Date: Tue, 13 Nov 2012 23:25:20 -0800 From: Sean Chittenden <sean@chittenden.org> To: Joe Holden <lists@rewt.org.uk> Cc: "freebsd-net@freebsd.org" <freebsd-net@freebsd.org> Subject: Re: 0.0.0.0/8 oddities... Message-ID: <082A52DA-3C04-46B7-A0C6-2F1CD814C01C@chittenden.org> In-Reply-To: <50A34675.2020709@rewt.org.uk> References: <DC8A0D79-8DF3-472F-9B1A-76BF8577A03C@chittenden.org> <50A20359.9080906@networx.ch> <7C614093-6408-49C6-8515-F6C09183453B@chittenden.org> <50A32FE7.2010206@rewt.org.uk> <7BE7E643-FB13-45DE-BA40-257B8ADFAA98@chittenden.org> <50A34675.2020709@rewt.org.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
>>>>> The check to drop ICMP replies to a source of 0.0.0.0/8 was added >>>>> in r120958 as part of a fix for link local addresses. It was only >>>>> applied to ICMP which is inconsistent as you've found out. >>>>>=20 >>>>>> ?? Any thoughts as to why? It doesn't appear that the current = behavior abides by RFC5735. >>>>> Reading this section and RFC1122 it is not entirely clear to me >>>>> what the allowed scope of 0.0.0.0/8 is. I do agree though that >>>>> blocking it only in ICMP is not useful if it is allowed in the >>>>> normal IP input path. >>>>>=20 >>>>> Can you please check how other OS's (Linux, Windows) deal with it? >>>=20 >>> 0/8 is not supposed to be used, as per the rfc. As such it doesn't = work on most systems (Linux, network appliance vendors included) so this = working *should* be a bug, IMO. >>=20 >> Where does it say that it shouldn't be used? Which RFC & =A7? There = are plenty of RFCs and I haven't exhaustively read things, so I reserve = the right to be wrong & corrected, but I haven't seen anything that = says, "do not use 0.0.0.0/8." 0.0.0.0/32, yes, that's a reserved and = special IP address, but the remainder of the /8? It's a stretch to argue = that it can't be used. >=20 > There are several, including the one you referenced where it = references the other addresses can only be used as a source address. It = is vague but accepted that 0/8 isn't usable as anything other than that. Can you be more specific? I read "other addresses within 0.0.0.0/8 may = be used to refer to specified hosts on this network" as an indication = that use of 0/8 is intended to be supported. > Regardless, why are you trying to do something that is unsupported by = pretty much every vendor/operator/os? Status quo is fine and dandy if it's rational, backed up with a = justification and can be understood, but I'm not seeing anything that = suggests there's a good reason which indicates 0/8 shouldn't be used or = supported. -sc -- Sean Chittenden sean@chittenden.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?082A52DA-3C04-46B7-A0C6-2F1CD814C01C>