v
> retrieving revision 1.6
> diff -u -p -r1.6 inet.c
> --- usr.sbin/mrouted/inet.c     21 Apr 2013 06:42:43 -0000      1.6
> +++ usr.sbin/mrouted/inet.c     5 May 2022 08:57:09 -0000
> @@ -36,7 +36,6 @@ inet_valid_host(u_int32_t naddr)
>      addr = ntohl(naddr);
>
>      return (!(IN_MULTICAST(addr) ||
> -             IN_BADCLASS (addr) ||
>               (addr & 0xff000000) == 0));
>  }
>
> @@ -83,7 +82,7 @@ inet_valid_subnet(u_int32_t nsubnet, u_i
>             (subnet & 0xff000000) == 0x7f000000 ||
>             (subnet & 0xff000000) == 0x00000000) return (FALSE);
>      }
> -    else if (IN_CLASSD(subnet) || IN_BADCLASS(subnet)) {
> +    else if (IN_CLASSD(subnet)) {
>         /* Above Class C address space */
>         return (FALSE);
>      }
> Index: usr.sbin/ospfd/kroute.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/ospfd/kroute.c,v
> retrieving revision 1.114
> diff -u -p -r1.114 kroute.c
> --- usr.sbin/ospfd/kroute.c     20 Aug 2020 03:09:28 -0000      1.114
> +++ usr.sbin/ospfd/kroute.c     5 May 2022 08:54:30 -0000
> @@ -565,12 +565,11 @@ kr_redist_eval(struct kroute *kr, struct
>                 goto dont_redistribute;
>
>         /*
> -        * We consider the loopback net, multicast and experimental addresses
> +        * We consider the loopback net and multicast addresses
>          * as not redistributable.
>          */
>         a = ntohl(kr->prefix.s_addr);
> -       if (IN_MULTICAST(a) || IN_BADCLASS(a) ||
> -           (a >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET)
> +       if (IN_MULTICAST(a) || (a >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET)
>                 goto dont_redistribute;
>         /*
>          * Consider networks with nexthop loopback as not redistributable
> Index: usr.sbin/pppd/auth.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/pppd/auth.c,v
> retrieving revision 1.39
> diff -u -p -r1.39 auth.c
> --- usr.sbin/pppd/auth.c        17 Nov 2017 20:48:30 -0000      1.39
> +++ usr.sbin/pppd/auth.c        5 May 2022 09:01:51 -0000
> @@ -1120,7 +1120,7 @@ bad_ip_adrs(addr)
>  {
>      addr = ntohl(addr);
>      return (addr >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET
> -       || IN_MULTICAST(addr) || IN_BADCLASS(addr);
> +       || IN_MULTICAST(addr);
>  }
>
>  /*
> Index: usr.sbin/ripd/kroute.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/ripd/kroute.c,v
> retrieving revision 1.34
> diff -u -p -r1.34 kroute.c
> --- usr.sbin/ripd/kroute.c      11 Dec 2019 21:04:59 -0000      1.34
> +++ usr.sbin/ripd/kroute.c      5 May 2022 08:54:46 -0000
> @@ -357,12 +357,11 @@ dont_redistribute:
>                 return;
>
>         /*
> -        * We consider the loopback net, multicast and experimental addresses
> +        * We consider the loopback net and multicast addresses
>          * as not redistributable.
>          */
>         a = ntohl(kr->prefix.s_addr);
> -       if (IN_MULTICAST(a) || IN_BADCLASS(a) ||
> -           (a >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET)
> +       if (IN_MULTICAST(a) || (a >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET)
>                 return;
>         /*
>          * Consider networks with nexthop loopback as not redistributable
>


-- 
Kindest regards,
Tom Smyth.

Re: allow 240/4 in various network daemons

Reply via email to