Date: Thu, 1 Mar 2001 23:44:14 -0600 From: Jonathan Lemon <jlemon@flugsvamp.com> To: Garrett Wollman <wollman@khavrinen.lcs.mit.edu> Cc: Jonathan Lemon <jlemon@FreeBSD.org>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sys/netinet ip_input.c Message-ID: <20010301234414.Y25974@prism.flugsvamp.com> In-Reply-To: <200103020236.VAA06356@khavrinen.lcs.mit.edu> References: <200103012339.f21NdW309088@freefall.freebsd.org> <15006.60555.97100.465265@nomad.yogotech.com> <20010301184258.T25974@prism.flugsvamp.com> <15006.61041.727634.597339@nomad.yogotech.com> <200103020236.VAA06356@khavrinen.lcs.mit.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Mar 01, 2001 at 09:36:54PM -0500, Garrett Wollman wrote:
> <<On Thu, 1 Mar 2001 17:50:57 -0700 (MST), Nate Williams <nate@yogotech.com> said:
>
> > } When iterating over our list of interface addresses in order to determine
> > } if an arriving packet belongs to us, also check that the packet arrived
> > } through the correct interface. Skip this check if the packet was locally
> > } generated.
>
> This change is bogus and breaks multihomed hosts. Please back it
> out. While RFC 1122 states (3.3.4.2):
>
> (A) A host MAY silently discard an incoming datagram whose
> destination address does not correspond to the physical
> interface through which it is received.
>
> ...modern practice follows what is described in that section as the
> ``Weak ES model'', wherein ``MUST NOT'' is substituted for ``MAY'' in
> the requirement above.
>
> In any case, the ``Strong ES model'' is not applicable to ``hosts with
> embedded gateway functionality'' -- which FreeBSD unquestionably is.
> Furthermore, RFC 1122 is dated and its analysis is incomplete; it is
> not uncommon for a multi-homed, non-gateway system to receive packets
> on the ``wrong'' interface as a result of explicit routes introduced
> by the network administrator to direct traffic intended for a
> particular host to a particular interface. (For example, ten years
> ago at UVM we had a network of SGI machines connected by a FDDI ring,
> which were also multi-homed on an Ethernet. We configured a host
> route on each of the machines to intentionally direct traffic between
> these machines to the FDDI regardless of which address was used.)
I understand what you're saying, but I don't agree. The cases where
the system is configured as a non-gateway machine but is supposed to
receive packets on the 'wrong' interface are not that common. Also,
I will point out that we now have alternate mechanisms for accomplishing
the same thing; e.g. the configuration you described above could be
set up by adding an alias of the ethernet interface to the FDDI interface
for each machine.
Three points:
1. This allowed by the RFC, and closes a few security holes
as well as what probably is a violation of POLA, so I don't
think this should be backed out.
2. If the host is acting as a gateway, (ip_forwarding is enabled)
then this check will be essentially bypassed. If you are going
to act as a gateway, you should be running firewall rules anyway.
3. I will concede that there may be some situations that I haven't
considered where the old behavior may be desirable, so I propose
adding a sysctl "net.inet.ip.check_interface", which defaults
to on, which can be toggled to switch back to the old behavior.
> (Oh, and have I mentioned how much I despise the Q_FOREACH() macros?)
The macros are okay, the uppercase conventions are ugly.
--
Jonathan
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010301234414.Y25974>