|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Paul de Weerd (weerd
weirdnet.nl)
Date: Fri Dec 21 2007 - 17:53:02 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
After discussion some with people, I'm posting about 1 bug, 1 question
and 1 feature request. It all has to do with the 0/8 network (0.0.0.0
more specifically).
First the bug :
[trying to add a blackhole route for 0/8]
$ sudo route add 0/8 -blackhole 127.0.0.1
route: writing to routing socket: File exists
[in a second terminal running route monitor]
$ route monitor
got message of size 124 on Sat Dec 22 00:20:13 2007
RTM_ADD: Add route: len 124, table: 0, pid 15149, seq 1, errno 17, flags:<UP,GATEWAY,STATIC,BLACKHOLE>
locks: inits:
sockaddrs: <DST,GATEWAY,NETMASK>
default 127.0.0.1 default
[trying another way to do the same]
$ sudo route add 0.0.0.0 -netmask 255.0.0.0 -blackhole 127.0.0.1
add net 0.0.0.0: gateway 127.0.0.1
[again, on the route monitor]
$ route monitor
got message of size 128 on Sat Dec 22 00:33:44 2007
RTM_ADD: Add Route: len 128, table: 0, pid: 3972, seq 1, errno 0, flags:<UP,GATEWAY,DONE,STATIC,BLACKHOLE>
locks: inits:
sockaddrs: <DST,GATEWAY,NETMASK>
default localhost 255.0.0.0
This seems like an obvious bug in route(8) to me. Unfortunately, I
have no solution for it. It does have, however, a lot to do with my
feature request :
Index: netstart
===================================================================
RCS file: /cvs/src/etc/netstart,v
retrieving revision 1.116
diff -u -r1.116 netstart
--- netstart 2 Aug 2007 03:19:10 -0000 1.116
+++ netstart 21 Dec 2007 23:42:32 -0000
-285,6 +285,9
ip6kernel=NO
fi
+# Before configuring any non-loopback interfaces, blackhole traffic to
+# 0/8 which should never hit the wire according to Stevens
+route add 0.0.0.0 -netmask 255.0.0.0 -blackhole 127.0.0.1
# Configure all the non-loopback interfaces which we know about, but
# do not start interfaces which must be delayed.
And finally, my question. Why not add this :
Index: ip_input.c
===================================================================
RCS file: /cvs/src/sys/netinet/ip_input.c,v
retrieving revision 1.156
diff -u -r1.156 ip_input.c
--- ip_input.c 14 Dec 2007 18:33:41 -0000 1.156
+++ ip_input.c 21 Dec 2007 23:45:31 -0000
-446,8 +446,7
}
goto ours;
}
- if (ip->ip_dst.s_addr == INADDR_BROADCAST ||
- ip->ip_dst.s_addr == INADDR_ANY)
+ if (ip->ip_dst.s_addr == INADDR_BROADCAST)
goto ours;
#if NCARP > 0
According to Stevens (this time in Volume 2), this check is there for
compatibility with stacks that were derived from 4.2BSD which
considered INADDR_ANY a broadcast address (weird, since in Volume 1 he
says 0/8 should never be on the wire). But anyway, for sending, 0/32
is not considered a broadcast as OpenBSD machines happily send this
traffic to their default gateway (or a more specific route, hence the
above change to /etc/netstart) so why do we still consider it to be so
in ip_input ?
Thanks to Claudio and Darren for the interesting after-fondue-
discussion on this topic and for pointing me at the code et al;)
Cheers,
Paul 'WEiRD' de Weerd
--
>++++++++[<++++++++++>-]<+++++++.>+++[<------>-]<.>+++[<+
+++++++++++>-]<.>++[<------------>-]<+.--------------.[-]
http://www.weirdnet.nl/
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]