[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: 16 year old bug
Steven Bellovin wrote:
On Aug 24, 2010, at 12:02 42AM, der Mouse wrote:
Was [running my house LAN with a noncontiguous netmask], for
practical purposes, unsupportable? Was it something likely to cause
subtle bugs all over the networking stack? Was it something
obsoleted more or less 20 years ago? All yes.
Unsupportable? I don't see anything unsupportable about it. Every
system I tried (which admittedly wasn't all that many) supported it
fine. Even today, I tried NetBSD 4.0.1 (the most recent I have easy
admin access to) and it appeared to support it as well as whatever I
was using at the time did - though admittedly I didn't actually verify
that packets were routed the way the resulting routing table implied.
Likely to cause bugs? Nonsense. Likely to expose existing bugs,
perhaps. Do you not consider exposing existing bugs a good thing?
I know I certainly do.
Obsoleted 20 years ago? Perhaps. Strikes me as pretty functional and
useful for an "obsoleted" feature. Besides, this _was_ 20 years ago -
well, actually more like 15±5; I didn't have much of a house LAN
before maybe 1991, and I stopped using the address space this was
embedded in sometime around 2000-2001.
The problem is, as has been noted, the lack of a good definition of the routing
table with mixed prefixes. If everyone uses a mask of, say, 0xA596695A, it all
just works. But if some routers use 0xA95696A5 and others use 0xA596695A, the
semantics are unclear.
The fact that the semantics are unclear don't automatically make it
IP was designed with the throught that things might work differently in
different parts of the network, and that each packet might be routed
differently, and things will still work.
Quite frankly, the routers might be as confused as they want to. As long
as they forward packets along *some* route, we'll probably be just happy.
If routers managed to set up some kind of loop, in which certain masks
makes two routers just send a packet back and forth, then we get a
broken situation, but I can't really see a correctly configured router
being setup in a way that this situation exists. But maybe I just lack
So, when all is said and done (from my side), my view is that while I
believe that non-continuous masks are not "allowed" I see no good reason
to forbid people to set them up if they want to.
Non-contiguous masks can indeed be useful, albeit only in specialized
topologies and networks. I could have used them in a paper I published just
1.5 years ago. The trouble is that they conflicted with the routing table
definition necessary for CIDR, and CIDR was and is necessary for the survival
of the Internet.
None of this, however, has any relationship to what the original poster said,
which is that the current code is also used in IPsec and has a performance bug.
And *that* is completely unrelated to whether or not non-contiguous masks are
a good idea!
Johnny Billquist || "I'm on a bus
|| on a psychedelic trip
email: bqt%softjar.se@localhost || Reading murder books
pdp is alive! || tryin' to stay hip" - B. Idol
Main Index |
Thread Index |