[gentoo-user] Bind to 127.0.0.N for any N

[gentoo-user] Bind to 127.0.0.N for any N

[Grant Edwards]

I've just recently realized something about the "lo" interface.

You can bind a socket to any 127.0.0.N address, even though only
127.0.0.1/8 is configured in /etc/config/net, and "ip addr" only shows
127.0.0.1/8 for that interface. In the past, when I wanted to use
other 127.0.0.N address, I always added them to /etc/config/net. The
last time, I forget to do that. Later, I realized it was working
anyway. I've since removed all of the extra "lo" addresses from
/etc/config/net, and everything still works.

Apparently "lo" is special.

Perhaps I don't even need to have 127.0.0.1/8 listed in
/etc/config/net...

--
Grant

Re: [gentoo-user] Bind to 127.0.0.N for any N

[Grant Taylor]

On 1/28/21 5:38 PM, Grant Edwards wrote:
> I've just recently realized something about the "lo" interface.

I don't think this is as much about the interface as it is the routes 
that are created.  (More below.)

> You can bind a socket to any 127.0.0.N address, even though only 
> 127.0.0.1/8 is configured in /etc/config/net, and "ip addr" only shows 
> 127.0.0.1/8 for that interface.

Yes.  But for specific reasons. (...)

> In the past, when I wanted to use other 127.0.0.N address, I 
> always added them to /etc/config/net. The last time, I forget to do 
> that. Later, I realized it was working anyway. I've since removed 
> all of the extra "lo" addresses from /etc/config/net, and everything 
> still works.

Because of a very special route.

> Apparently "lo" is special.
> 
> Perhaps I don't even need to have 127.0.0.1/8 listed in 
> /etc/config/net...

I think that you still want 127.0.0.1 in /etc/config/net even if only to 
bring the interface up (a la 'ip link set dev lo up', sans IP).

I believe the ""magic that is allowing this to work is one of the four 
following routes:

# ip route show table local | grep 127.0.0 | nl
      1	broadcast 127.0.0.0 dev lo proto kernel scope link src 127.0.0.1
      2	local 127.0.0.0/8 dev lo proto kernel scope host src 127.0.0.1
      3	local 127.0.0.1 dev lo proto kernel scope host src 127.0.0.1
      4	broadcast 127.255.255.255 dev lo proto kernel scope link src 
127.0.0.1

Lines 1, 3, and 4, are typical routes.  You should have something 
similar for other IPs and devices.

But line 2 is very special.  Notice how it's assigning the entire 127/8 
to the lo device.

Reformatting the route with some white space makes it somewhat more obvious.

      2	local 127.0.0.0/8 dev lo proto kernel scope host src 127.0.0.1
      3	local 127.0.0.1   dev lo proto kernel scope host src 127.0.0.1

#3 is a more typical /host/ route.
#2 is a less typical /net/ route.

#2 actually tells the kernel that anything and everything in the 127/8 
destination network can be reached directly via the lo adapter.

This network route is more efficient than having multiple host routes to 
cover some portion of the same IP space.

My understanding -- which may be wrong, and please correct me if you 
think it is -- is that this special route (#2) is how the kernel sends 
the entire 127/8 network to the lo adapter, even if the IP addresses 
aren't bound to the adapter.

Now, as for things receiving the connections, I think it is highly 
dependent on if the thing is listening to 0.0.0.0 or specific IP 
addresses.  Because if it's listening to 0.0.0.0, I think it will 
happily serve connections to other addresses in 127/8.  If it's 
listening to explicitly 127.0.0.1, then it likely will not serve 
connections to other addresses in 127/8.

I believe the same technique can be applied to other addresses outside 
of the 127/8 network.  Though it's much less often done.  You'd most 
likely see this with a service that wants to serve for an entire /24; 
e.g. 192.0.2.0/24 while listening to 0.0.0.0.

Admittely it's been a while since I last delt with this, so I could be 
mis-remembering.  But I think the special route, #2, is at the root of 
what you're asking about.

Again, I believe you do want the 127.0.0.1 in /etc/config/net to 
actually bring the interface up.  You probably don't even need to bind 
an IP to it.  I think the kernel does the 127/8 automatically /if/ the 
interface is simply up, a la 'ip link set dev lo up'.



