From owner-freebsd-current Thu Feb 14 1:10:26 2002 Delivered-To: freebsd-current@freebsd.org Received: from whale.sunbay.crimea.ua (whale.sunbay.crimea.ua [212.110.138.65]) by hub.freebsd.org (Postfix) with ESMTP id D6F4637B402 for ; Thu, 14 Feb 2002 01:10:19 -0800 (PST) Received: (from ru@localhost) by whale.sunbay.crimea.ua (8.11.6/8.11.2) id g1E99fH30368; Thu, 14 Feb 2002 11:09:41 +0200 (EET) (envelope-from ru) Date: Thu, 14 Feb 2002 11:09:41 +0200 From: Ruslan Ermilov To: Terry Lambert Cc: Garrett Wollman , current@FreeBSD.ORG Subject: Re: rdr 127.0.0.1 and blocking 127/8 in ip_output() Message-ID: <20020214110941.A30024@sunbay.com> References: <20020213110347.C46245@sunbay.com> <200202131550.g1DFoDh41696@khavrinen.lcs.mit.edu> <20020213175851.A22977@sunbay.com> <3C6AFD6D.9ED1190A@mindspring.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3C6AFD6D.9ED1190A@mindspring.com> User-Agent: Mutt/1.3.23i Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Wed, Feb 13, 2002 at 03:57:33PM -0800, Terry Lambert wrote: > Ruslan Ermilov wrote: > > On Wed, Feb 13, 2002 at 10:50:13AM -0500, Garrett Wollman wrote: > > > < said: > > > > > > > Please test with and without this patch. > > > > > > I continue to believe that this should be done by fixing the routing, > > > not by adding additional hacks to the already-bloated ip_output() > > > path. > > > > > BSD always had these "hacks" (rfc1122 requirements) in in_canforward(). > > RFC1122 requires the host to not send 127/8 addresses out of loopback, > > whether or not its routes are set up correctly. > > I pretty much agree with Garrett on this one. > > Loopback is a special critter; it has all sorts of > requirements, like not ARP'ing for addresses configured > on it (otherwise FreeBSD is not usable for DSR, which I > think it currently is not), etc.. > Heh? Without my patch: # ifconfig rl0 inet rl0: flags=8843 mtu 1500 inet 192.168.4.115 netmask 0xffffff00 broadcast 192.168.4.255 inet 127.0.0.2 netmask 0xff000000 broadcast 127.255.255.255 # ping 127.0.0.3 # tcpdump -n net 127 tcpdump: listening on rl0 10:29:12.685957 arp who-has 127.0.0.3 tell 127.0.0.2 ^C 2480 packets received by filter 0 packets dropped by kernel > It looks to me that this should be handled some place > other than ip_output(). > Perhaps you don't realize that we can't fix "this" with just routing because we are also not allowed to send out packets originated from loopback network, like: ping -s 127.1 1.2.3.4 telnet -S 127.1 1.2.3.4 Cheers, -- Ruslan Ermilov Sysadmin and DBA, ru@sunbay.com Sunbay Software AG, ru@FreeBSD.org FreeBSD committer, +380.652.512.251 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message