Subject: Re: Should loose source routing be enabled if not IPFORWARDING?
To: Alan Barrett <barrett@daisy.ee.und.ac.za>
From: Mark P. Gooderum <mark@nirvana.good.com>
List: current-users
Date: 12/14/1994 22:40:21
> > None of the legitimate uses of source routing have any need to pass through
> > a box that has GATEWAY off.
> 
> I consider "traceroute -g intermediary destination" to be a ligitimate use
> of source routing, even when the intermeidary is a non-routing host.

If it's a non-routing source, what business do your packets have passing
through the box?

> When GATEWAY is off, the box should not pass packets in one interface and
> out another, but I think it could still pass LSRR and SSRR packets in one
> interface and back out the same interface; there could be another option
> to disable that too (for use in firewalls etc.). 

This is a nice concept but has a big problem.  The ip_input() routine
(the function that decides to route or drop or accept as local any incoming
IP packet) has no sure knowledge of which interface that packet actually
came in on.  The link layer device (ethernet, slip, ppp, etc), throws the
incoming packet on the protocol input queue and schedules a software
interrupt.  That packet is an mbuf of the actual packet, there is no link
to the interface and no MAC/Link layer header (the bpf device is a special
case that is handled in the link layer device driver).  The IP layer can
try to guess based on routing, but it's just that, a guess.  Maybe a good
guess in a simple us and them inside/outside routing situation, but even that
assumes no forged packets...BIG and bad assumption to make if you are 
actually worried about security.

So ip_input() and the routing routines don't know for sure where a packet
came from.  Thus, if you want to be really sure of not passing packets, you
have to not forward *any* packets.
--
Mark