Re: Support for 240/4 and 0/8 addresses in NetBSD

[David Young <dyoung%pobox.com@localhost>]

On Tue, Jun 13, 2023 at 02:16:26PM +0200, Martin Husemann wrote:
> On Mon, Jun 12, 2023 at 10:25:27AM -0400, Mouse wrote:
> > > I think that is what we are landing on; there have been several
> > > comments (including me) that we shouldn't change given the lack of
> > > standardization, and I haven't seen any in favor of just changing.
> > 
> > Depending on your opinion of me, it may be a reason to change or a
> > reason to not change, but I'm in favour of just changing.
> 
> Me too. A sysctl is slightly expensive (at various scales) and IMHO
> simply not needed here. A kernel config option to restore the old
> behaviour would be OK, but I'd like to avoid that too.

I had a glance at in_canforward and the places where it is used, and it
sure looks like policy that was made into mechanism.

Instead of adding a kernel config option or sysctl, wouldn't it be
simplest to add REJECT routes for the relevant ranges at boot, or not,
based on a setting in rc.conf?  (I thought somebody suggested something
similar earlier in the thread.  Maybe I overlooked some reason that it's
a bad idea.)

David

-- 
David Young
dyoung%pobox.com@localhost    Urbana, IL    (217) 721-9981