Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!sun-barr!lll-winken!uunet!samsung!noose.ecn.purdue.edu!mentor.cc.purdue.edu!dls From: dls@mentor.cc.purdue.edu (David L Stevens) Newsgroups: comp.protocols.tcp-ip Subject: Re: Hosts whose IP numbers end in 0........ Summary: clarification Message-ID: <13448@mentor.cc.purdue.edu> Date: 29 Aug 90 16:31:45 GMT References: <1990Aug28.074951.21126@ircam.ircam.fr> <63256@bu.edu.bu.edu> <63380@bu.edu.bu.edu> Organization: PUCC UNIX Group Lines: 47 A point of clarification, since several people have sent me e-mail on the topic... When I say "shouldn't" regarding filtering, I mean in the RFC-speak sense of "it's a bad idea." I don't mean it's contrary to any RFC, so you don't need to point out to me that some say it's fine for gateways to filter broadcast packets. Beyond that, there is the fact that it is impossible to do it right in the case we were talking about, and THAT is just plain wrong. A gateway that isn't directly attached or administered by the same people as an arbitrary IP address CANNOT answer the question "is this a broadcast?" so it doesn't matter whether an RFC says you can or not; in practice, you can't. Here's why: suppose you're a gateway and you don't have anything to do with the network 128.210 and you get a datagram with either source or destination as, say, "128.210.1.127". Is that a broadcast packet or not? Well, if my subnet mask is 255.255.255.128, the host part is all 1's and it's a broadcast. If my subnet mask is 255.255.255.0, it's a host. The remote gateway can't know what the mask is. "But WAIT!" you say. "What about an ICMP mask request??" The question, then, is, to where do you send such a mask request? Well, the only address on that net (in general) you know is 128.210.1.127, so that's you're only choice. But if it's a host, it won't (in general) answer, because only gateways are required to answer mask requests [rfc 950; 1122 says some hosts may not reply]. And, of course, if you don't get an answer, it doesn't mean it's a host-- maybe the datagram was lost. Besides, you'd be committing the sin you're trying to prevent-- sending a directed broadcast. And then, would you keep this around or send a mask request for every routed packet-- just completely impractical. So, even though RFC's say you can filter broadcast packets, the case in point doesn't allow it on the grounds that you cannot compute "is this a broadcast?" and it is clearly wrong for the router to drop the packet. "Wrong" in the sense that it inhibits legitimate use of the Internet. We have a clear demonstration of that. Philosophically, it's wrong because it flattens the hierarchical address space by requiring the internal structure of networks to be visible to the outside world for things to work. I assert that the only machines that can have any legitimate interest in the host part of an IP address are those under the same administration as the address in question. If I want to allow a host on your net to send broadcasts on mine, who benefits by some other gateway (yours or an intervening one) filtering it?? Only my networks can suffer from the broadcasting and if I don't filter it, nobody should... -- +-DLS (dls@mentor.cc.purdue.edu)