Re: rdr 127.0.0.1 and blocking 127/8 in ip_output()

2002-02-19 Thread Archie Cobbs
Ruslan Ermilov writes: > > > Note that "normal" people will still get the standard configuration > > > which prevents transmitting 127/8 packets, as it has for many years, > > > without this new change. > > > > No, as I have had to repeat many times, a stock FreeBSD system did NOT > > behave prop

Re: rdr 127.0.0.1 and blocking 127/8 in ip_output()

2002-02-19 Thread Crist J. Clark
On Tue, Feb 19, 2002 at 10:25:13AM +0200, Ruslan Ermilov wrote: > On Mon, Feb 18, 2002 at 11:35:54PM -0800, Crist J. Clark wrote: [snip] > > I'd personally prefer someone just fix lo0 so that, > > > > $ ifconfig lo0 inet 127.0.0.1 > > > > Actually added the route, > > > > 127

Re: rdr 127.0.0.1 and blocking 127/8 in ip_output()

2002-02-19 Thread Ruslan Ermilov
On Mon, Feb 18, 2002 at 11:35:54PM -0800, Crist J. Clark wrote: > On Mon, Feb 18, 2002 at 08:43:45PM -0800, Archie Cobbs wrote: > > Crist J. Clark writes: > > > No, RFC1122 is a set of requirements for hosts implementing _the > > > Internet protocol._ > > > > OK... > > > > > > By your argument,

Re: rdr 127.0.0.1 and blocking 127/8 in ip_output()

2002-02-18 Thread Crist J. Clark
On Mon, Feb 18, 2002 at 08:43:45PM -0800, Archie Cobbs wrote: > Crist J. Clark writes: > > No, RFC1122 is a set of requirements for hosts implementing _the > > Internet protocol._ > > OK... > > > > By your argument, the kernel should also block admin attempts to > > > configure RFC 1918 addresse

Re: rdr 127.0.0.1 and blocking 127/8 in ip_output()

2002-02-18 Thread Archie Cobbs
Crist J. Clark writes: > No, RFC1122 is a set of requirements for hosts implementing _the > Internet protocol._ OK... > > By your argument, the kernel should also block admin attempts to > > configure RFC 1918 addresses (10.x.x.x, 192.168.x.x, etc.) on an > > interface. That would put a lot of p

Re: rdr 127.0.0.1 and blocking 127/8 in ip_output()

2002-02-18 Thread Julian Elischer
I suggest that you get Archie to walk over to the next desk and ask Van Jacobson. There's nothing like getting it from the Horse's mouth (so to speak). On Mon, 18 Feb 2002, Crist J. Clark wrote: > On Mon, Feb 18, 2002 at 07:02:48PM -0800, Archie Cobbs wrote: > > > > Note that the RFC you are h

Re: rdr 127.0.0.1 and blocking 127/8 in ip_output()

2002-02-18 Thread Crist J. Clark
On Mon, Feb 18, 2002 at 07:02:48PM -0800, Archie Cobbs wrote: > Ruslan Ermilov writes: > > > > ping -s 127.1 1.2.3.4 > > > > telnet -S 127.1 1.2.3.4 > > > > > > If someone explicitly overrides source-address selection, they are > > > presumed to know WTF they are doing, and the kernel should not

Re: rdr 127.0.0.1 and blocking 127/8 in ip_output()

2002-02-18 Thread Archie Cobbs
Ruslan Ermilov writes: > > > ping -s 127.1 1.2.3.4 > > > telnet -S 127.1 1.2.3.4 > > > > If someone explicitly overrides source-address selection, they are > > presumed to know WTF they are doing, and the kernel should not be > > trying to second-guess them. > > > That "someone" could be a bad g

Re: rdr 127.0.0.1 and blocking 127/8 in ip_output()

2002-02-14 Thread Ruslan Ermilov
[Redirected to -net] On Thu, Feb 14, 2002 at 11:39:37AM -0500, Garrett Wollman wrote: > < said: > > > ping -s 127.1 1.2.3.4 > > telnet -S 127.1 1.2.3.4 > > If someone explicitly overrides source-address selection, they are > presumed to know WTF they are doing, and the kernel should not be > tr