Subject: Re: Skipping TCP / UDP / IP checksums on loopback traffic
To: Nathan J. Williams <nathanw@wasabisystems.com>
From: Steven M. Bellovin <smb@research.att.com>
List: tech-net
Date: 10/25/2004 13:46:15
In message <mtusm82lmpk.fsf@contents-vnder-pressvre.mit.edu>, "Nathan J. Willia
ms" writes:
>Jonathan Stone <jonathan@dsg.stanford.edu> writes:
>
>> >This seems like a philosophical point as much as a practical one, and
>> >I can imagine [but will not make] an argument that lo0 is the
>> >"natural" local transport and that PF_LOCAL is redundant, and that
>> >your benchmarking usage is not the case we should be accomodating.
>> 
>> I wouldn't care to see anyone make that argument, given Jason's stated
>> rationale was *specifically* for performance relative to Linux on
>> certain [again, we seem to agree such benchmarks are bogus?].
>
>Right, I had veered from the original stated purpose and into the
>abstract mental territory of "starting from scratch, if I want to make
>a connection to myself, what do I do?" Of course, we're not starting
>from scratch, so we've got PF_LOCAL. I think the argument I
>hypothesized would have more appeal with those people ("young kids" or
>something) who have only ever known IP networking, and whose answer to
>"How do I make a local connection?" would be IP-centric rather than
>popping up a layer.
>

In fact, using lo0 for intra-host connections has been a persistent 
source of security vulnerabilities.  Anything that discourages such 
behavior is fine with me.

		--Steve Bellovin, http://www.research.att.com/~smb