Re: 7.0 & Link-Local Addresses

James Snow wrote:
I'm trying to use link-local for the cross-over interface between a pair
of FreeBSD boxes running pf, pfsync, and CARP. These firewalls will
need to be able to route for the whole of RFC1918, and carving off a
piece of that address space isn't an option.

This seemed to be a perfect scenario for link-local addresses until I
ran into the above problem. RFC 3927 states, in section 1.6 (Alternate
Use Prohibition):

"Note that addresses in the 169.254/16 prefix SHOULD NOT be
configured manually...."

So I'm not sure if this is a bug or just RFC compliance.

I can't see why you're seeing datagrams to 169.254.1.1 being dropped based on the information you provide.

I did introduce some checks into the mainline code which will prohibit the use of link-local addresses for forwarding, these should not affect reception as an endpoint.

However, you should be just fine manually configuring 169.254/16 addresses for the time being. Whilst it isn't in accordance with the letter of the RFC as you correctly point out, there are situations where it's useful.

The stack does NOT currently support source address selection policies. These were introduced to NetBSD. Currently in FreeBSD, source address selection is based solely on destination address.

cheers
BMS
_______________________________________________
freebsd-net@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@xxxxxxxxxxx"