Re: serious flaw exposed via filters (fwd)

MegaZone (megazone@livingston.com)
Mon, 16 Sep 1996 20:42:41 -0700 (PDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: MegaZone: "PM-2ER to Cisco (fwd)"
Previous message: MegaZone: "Max Number of Portmasters per LAN segment (fwd)"
Next in thread: Igor V. Semenyuk: "Re: serious flaw exposed via filters (fwd)"

Once upon a time Igor V. Semenyuk shaped the electrons to say...
>add route 192.168.2.0 192.168.1.1 5
>set netmask 192.168.2.0 255.255.255.255
>
>would create a route to 192.168.2.0/24

This is just plain wrong - you *MUST SET NETMASKS FIRST!* That is a
cardinal rule. If you use the netmask table, ALL NETMASKS MUST BE SET
***BEFORE*** SETTING THE ROUTE.

>set netmask 192.168.2.0 255.255.255.255
>add route 192.168.2.0 192.168.1.1 5
>would create a route to 192.168.2.0/32(!) which is rarely meant.

No, that is *exactly* the *only* time you would do that. This is what
the netmask table was designed to do, using it for something else is a
misuse.

>address) he would get very suprising result (with packet loops). Moreover,
>it would be impossible to delete the route:
>delete route 192.168.2.0 192.168.1.1

Yep.

>would result in "network not in table" or whatever the exact error message is.
>The only way to get this route deleted is
>set netmask 192.168.2.0 255.255.255.0
>delete route 192.168.2.0 192.168.1.1
>set netmask 192.168.2.0 255.255.255.255
>Interesting, isn't it?

Not at all, it was created completely improperly.

>And this and a couple of other related problems is because Livingston
>decided not to introduce concept of explicit netmask in "route" commands
>and opted for implicit netmasks with a separate "set netmask" command.

Same deal. It would have the same effect if we set it on the route
commands as if you set it in the netmask table. If you use the netmask
table correctly it works the same way. And since we do not yet support
VLSM, allowing it on route commands would be worse.

'add route 199.224.12.3/25 200.1.3.4 1'
'add route 199.224.12.49/27 200.4.5.8 1'

Which netmask is used? You can only set one for the entire network,
and you have just set two.

'add netmask 199.224.12.0 255.255.255.224' sets it once and effects all
IPs on that network. Simple.

-MZ

--
Livingston Enterprises - Chair, Department of Interstitial Affairs
Phone: 800-458-9966 510-426-0770 FAX: 510-426-8951 megazone@livingston.com
For support requests: support@livingston.com  <http://www.livingston.com/> 
Snail mail: 6920 Koll Center Parkway  #220, Pleasanton, CA 94566
See me in person: Internet Expo, Boston, MA, October 16-17, Booth 422 ;-)

Next message: MegaZone: "PM-2ER to Cisco (fwd)"
Previous message: MegaZone: "Max Number of Portmasters per LAN segment (fwd)"
Next in thread: Igor V. Semenyuk: "Re: serious flaw exposed via filters (fwd)"