From owner-cvs-all Thu Mar 1 18:37: 4 2001 Delivered-To: cvs-all@freebsd.org Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193]) by hub.freebsd.org (Postfix) with ESMTP id 6E4EB37B718; Thu, 1 Mar 2001 18:36:59 -0800 (PST) (envelope-from wollman@khavrinen.lcs.mit.edu) Received: (from wollman@localhost) by khavrinen.lcs.mit.edu (8.9.3/8.9.3) id VAA06356; Thu, 1 Mar 2001 21:36:54 -0500 (EST) (envelope-from wollman) Date: Thu, 1 Mar 2001 21:36:54 -0500 (EST) From: Garrett Wollman Message-Id: <200103020236.VAA06356@khavrinen.lcs.mit.edu> To: Jonathan Lemon Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sys/netinet ip_input.c In-Reply-To: <15006.61041.727634.597339@nomad.yogotech.com> References: <200103012339.f21NdW309088@freefall.freebsd.org> <15006.60555.97100.465265@nomad.yogotech.com> <20010301184258.T25974@prism.flugsvamp.com> <15006.61041.727634.597339@nomad.yogotech.com> Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG < said: > } When iterating over our list of interface addresses in order to determine > } if an arriving packet belongs to us, also check that the packet arrived > } through the correct interface. Skip this check if the packet was locally > } generated. This change is bogus and breaks multihomed hosts. Please back it out. While RFC 1122 states (3.3.4.2): (A) A host MAY silently discard an incoming datagram whose destination address does not correspond to the physical interface through which it is received. ...modern practice follows what is described in that section as the ``Weak ES model'', wherein ``MUST NOT'' is substituted for ``MAY'' in the requirement above. In any case, the ``Strong ES model'' is not applicable to ``hosts with embedded gateway functionality'' -- which FreeBSD unquestionably is. Furthermore, RFC 1122 is dated and its analysis is incomplete; it is not uncommon for a multi-homed, non-gateway system to receive packets on the ``wrong'' interface as a result of explicit routes introduced by the network administrator to direct traffic intended for a particular host to a particular interface. (For example, ten years ago at UVM we had a network of SGI machines connected by a FDDI ring, which were also multi-homed on an Ethernet. We configured a host route on each of the machines to intentionally direct traffic between these machines to the FDDI regardless of which address was used.) (Oh, and have I mentioned how much I despise the Q_FOREACH() macros?) -GAWollman To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message