From owner-freebsd-net@FreeBSD.ORG Thu Feb 21 01:43:56 2008 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D25D016A402 for ; Thu, 21 Feb 2008 01:43:56 +0000 (UTC) (envelope-from bms@FreeBSD.org) Received: from out3.smtp.messagingengine.com (out3.smtp.messagingengine.com [66.111.4.27]) by mx1.freebsd.org (Postfix) with ESMTP id AABB313C4DD for ; Thu, 21 Feb 2008 01:43:56 +0000 (UTC) (envelope-from bms@FreeBSD.org) Received: from compute1.internal (compute1.internal [10.202.2.41]) by out1.messagingengine.com (Postfix) with ESMTP id 0367F94210; Wed, 20 Feb 2008 20:43:56 -0500 (EST) Received: from heartbeat1.messagingengine.com ([10.202.2.160]) by compute1.internal (MEProxy); Wed, 20 Feb 2008 20:43:56 -0500 X-Sasl-enc: KR936jitr7MX+8x9rnYiPJrCMz6dzBNVuHfL4BcvK2ua 1203558235 Received: from empiric.lon.incunabulum.net (82-35-112-254.cable.ubr07.dals.blueyonder.co.uk [82.35.112.254]) by mail.messagingengine.com (Postfix) with ESMTPSA id 4CC4517295; Wed, 20 Feb 2008 20:43:55 -0500 (EST) Message-ID: <47BCD75A.8020708@FreeBSD.org> Date: Thu, 21 Feb 2008 01:43:54 +0000 From: "Bruce M. Simpson" User-Agent: Thunderbird 2.0.0.9 (X11/20080207) MIME-Version: 1.0 To: James Snow References: <20080221010655.GA93480@teardrop.org> In-Reply-To: <20080221010655.GA93480@teardrop.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org Subject: Re: 7.0 & Link-Local Addresses X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Feb 2008 01:43:56 -0000 James Snow wrote: > I'm trying to use link-local for the cross-over interface between a pair > of FreeBSD boxes running pf, pfsync, and CARP. These firewalls will > need to be able to route for the whole of RFC1918, and carving off a > piece of that address space isn't an option. > > This seemed to be a perfect scenario for link-local addresses until I > ran into the above problem. RFC 3927 states, in section 1.6 (Alternate > Use Prohibition): > > "Note that addresses in the 169.254/16 prefix SHOULD NOT be > configured manually...." > > So I'm not sure if this is a bug or just RFC compliance. > I can't see why you're seeing datagrams to 169.254.1.1 being dropped based on the information you provide. I did introduce some checks into the mainline code which will prohibit the use of link-local addresses for forwarding, these should not affect reception as an endpoint. However, you should be just fine manually configuring 169.254/16 addresses for the time being. Whilst it isn't in accordance with the letter of the RFC as you correctly point out, there are situations where it's useful. The stack does NOT currently support source address selection policies. These were introduced to NetBSD. Currently in FreeBSD, source address selection is based solely on destination address. cheers BMS