tech-net archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: 16 year old bug

Steven Bellovin wrote:
On Aug 24, 2010, at 12:02 42AM, der Mouse wrote:

Was [running my house LAN with a noncontiguous netmask], for
practical purposes, unsupportable?  Was it something likely to cause
subtle bugs all over the networking stack?  Was it something
obsoleted more or less 20 years ago?  All yes.
Actually, no.

Unsupportable?  I don't see anything unsupportable about it.  Every
system I tried (which admittedly wasn't all that many) supported it
fine.  Even today, I tried NetBSD 4.0.1 (the most recent I have easy
admin access to) and it appeared to support it as well as whatever I
was using at the time did - though admittedly I didn't actually verify
that packets were routed the way the resulting routing table implied.

Likely to cause bugs?  Nonsense.  Likely to expose existing bugs,
perhaps.  Do you not consider exposing existing bugs a good thing?
I know I certainly do.

Obsoleted 20 years ago?  Perhaps.  Strikes me as pretty functional and
useful for an "obsoleted" feature.  Besides, this _was_ 20 years ago -
well, actually more like 15±5; I didn't have much of a house LAN
before maybe 1991, and I stopped using the address space this was
embedded in sometime around 2000-2001.

The problem is, as has been noted, the lack of a good definition of the routing 
table with mixed prefixes.  If everyone uses a mask of, say, 0xA596695A, it all 
just works.  But if some routers use 0xA95696A5 and others use 0xA596695A, the 
semantics are unclear.

The fact that the semantics are unclear don't automatically make it non-functional. IP was designed with the throught that things might work differently in different parts of the network, and that each packet might be routed differently, and things will still work.

Quite frankly, the routers might be as confused as they want to. As long as they forward packets along *some* route, we'll probably be just happy. If routers managed to set up some kind of loop, in which certain masks makes two routers just send a packet back and forth, then we get a broken situation, but I can't really see a correctly configured router being setup in a way that this situation exists. But maybe I just lack imagination.

So, when all is said and done (from my side), my view is that while I believe that non-continuous masks are not "allowed" I see no good reason to forbid people to set them up if they want to.

Non-contiguous masks can indeed be useful, albeit only in specialized 
topologies and networks.  I could have used them in a paper I published just 
1.5 years ago.  The trouble is that they conflicted with the routing table 
definition necessary for CIDR, and CIDR was and is necessary for the survival 
of the Internet.

None of this, however, has any relationship to what the original poster said, 
which is that the current code is also used in IPsec and has a performance bug. 
  And *that* is completely unrelated to whether or not non-contiguous masks are 
a good idea!



Johnny Billquist                  || "I'm on a bus
                                  ||  on a psychedelic trip
email:             ||  Reading murder books
pdp is alive!                     ||  tryin' to stay hip" - B. Idol

Home | Main Index | Thread Index | Old Index