lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Sat, 13 Jul 2019 20:57:50 -0700
From:   Paul Marks <pmarks@...gle.com>
To:     David Miller <davem@...emloft.net>
Cc:     dave.taht@...il.com, netdev@...r.kernel.org, gnu@...d.com
Subject: Re: [PATCH net-next 1/1] Allow 0.0.0.0/8 as a valid address range

On Wed, Jun 26, 2019 at 1:20 PM David Miller <davem@...emloft.net> wrote:
>
> From: Dave Taht <dave.taht@...il.com>
> Date: Sat, 22 Jun 2019 10:07:34 -0700
>
> > The longstanding prohibition against using 0.0.0.0/8 dates back
> > to two issues with the early internet.
> >
> > There was an interoperability problem with BSD 4.2 in 1984, fixed in
> > BSD 4.3 in 1986. BSD 4.2 has long since been retired.
> >
> > Secondly, addresses of the form 0.x.y.z were initially defined only as
> > a source address in an ICMP datagram, indicating "node number x.y.z on
> > this IPv4 network", by nodes that know their address on their local
> > network, but do not yet know their network prefix, in RFC0792 (page
> > 19).  This usage of 0.x.y.z was later repealed in RFC1122 (section
> > 3.2.2.7), because the original ICMP-based mechanism for learning the
> > network prefix was unworkable on many networks such as Ethernet (which
> > have longer addresses that would not fit into the 24 "node number"
> > bits).  Modern networks use reverse ARP (RFC0903) or BOOTP (RFC0951)
> > or DHCP (RFC2131) to find their full 32-bit address and CIDR netmask
> > (and other parameters such as default gateways). 0.x.y.z has had
> > 16,777,215 addresses in 0.0.0.0/8 space left unused and reserved for
> > future use, since 1989.
> >
> > This patch allows for these 16m new IPv4 addresses to appear within
> > a box or on the wire. Layer 2 switches don't care.
> >
> > 0.0.0.0/32 is still prohibited, of course.
> >
> > Signed-off-by: Dave Taht <dave.taht@...il.com>
> > Signed-off-by: John Gilmore <gnu@...d.com>
> > Acked-by: Toke Høiland-Jørgensen <toke@...hat.com>
>
> Applied, thanks for following up on this.

This breaks an undocumented feature of Linux:

$ telnet 0.0.0.1 22
Trying 0.0.0.1...
telnet: Unable to connect to remote host: Invalid argument

It's sometimes useful to put 0.x.x.x in command-line flags,
/etc/hosts, or other config files, because it forces connect() to fail
immediately, instead of sending packets and waiting for a timeout.

Given that this has been user-visible for decades, is it a good idea
to pull out the rug?

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