Date: Thu, 14 Feb 2002 11:09:41 +0200 From: Ruslan Ermilov <ru@FreeBSD.ORG> To: Terry Lambert <tlambert2@mindspring.com> Cc: Garrett Wollman <wollman@khavrinen.lcs.mit.edu>, current@FreeBSD.ORG Subject: Re: rdr 127.0.0.1 and blocking 127/8 in ip_output() Message-ID: <20020214110941.A30024@sunbay.com> In-Reply-To: <3C6AFD6D.9ED1190A@mindspring.com> References: <20020213110347.C46245@sunbay.com> <200202131550.g1DFoDh41696@khavrinen.lcs.mit.edu> <20020213175851.A22977@sunbay.com> <3C6AFD6D.9ED1190A@mindspring.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Feb 13, 2002 at 03:57:33PM -0800, Terry Lambert wrote:
> Ruslan Ermilov wrote:
> > On Wed, Feb 13, 2002 at 10:50:13AM -0500, Garrett Wollman wrote:
> > > <<On Wed, 13 Feb 2002 11:03:47 +0200, Ruslan Ermilov <ru@FreeBSD.ORG> said:
> > >
> > > > Please test with and without this patch.
> > >
> > > I continue to believe that this should be done by fixing the routing,
> > > not by adding additional hacks to the already-bloated ip_output()
> > > path.
> > >
> > BSD always had these "hacks" (rfc1122 requirements) in in_canforward().
> > RFC1122 requires the host to not send 127/8 addresses out of loopback,
> > whether or not its routes are set up correctly.
>
> I pretty much agree with Garrett on this one.
>
> Loopback is a special critter; it has all sorts of
> requirements, like not ARP'ing for addresses configured
> on it (otherwise FreeBSD is not usable for DSR, which I
> think it currently is not), etc..
>
Heh? Without my patch:
# ifconfig rl0 inet
rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet 192.168.4.115 netmask 0xffffff00 broadcast 192.168.4.255
inet 127.0.0.2 netmask 0xff000000 broadcast 127.255.255.255
# ping 127.0.0.3
# tcpdump -n net 127
tcpdump: listening on rl0
10:29:12.685957 arp who-has 127.0.0.3 tell 127.0.0.2
^C
2480 packets received by filter
0 packets dropped by kernel
> It looks to me that this should be handled some place
> other than ip_output().
>
Perhaps you don't realize that we can't fix "this" with
just routing because we are also not allowed to send out
packets originated from loopback network, like:
ping -s 127.1 1.2.3.4
telnet -S 127.1 1.2.3.4
Cheers,
--
Ruslan Ermilov Sysadmin and DBA,
ru@sunbay.com Sunbay Software AG,
ru@FreeBSD.org FreeBSD committer,
+380.652.512.251 Simferopol, Ukraine
http://www.FreeBSD.org The Power To Serve
http://www.oracle.com Enabling The Information Age
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020214110941.A30024>