From owner-cvs-all Thu Mar 1 21:45:56 2001 Delivered-To: cvs-all@freebsd.org Received: from prism.flugsvamp.com (cb58709-a.mdsn1.wi.home.com [24.17.241.9]) by hub.freebsd.org (Postfix) with ESMTP id D0E0E37B718; Thu, 1 Mar 2001 21:45:48 -0800 (PST) (envelope-from jlemon@flugsvamp.com) Received: (from jlemon@localhost) by prism.flugsvamp.com (8.11.0/8.11.0) id f225iE481976; Thu, 1 Mar 2001 23:44:14 -0600 (CST) (envelope-from jlemon) Date: Thu, 1 Mar 2001 23:44:14 -0600 From: Jonathan Lemon To: Garrett Wollman Cc: Jonathan Lemon , cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sys/netinet ip_input.c Message-ID: <20010301234414.Y25974@prism.flugsvamp.com> References: <200103012339.f21NdW309088@freefall.freebsd.org> <15006.60555.97100.465265@nomad.yogotech.com> <20010301184258.T25974@prism.flugsvamp.com> <15006.61041.727634.597339@nomad.yogotech.com> <200103020236.VAA06356@khavrinen.lcs.mit.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0pre2i In-Reply-To: <200103020236.VAA06356@khavrinen.lcs.mit.edu> Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Thu, Mar 01, 2001 at 09:36:54PM -0500, Garrett Wollman wrote: > < said: > > > } When iterating over our list of interface addresses in order to determine > > } if an arriving packet belongs to us, also check that the packet arrived > > } through the correct interface. Skip this check if the packet was locally > > } generated. > > This change is bogus and breaks multihomed hosts. Please back it > out. While RFC 1122 states (3.3.4.2): > > (A) A host MAY silently discard an incoming datagram whose > destination address does not correspond to the physical > interface through which it is received. > > ...modern practice follows what is described in that section as the > ``Weak ES model'', wherein ``MUST NOT'' is substituted for ``MAY'' in > the requirement above. > > In any case, the ``Strong ES model'' is not applicable to ``hosts with > embedded gateway functionality'' -- which FreeBSD unquestionably is. > Furthermore, RFC 1122 is dated and its analysis is incomplete; it is > not uncommon for a multi-homed, non-gateway system to receive packets > on the ``wrong'' interface as a result of explicit routes introduced > by the network administrator to direct traffic intended for a > particular host to a particular interface. (For example, ten years > ago at UVM we had a network of SGI machines connected by a FDDI ring, > which were also multi-homed on an Ethernet. We configured a host > route on each of the machines to intentionally direct traffic between > these machines to the FDDI regardless of which address was used.) I understand what you're saying, but I don't agree. The cases where the system is configured as a non-gateway machine but is supposed to receive packets on the 'wrong' interface are not that common. Also, I will point out that we now have alternate mechanisms for accomplishing the same thing; e.g. the configuration you described above could be set up by adding an alias of the ethernet interface to the FDDI interface for each machine. Three points: 1. This allowed by the RFC, and closes a few security holes as well as what probably is a violation of POLA, so I don't think this should be backed out. 2. If the host is acting as a gateway, (ip_forwarding is enabled) then this check will be essentially bypassed. If you are going to act as a gateway, you should be running firewall rules anyway. 3. I will concede that there may be some situations that I haven't considered where the old behavior may be desirable, so I propose adding a sysctl "net.inet.ip.check_interface", which defaults to on, which can be toggled to switch back to the old behavior. > (Oh, and have I mentioned how much I despise the Q_FOREACH() macros?) The macros are okay, the uppercase conventions are ugly. -- Jonathan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message