Date: Mon, 24 Sep 2001 10:23:41 -0700 From: "Kevin Oberman" <oberman@es.net> To: Lamont Granquist <lamont@scriptkiddie.org> Cc: Joe Abley <jabley@automagic.org>, Juha Saarinen <juha@saarinen.org>, "'Andrew Reilly'" <areilly@bigpond.net.au>, freebsd-stable@FreeBSD.ORG Subject: Re: 127/8 continued Message-ID: <200109241723.f8OHNfR15166@ptavv.es.net> In-Reply-To: Your message of "Mon, 24 Sep 2001 09:43:42 PDT." <20010924094048.X5906-100000@coredump.scriptkiddie.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> Date: Mon, 24 Sep 2001 09:43:42 -0700 (PDT) > From: Lamont Granquist <lamont@scriptkiddie.org> > Sender: owner-freebsd-stable@FreeBSD.ORG > > > > On Mon, 24 Sep 2001, Joe Abley wrote: > > On Mon, Sep 24, 2001 at 07:16:00PM +1200, Juha Saarinen wrote: > > > :: Those packets are _supposed_ to get back to this host. That's > > > :: what loopback is for. > > > > > > Yes, I think the RFCs make a point of this. > > > > RFC1122 also says, in the same paragraph, "addresses of this form > > MUST NOT appear outside the host." > > This is what we're talking about. Right now if you take a vanilla FBSD > box a 'ping 127.1.1.1' will be routed to the default router. > > > Installing a null covering route for 127/8 with the blackhole bit > > set seems a good way of preventing addresses with a destination > > within 127/8 from being sent out on a non-loopback interface, without > > resorting to nasty hacks which make address handling on the loopback > > interface different to every other interface. It is also consistent > > with the robustness principle. > > > > route add 127.0.0.0 -netmask 255.0.0.0 -iface lo0 -blackhole > > It seems that 127.0.0.1 works when you do this, as do aliases that you add > to the lo0 interface. Works for me. > > > But, whatever. This is hardly a monumental requirement worth bickering > > over. > > Its worth getting right though. Keep the surprises minimal. Absolutely! The RFC1122 text is quite clear that no packet with a destination of 127/8 should EVER appear on any external network connection. I don't see any requirement that all 127/8 addresses act as loopback, but they MUST be kept in the machine. A standard route for 127/8 forcing all packets to the lo0 interface appears to be a good solution to this. R. Kevin Oberman, Network Engineer Energy Sciences Network (ESnet) Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) E-mail: oberman@es.net Phone: +1 510 486-8634 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200109241723.f8OHNfR15166>