Date: Wed, 13 Feb 2002 15:57:33 -0800 From: Terry Lambert <tlambert2@mindspring.com> To: Ruslan Ermilov <ru@FreeBSD.ORG> Cc: Garrett Wollman <wollman@khavrinen.lcs.mit.edu>, current@FreeBSD.ORG Subject: Re: rdr 127.0.0.1 and blocking 127/8 in ip_output() Message-ID: <3C6AFD6D.9ED1190A@mindspring.com> References: <20020213110347.C46245@sunbay.com> <200202131550.g1DFoDh41696@khavrinen.lcs.mit.edu> <20020213175851.A22977@sunbay.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Ruslan Ermilov wrote: > On Wed, Feb 13, 2002 at 10:50:13AM -0500, Garrett Wollman wrote: > > <<On Wed, 13 Feb 2002 11:03:47 +0200, Ruslan Ermilov <ru@FreeBSD.ORG> said: > > > > > Please test with and without this patch. > > > > I continue to believe that this should be done by fixing the routing, > > not by adding additional hacks to the already-bloated ip_output() > > path. > > > BSD always had these "hacks" (rfc1122 requirements) in in_canforward(). > RFC1122 requires the host to not send 127/8 addresses out of loopback, > whether or not its routes are set up correctly. I pretty much agree with Garrett on this one. Loopback is a special critter; it has all sorts of requirements, like not ARP'ing for addresses configured on it (otherwise FreeBSD is not usable for DSR, which I think it currently is not), etc.. It looks to me that this should be handled some place other than ip_output(). -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3C6AFD6D.9ED1190A>