From owner-freebsd-bugs  Tue Jul  7 08:16:19 1998
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id IAA11699
          for freebsd-bugs-outgoing; Tue, 7 Jul 1998 08:16:19 -0700 (PDT)
          (envelope-from owner-freebsd-bugs@FreeBSD.ORG)
Received: from implode.root.com (implode.root.com [198.145.90.17])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id IAA11572
          for <freebsd-bugs@FreeBSD.ORG>; Tue, 7 Jul 1998 08:15:52 -0700 (PDT)
          (envelope-from root@implode.root.com)
Received: from implode.root.com (localhost [127.0.0.1])
	by implode.root.com (8.8.5/8.8.5) with ESMTP id IAA25223;
	Tue, 7 Jul 1998 08:10:47 -0700 (PDT)
Message-Id: <199807071510.IAA25223@implode.root.com>
To: Samuel S Thomas <sthomas@lart.net>
cc: Poul-Henning Kamp <phk@critter.freebsd.dk>, freebsd-bugs@FreeBSD.ORG
Subject: Re: kern/7191: FreeBSD 2.2.6 generates Source-route prohibited when not routing 
In-reply-to: Your message of "Tue, 07 Jul 1998 14:58:02 -0000."
             <19980707145802.D1918@lart.net> 
From: David Greenman <dg@root.com>
Reply-To: dg@root.com
Date: Tue, 07 Jul 1998 08:10:47 -0700
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

>>    It is probably a bug that source route IP options are processed at all
>> when a machine isn't configured for IP forwarding. While fixing this would
>> supress your warnings, it wouldn't fix the real problem which is why the
>> machine is seeing the packets in the first place.
>
>This is exactly my point. This is mentioned fairly clearly in rfc1122,
>also. I will agree to work with the PAO people on determining how those
>packets are getting to the IP layer without being discarded by the
>interface, so long as you core kernel-hacker types agree that the kernel
>should know whether or not it's routing, and check IP src/dst addresses
>accordingly. Fair enough?

   You deleted the first part of what I said which was that checking source/
destination IP address doesn't work at this point since it will never match
for routers. The IP address is of course checked when the destination is the
local machine.
   I should also like to point out that when IP forwarding is disabled,
FreeBSD doesn't forward source routed packets where the destination is not
the local machine. It does process the source route IP options prior to
discarding the packet in the !ipforward case, however, and that is why
the console message comes out and also why the ICMP message is sent. I'll
fix this in a few minutes.

> There does appear to be a check in their if_ep.c, though...

   That check is only for promiscuous mode. This tells us that bogus packets
are getting through even though promiscuous mode [apparantly] isn't enabled.

-DG

David Greenman
Co-founder/Principal Architect, The FreeBSD Project

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message