Bug#3143: sysvinit init.d/network script buglet
>>>>> "MvS" == Miquel van Smoorenburg <miquels@cistron.nl> writes:
MvS> You (Bruce Perens) wrote:
>> Package: sysvinit
>>
>> From: Lukas Nellen <lukas@teorica0.ifisicacu.unam.mx>
>>
>> To me, it looks like there is a small bug in the way the networking
>> gets configured in the base system. The problem is the loopback
>> network 127.0.0.0. AFAIK, no packet addressed to any address on that
>> network should ever leave the local host. Instead, the loopback
>> interface on the local machine has to accept ALL such packets, not
>> just those sent to 127.0.0.1. Could someone confirm that or point me
>> to a document which states the contrary?
MvS> Well I couldn't find it documented, but the way Debian does it now
MvS> is the same as Solaris 2.5, SunOS 4.1.4 and FreeBSD do it (I just
MvS> checked).
MvS> So I think the "route add 127.0.0.1" is how it should be done.
MvS> I'm closing this bug report.
I'm reopening the bug since I don't believe that the way other systems
deal with the loopback is necessarily the way linux has to deal with
it. After all, linux is one of the few systems which doesn't use a
BSD-derived networking code.
What happens if those systems, say, ping 127.0.0.2? Which system
answers? I'm pretty sure that nothing in 127.x.y.z is supposed to
leave your system. I remember follwing a discussion somewhere about
that issue. The problem with packets in 127.x.y.z is the following:
A system with IP forwarding on the net might see the packets and
redirect them to its loopback device. You can't control which system
you connect to and you might inconvenience others.
And there was a complaint comming up as part of that discussion that
there is a number of broken systems on the internet which do send out
packages in 127.x.y.z. (I vaguely remember that badly configured linux
systems where blamed for doing this).
I noticed the problem when I saw that rwhod on my debian system sends
broadcasts on each interface (which makes sense), and that the
broadcasts on 127.255.255.255 appear on the ethernet (which shouldn't
happen).
Can you verify the behaviour of the other systems when they connect to
a random address in 127.x.y.z? After all, the problem isn't what they
put into their routing tables. The problem is what does the linux
networking implementation require in the routing tables to prevent the
networking layer to send out 127.x.y.z packets to the rest of the
world. Maybe in other implementations of the networking, special
knowledge of the 127.0.0.0 net is hardcoded. Or the interface is set
up differently. Or the other system is also broken.
You can use
tcpdump src host-to-test
on one machine on you local net and on the machine you want to test (e.g)
finger @127.0.0.2
to check if 127.x.y.z packets leave the machine.
BTW, RFC 1009 and 1700 (there might be others) state that 127.x.y.z
should never appear outside a host. This implies that the current
configration of the networking system as done in debian is incorrect.
Cheers,
Lukas
-------------------------------------------------------------------------------
Dr. Lukas Nellen | Email: lukas@teorica0.ifisicacu.unam.mx
Depto. de Fisica Teorica, IFUNAM |
Apdo. Postal 20-364 | Tel.: +52 5 622 5014 ext. 218
01000 Mexico D.F., MEXICO | Fax: +52 5 622 5015
Reply to: