From owner-freebsd-bugs Mon Sep 24 10: 0:19 2001 Delivered-To: freebsd-bugs@hub.freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 42C6D37B41F for ; Mon, 24 Sep 2001 10:00:01 -0700 (PDT) Received: (from gnats@localhost) by freefall.freebsd.org (8.11.4/8.11.4) id f8OH01s32502; Mon, 24 Sep 2001 10:00:01 -0700 (PDT) (envelope-from gnats) Received: from buffoon.automagic.org (buffoon.automagic.org [208.185.30.208]) by hub.freebsd.org (Postfix) with SMTP id 5DF3837B41B for ; Mon, 24 Sep 2001 09:56:20 -0700 (PDT) Received: (qmail 37673 invoked by uid 1000); 24 Sep 2001 16:56:03 -0000 Message-Id: <20010924165603.37672.qmail@buffoon.automagic.org> Date: 24 Sep 2001 16:56:03 -0000 From: Joe Abley To: FreeBSD-gnats-submit@freebsd.org Cc: Lamont Granquist X-Send-Pr-Version: 3.113 Subject: misc/30792: traffic destined for 127/8 addresses should be kept off the network Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >Number: 30792 >Category: misc >Synopsis: traffic destined for 127/8 addresses should be kept off the network >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Mon Sep 24 10:00:01 PDT 2001 >Closed-Date: >Last-Modified: >Originator: Joe Abley >Release: FreeBSD 4.4-RELEASE i386 >Organization: NLRI >Environment: System: FreeBSD buffoon.automagic.org 4.4-RELEASE FreeBSD 4.4-RELEASE #0: Wed Sep 19 23:42:19 EDT 2001 jabley@buffoon.automagic.org:/usr/obj/usr/src/sys/BUFFOON i386 >Description: IP traffic with destionation addresses that (a) fall within 127/8 and (b) do not match any configured local addresses or aliases will be sent out on the network following the default route, if there is one. This is contrary to the specifications in RFC1122, which states that "addresses of this form MUST NOT appear outside the host". >How-To-Repeat: tcpdump whilst ping 127.1.1.1 in an environment where a default exists pointing out the same interface watched by default by tcpdump, and where 127.1.1.1 does not match any locally-configured address or alias. The tcpdump will reveal traffic sent out on the net with destination addresses within 127/8. >Fix: --- rc.network.orig Mon Sep 24 12:49:46 2001 +++ rc.network Mon Sep 24 12:51:09 2001 @@ -346,6 +346,10 @@ done fi + # Add a blackhole route for 127/8 to keep traffic within + # that supernet off the network, per RFC1122 + route add 127.0.0.0 -netmask 255.0.0.0 -iface lo0 -blackhole + echo -n 'Additional routing options:' case ${tcp_extensions} in [Yy][Ee][Ss] | '') >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message