>>>>> The check to drop ICMP replies to a source of 0.0.0.0/8 was added
>>>>> in r120958 as part of a fix for link local addresses.  It was only
>>>>> applied to ICMP which is inconsistent as you've found out.
>>>>> 
>>>>>> ?? Any thoughts as to why? It doesn't appear that the current behavior 
>>>>>> abides by RFC5735.
>>>>> Reading this section and RFC1122 it is not entirely clear to me
>>>>> what the allowed scope of 0.0.0.0/8 is.  I do agree though that
>>>>> blocking it only in ICMP is not useful if it is allowed in the
>>>>> normal IP input path.
>>>>> 
>>>>> Can you please check how other OS's (Linux, Windows) deal with it?
>>> 
>>> 0/8 is not supposed to be used, as per the rfc.  As such it doesn't work on 
>>> most systems (Linux, network appliance vendors included) so this working 
>>> *should* be a bug, IMO.
>> 
>> Where does it say that it shouldn't be used? Which RFC & ยง? There are plenty 
>> of RFCs and I haven't exhaustively read things, so I reserve the right to be 
>> wrong & corrected, but I haven't seen anything that says, "do not use 
>> 0.0.0.0/8."  0.0.0.0/32, yes, that's a reserved and special IP address, but 
>> the remainder of the /8? It's a stretch to argue that it can't be used.
> 
> There are several, including the one you referenced where it references the 
> other addresses can only be used as a source address.  It is vague but 
> accepted that 0/8 isn't usable as anything other than that.

Can you be more specific? I read "other addresses within 0.0.0.0/8 may be used 
to refer to specified hosts on this network" as an indication that use of 0/8 
is intended to be supported.

> Regardless, why are you trying to do something that is unsupported by pretty 
> much every vendor/operator/os?

Status quo is fine and dandy if it's rational, backed up with a justification 
and can be understood, but I'm not seeing anything that suggests there's a good 
reason which indicates 0/8 shouldn't be used or supported. -sc


--
Sean Chittenden
[email protected]

_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[email protected]"

Reply via email to