Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!sdd.hp.com!decwrl!ogicse!husc6!purdue!mentor.cc.purdue.edu!dls From: dls@mentor.cc.purdue.edu (David L Stevens) Newsgroups: comp.protocols.tcp-ip Subject: Re: IP numbers that end in 0 ... Message-ID: <13422@mentor.cc.purdue.edu> Date: 29 Aug 90 03:01:16 GMT References: <13391@mentor.cc.purdue.edu> <563@npdiss1.StPaul.NCR.COM> Organization: PUCC UNIX Group Lines: 32 In article <563@npdiss1.StPaul.NCR.COM>, mercer@npdiss1.StPaul.NCR.COM (Dan Mercer) writes: > I disagree - it is a perfectly legitimate function for routers to > perform message filtering. ... Well, first of all, the original poster's description suggests that this is the default behaviour of the router, and not the result of some arbitrary packet filtering. Secondly, sure, you can filter packets and many routers will let you do that arbitrarily ("ok, no packets with a "7" in the 47th data byte-- I always hated those."]. The price you pay for that explicit nonconformance to the protocol is that you can't interoperate with other systems. IP doesn't include packet filtering and to the extent that you do it, you reduce the ability of your users to talk IP with other hosts. Certainly the more carefully you do it, the less impact it will have, but it's not free and if you don't consider all the legitimate uses that might be affected, your users lose. Following the spec, on the other hand, probably won't get you into trouble. I'm not a packet filtering fan... :-) And finally, in this case in particular (remote gateway), you CAN'T know whether the address is a broadcast address or not, since the mask isn't available to you. If you take the "we know better than you" approach and discard packets that look like they may use broadcast addresses, you won't be able to talk to perfectly legitimate, conforming, IP hosts. You'd get what you deserved, but your unsuspecting users and anyone who has to route through you would be the ones who really get it. The only conservative, and thus wise, way for a gateway to route a packet that has a different network number than any of its interfaces is to look at the piece it needs to for routing (first 2 octets for Class B) and leave the host part to the magic of gateways that know something about it. That keeps them from getting in the way when new things, like subnetting, come along. -- +-DLS (dls@mentor.cc.purdue.edu)