Skip site navigation (1)Skip section navigation (2) 
Date:      24 Sep 2001 16:56:03 -0000
From:      Joe Abley <jabley@automagic.org>
To:        FreeBSD-gnats-submit@freebsd.org
Cc:        Lamont Granquist <lamont@scriptkiddie.org>
Subject:   misc/30792: traffic destined for 127/8 addresses should be kept off the network
Message-ID:  <20010924165603.37672.qmail@buffoon.automagic.org>
next in thread | raw e-mail | index | archive | help 

>Number:         30792
>Category:       misc
>Synopsis:       traffic destined for 127/8 addresses should be kept off the network
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Mon Sep 24 10:00:01 PDT 2001
>Closed-Date:
>Last-Modified:
>Originator:     Joe Abley
>Release:        FreeBSD 4.4-RELEASE i386
>Organization:
NLRI
>Environment:
System: FreeBSD buffoon.automagic.org 4.4-RELEASE FreeBSD 4.4-RELEASE #0: Wed Sep 19 23:42:19 EDT 2001 jabley@buffoon.automagic.org:/usr/obj/usr/src/sys/BUFFOON i386

>Description:
IP traffic with destionation addresses that (a) fall within 127/8
and (b) do not match any configured local addresses or aliases will
be sent out on the network following the default route, if there is one.

This is contrary to the specifications in RFC1122, which states that
"addresses of this form MUST NOT appear outside the host".

>How-To-Repeat:
  tcpdump

whilst

  ping 127.1.1.1

in an environment where a default exists pointing out the same interface
watched by default by tcpdump, and where 127.1.1.1 does not match any
locally-configured address or alias. The tcpdump will reveal traffic
sent out on the net with destination addresses within 127/8.

>Fix:

--- rc.network.orig	Mon Sep 24 12:49:46 2001
+++ rc.network	Mon Sep 24 12:51:09 2001
@@ -346,6 +346,10 @@
 		done
 	fi
 
+	# Add a blackhole route for 127/8 to keep traffic within
+	# that supernet off the network, per RFC1122
+	route add 127.0.0.0 -netmask 255.0.0.0 -iface lo0 -blackhole
+
 	echo -n 'Additional routing options:'
 	case ${tcp_extensions} in
 	[Yy][Ee][Ss] | '')

>Release-Note:
>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010924165603.37672.qmail>