-- 
Grant. . . .
unix || die

[gentoo-user] Re: Bind to 127.0.0.N for any N

[Grant Edwards]

On 2021-01-29, Grant Taylor <gtaylor@gentoo.tnetconsulting.net> wrote:

> My understanding -- which may be wrong, and please correct me if you 
> think it is -- is that this special route (#2) is how the kernel sends 
> the entire 127/8 network to the lo adapter, even if the IP addresses 
> aren't bound to the adapter.

I think that's probably right. I had never used the 'ip route' command
like that and was unaware that route existed.

> Now, as for things receiving the connections, I think it is highly 
> dependent on if the thing is listening to 0.0.0.0 or specific IP 
> addresses.  Because if it's listening to 0.0.0.0, I think it will 
> happily serve connections to other addresses in 127/8.

Yes, that's correct. [I just tested it]

> If it's listening to explicitly 127.0.0.1, then it likely will not
> serve connections to other addresses in 127/8.

Also correct.

--
Grant

Re: [gentoo-user] Re: Bind to 127.0.0.N for any N

[Grant Taylor]

On 1/28/21 7:09 PM, Grant Edwards wrote:
> I think that's probably right. I had never used the 'ip route' 
> command like that and was unaware that route existed.

*nod*

iproute2 has supplanted the venerable net-tools (or whatever it's 
called); ifconfig, route, netstat, etc.

I sort of put pressure on my self to start using them 20 years ago, and 
largely failed.  It wasn't until about 5-10 years ago when I started 
doing things with ip that couldn't be done with other older commands 
that I started succeeding in migrating over to iproute2 for 90% of what 
I do.

Admittedly, I still periodically find myself using ifconfig for quick 
status.  All things I can get from ip, but not as readily handy.

Ironically, I've found myself doing / planning to do things within the 
last six months that iproute2 can't / won't do; DECnet, IPX, and AX.25/ROSE.

> Yes, that's correct. [I just tested it]
> 
> Also correct.

Thank you for confirming.

P.S. I tip my hat at your name.  ;-)



-- 
Grant. . . .
unix || die

[gentoo-user] Re: Bind to 127.0.0.N for any N

[Grant Edwards]

On 2021-01-29, Grant Taylor <gtaylor@gentoo.tnetconsulting.net> wrote:

> iproute2 has supplanted the venerable net-tools (or whatever it's
> called); ifconfig, route, netstat, etc.

My brain knows that. My fingers only partially so.

> I sort of put pressure on my self to start using them 20 years ago,
> and largely failed.  It wasn't until about 5-10 years ago when I
> started doing things with ip that couldn't be done with other older
> commands that I started succeeding in migrating over to iproute2 for
> 90% of what I do.

I now manage to use 'ip addr' instead of ifconfig _most_ of the
time. I still almost always use 'route' instead of of 'ip route'. I
figure in another 20 years, I will have managed a complete transition.

> Ironically, I've found myself doing / planning to do things within
> the last six months that iproute2 can't / won't do; DECnet, IPX, and
> AX.25/ROSE.

And I didn't even know computer museums were hiring.

> P.S. I tip my hat at your name.  ;-)

:)

It can be a bit disorienting when I see an unfamiliar message signed
by Grant. For many decades, I only ran into one other Grant, and then
in the 90's I'd occasionally hear a toddler being called Grant. Around
here, it looks like there was a "Grant" peak in 1995:

https://www.startribune.com/how-popular-is-your-name-in-minnesota/506438731/?name=Grant

--
Grant

Re: [gentoo-user] Re: Bind to 127.0.0.N for any N

[Grant Taylor]

On 1/29/21 6:37 AM, Grant Edwards wrote:
> My brain knows that. My fingers only partially so.

I *completely* understand.

> I now manage to use 'ip addr' instead of ifconfig _most_ of the 
> time. I still almost always use 'route' instead of of 'ip route'. I 
> figure in another 20 years, I will have managed a complete transition.

Interestingly enough, routing is one of the things that pushed me to 
using iproute2.  Specifically things related to policy based routing 
(PBR) and multi-path routing.  It's my understanding that the 
traditional route command can't handle either of these.

> And I didn't even know computer museums were hiring.

Nope.

It's just personal hobbies.

> :)
> 
> It can be a bit disorienting when I see an unfamiliar message signed 
> by Grant.

Yep.

More than once I've seen a message from "Grant" and thought "but I 
didn't write...oh!".



-- 
Grant. . . .
unix || die