Sebastien Roy wrote: > On Fri, 2008-09-05 at 16:56 -0700, Darren Reed wrote: > >>> We clearly shouldn't allow 127.0.0.1 be used as a source address when >>> sending packets out on the wire, but there isn't any harm in letting >>> them be delivered locally is there? >>> >>> >> If we fast forward to a post-crossbow solaris, where we >> have a vswitch, don't we have a "soft" wire by implication? >> > > Not for packets whose source and destination belong to the same IP > stack. The core question being asked is whether this should be allowed > for inter-shared-IP-zone communication which is looped-around within the > ip module. > > I do believe that the same harm exists in allowing this type of traffic > to cross shared-IP zone boundaries than exists for packets that go out > on the wire. Either way, the packet can be considered a bogon that is > forged and claims to be from somewhere which it is not. >
Sloaris Trusted Extensions has added an option to make 127.0.0.1 an all-zones address, i.e. all labeled zones on the system share the loopback address. In the case of Multilevel Port (MLP), the address is used for cross zone communication. Jarrett > -Seb > > > _______________________________________________ > networking-discuss mailing list > [email protected] > _______________________________________________ networking-discuss mailing list [email protected]
