From owner-freebsd-stable  Mon Sep 24  9:42:59 2001
Delivered-To: freebsd-stable@freebsd.org
Received: from warez.scriptkiddie.org (uswest-dsl-142-38.cortland.com [209.162.142.38])
	by hub.freebsd.org (Postfix) with ESMTP id A031F37B41D
	for <freebsd-stable@FreeBSD.ORG>; Mon, 24 Sep 2001 09:42:53 -0700 (PDT)
Received: from [192.168.69.11] (unknown [192.168.69.11])
	by warez.scriptkiddie.org (Postfix) with ESMTP
	id 3F73462D01; Mon, 24 Sep 2001 09:42:53 -0700 (PDT)
Date: Mon, 24 Sep 2001 09:43:42 -0700 (PDT)
From: Lamont Granquist <lamont@scriptkiddie.org>
To: Joe Abley <jabley@automagic.org>
Cc: Juha Saarinen <juha@saarinen.org>,
	'Andrew Reilly' <areilly@bigpond.net.au>,
	<freebsd-stable@FreeBSD.ORG>
Subject: Re: 127/8 continued
In-Reply-To: <20010924070102.I4205@buffoon.automagic.org>
Message-ID: <20010924094048.X5906-100000@coredump.scriptkiddie.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-stable.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-stable>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-stable>
X-Loop: FreeBSD.ORG



On Mon, 24 Sep 2001, Joe Abley wrote:
> On Mon, Sep 24, 2001 at 07:16:00PM +1200, Juha Saarinen wrote:
> > :: Those packets are _supposed_ to get back to this host.  That's
> > :: what loopback is for.
> >
> > Yes, I think the RFCs make a point of this.
>
> RFC1122 also says, in the same paragraph, "addresses of this form
> MUST NOT appear outside the host."

This is what we're talking about.  Right now if you take a vanilla FBSD
box a 'ping 127.1.1.1' will be routed to the default router.

> Installing a null covering route for 127/8 with the blackhole bit
> set seems a good way of preventing addresses with a destination
> within 127/8 from being sent out on a non-loopback interface, without
> resorting to nasty hacks which make address handling on the loopback
> interface different to every other interface. It is also consistent
> with the robustness principle.
>
>   route add 127.0.0.0 -netmask 255.0.0.0 -iface lo0 -blackhole

It seems that 127.0.0.1 works when you do this, as do aliases that you add
to the lo0 interface.  Works for me.

> But, whatever. This is hardly a monumental requirement worth bickering
> over.

Its worth getting right though.  Keep the surprises minimal.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message