7.0 & Link-Local Addresses
Bruce M. Simpson
bms at FreeBSD.org
Thu Feb 21 01:43:56 UTC 2008
James Snow wrote:
> I'm trying to use link-local for the cross-over interface between a pair
> of FreeBSD boxes running pf, pfsync, and CARP. These firewalls will
> need to be able to route for the whole of RFC1918, and carving off a
> piece of that address space isn't an option.
>
> This seemed to be a perfect scenario for link-local addresses until I
> ran into the above problem. RFC 3927 states, in section 1.6 (Alternate
> Use Prohibition):
>
> "Note that addresses in the 169.254/16 prefix SHOULD NOT be
> configured manually...."
>
> So I'm not sure if this is a bug or just RFC compliance.
>
I can't see why you're seeing datagrams to 169.254.1.1 being dropped
based on the information you provide.
I did introduce some checks into the mainline code which will prohibit
the use of link-local addresses for forwarding, these should not affect
reception as an endpoint.
However, you should be just fine manually configuring 169.254/16
addresses for the time being. Whilst it isn't in accordance with the
letter of the RFC as you correctly point out, there are situations where
it's useful.
The stack does NOT currently support source address selection policies.
These were introduced to NetBSD. Currently in FreeBSD, source address
selection is based solely on destination address.
cheers
BMS
More information about the freebsd-net
mailing list