Date: Thu, 21 Feb 2008 01:43:54 +0000 From: "Bruce M. Simpson" <bms@FreeBSD.org> To: James Snow <snow@teardrop.org> Cc: freebsd-net@freebsd.org Subject: Re: 7.0 & Link-Local Addresses Message-ID: <47BCD75A.8020708@FreeBSD.org> In-Reply-To: <20080221010655.GA93480@teardrop.org> References: <20080221010655.GA93480@teardrop.org>
next in thread | previous in thread | raw e-mail | index | archive | help
James Snow wrote: > I'm trying to use link-local for the cross-over interface between a pair > of FreeBSD boxes running pf, pfsync, and CARP. These firewalls will > need to be able to route for the whole of RFC1918, and carving off a > piece of that address space isn't an option. > > This seemed to be a perfect scenario for link-local addresses until I > ran into the above problem. RFC 3927 states, in section 1.6 (Alternate > Use Prohibition): > > "Note that addresses in the 169.254/16 prefix SHOULD NOT be > configured manually...." > > So I'm not sure if this is a bug or just RFC compliance. > I can't see why you're seeing datagrams to 169.254.1.1 being dropped based on the information you provide. I did introduce some checks into the mainline code which will prohibit the use of link-local addresses for forwarding, these should not affect reception as an endpoint. However, you should be just fine manually configuring 169.254/16 addresses for the time being. Whilst it isn't in accordance with the letter of the RFC as you correctly point out, there are situations where it's useful. The stack does NOT currently support source address selection policies. These were introduced to NetBSD. Currently in FreeBSD, source address selection is based solely on destination address. cheers BMS
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?47BCD75A.8020708>