fix: use /32 host netmask for loopback aliases to stop mDNSResponder storm#21
fix: use /32 host netmask for loopback aliases to stop mDNSResponder storm#21kriszyp wants to merge 1 commit into
Conversation
…storm setup-loopback.sh created each 127.0.0.x alias with the implicit class-A /8 netmask, so every alias claimed the entire 127.0.0.0/8 network. At large pool counts (e.g. 254) the overlapping-subnet interface addresses drive macOS mDNSResponder's address-conflict defense (PacketRRConflict) into an O(n^2) storm — pinning a CPU core and flooding port 5353 with loopback mDNS announcements. Configuring each alias with a host /32 netmask removes the subnet overlap; measured 254 aliases /8 => ~65% CPU vs 254 /32 => ~0%. Also remove any pre-existing alias before re-adding so re-running the script converts a machine still configured with the old /8 aliases. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
There was a problem hiding this comment.
Code Review
This pull request updates the loopback setup script on macOS to use a host (/32) netmask instead of the default class-A (/8) netmask, resolving a CPU-pinning issue in mDNSResponder caused by overlapping subnets. It also updates the README to document this change. Feedback on the changes suggests appending || true to the ifconfig -alias command to prevent the script from exiting prematurely under set -e if the alias does not already exist.
| # Remove any pre-existing alias first so re-running this converts a machine previously | ||
| # configured with the old /8 aliases; ifconfig alias on an existing address does not | ||
| # reliably reset its netmask. The `-alias` is a harmless no-op if the address is absent. | ||
| sudo ifconfig lo0 -alias 127.0.0.$i 2>/dev/null |
There was a problem hiding this comment.
If this script is executed in an environment where set -e is enabled (which is common in CI/CD pipelines or when sourced/wrapped by other scripts), the script will exit immediately on the first iteration if the alias does not already exist, because ifconfig lo0 -alias returns a non-zero exit status when the alias is absent.\n\nTo prevent this, append || true to the command so that it always evaluates to a successful exit status.
| sudo ifconfig lo0 -alias 127.0.0.$i 2>/dev/null | |
| sudo ifconfig lo0 -alias 127.0.0.$i 2>/dev/null || true |
Summary
scripts/setup-loopback.shnow configures each127.0.0.xloopback alias with a host (/32) netmask instead of the implicit class-A (/8), and removes any pre-existing alias before re-adding it (so re-running converts a machine still on the old/8aliases).Why
With the implicit
/8mask, every alias claims to own the entire127.0.0.0/8network. At large pool counts the overlapping-subnet interface addresses drive macOSmDNSResponder's address-conflict defense (PacketRRConflict) into an O(n²) storm — pinning a CPU core and flooding UDP/5353 with loopback mDNS announcements. Diagnosed on a dev machine where the pool had been set up withCOUNT≈254.Empirically measured on macOS (same box, same run):
/8/32A
/32host route removes the subnet overlap, so there's no conflict cascade even at the full 254-address pool — no reduction in pool capacity or change to test-isolation semantics.Where to look
ifconfiginvocation inscripts/setup-loopback.sh:38. Worth a sanity check on two points: the macOSifconfig lo0 alias <ip> netmask 255.255.255.255 upsyntax (verified on the box — the alias reports0xffffffff), and the idempotent-aliasline (harmless no-op when the address is absent). This is macOS/BSD-specific; Linux CI doesn't run this script (all of 127/8 is routable there by default).Generated by an LLM (Claude Opus 4.8). The
/32fix was validated empirically as above rather than by cross-model code review, given it's a one-line shell-config change.