On Tuesday 2008-04-22 22:16, Grant Taylor wrote: >> However, ping 127.0.0.2 will fail of course, yes it is a special handling >> inside linux (but not really on the topic of "secure"), code-wise it is just >> like 240.0.0.0/8 which was not routed a few weeks ago until a patch changed >> it. > > I had not considered any thing other than 127.0.0.1 as I don't use the other > millions of addresses in the loopback network. > > Are you saying that what I'm calling a ""security feature is really a > misconception and a side effect of other parts of the kernel? > > Further, can you give some back history on the 240/8 network or point me in a > direction to do some reading? Before the patch, trying to ping 240.1.2.3 also resulted in Invalid argument or Network unreachable. Since there was an IETF draft draft-fuller-240space-00.txt to enable use of 240... see commit 1e637c74b0f84eaca02b914c0b8c6f67276e9697. If you look at the diff of 1e637 to its parent (i.e. "the patch" as one could say :-) you see ipv4_is_loopback in the context around it; among it in a few files, this function causes "special handling". hth. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
