tech-net: Re: loopback routes

Subject: Re: loopback routes
To: Andrew Brown <atatat@atatdot.net>
From: None <itojun@iijlab.net>
List: tech-net
Date: 05/06/2000 13:00:22
>>	I still do not understand your goal... anyway,
>sorry, i didn't really go into that yet.  i wanted to create a "null"
>network interface, similar to that which one might find on a cisco.
>useful for blackhole routing, ipfiltering (yes, really!), etc.

	for example, is this insufficient for your goal?
	# route add -inet 10.0.0.0 127.0.0.1 -reject

>>>>   23:11:03.892874 127.0.0.1 > 127.0.0.1: icmp: echo reply [ttl 1]
>>	again, this packet is generated by ping.
>i still disagree.  ping doesn't make answers...only questions.

	see sbin/ping/ping.c:pinger().  (near "clear_cache")
	it do generate replies.

>>>(3) i see that as soon as i ifconfig lo0, ipv6 automatically assigns it
>>>   inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
>>>   inet6 ::1 prefixlen 128
>>>and then lo1 gets
>>>   inet6 fe80::1%lo1 prefixlen 64 scopeid 0x2
>>>   inet6 ::1 prefixlen 128
>>>is this a problem?  "route get -inet6 ::1" reports lo0, but i expect
>>>that's only because it's first in the "list".
>>	i don't think this is a problem, however, i'm not sure what is the
>>	specwise correct behavior against lo1.
>i'm not sure why anyone would have more than one loopback interface,
>but i wanted to play a little.  i figured i had anough rope to built a
>bridge...or something like that.
>you ought to know this...does the ::1 address get added only because
>the interface is marked IFF_LOOPBACK or is there some other reason?

	basically yes.
	- we really need to have ::1 due to some routing table hack for
	  "goto ours" loop. 
	- we use IFF_LOOPBACK for check if we should add ::1 or not
	- lo1 gets ::1 as well as lo0
	it will do no harm.  ::1 is required to be there anyways.

>>>(4) not really a problem...more of a question.  what theoretical
>>>effect would setting IFF_BROADCAST on the loopback interfaces have?
>>	if we remove special handling for 127.0.0.1, we may want to
>>	configure 127.0.0.1 with below:
>>	# ifconfig 127.0.0.1 netmask 0xffffffff
>>	rather than the default
>>	# ifconfig 127.0.0.1 netmask 0xff000000	(netmask implicitly specified)
>i still feel that the default netmask is fine...i think i'm just
>questioning some of the "special handling" that interfaces marked
>IFF_LOOPBACK get in the kernel.

	I have checked rfc1700 (assigned numbers) page 4, 127.0.0.0/8 should
	not leave the host.
	- lo0 = 127.0.0.1/8 without special handling, or
	- lo0 = 127.0.0.1/32, with reject route to 127.0.0.0/8
		it does not matter if we have special handling or not.
		just need a one-liner in /etc/netstart.
	looks more reasonable to me than the current behavior.

itojun