Skip to content

Described check if peer node is in LAN and described when the check s…#74

Open
wilcowijbrandi wants to merge 1 commit into
s2-connect-beta-3from
lan-check
Open

Described check if peer node is in LAN and described when the check s…#74
wilcowijbrandi wants to merge 1 commit into
s2-connect-beta-3from
lan-check

Conversation

@wilcowijbrandi
Copy link
Copy Markdown
Member

@wilcowijbrandi wilcowijbrandi commented May 8, 2026

…hould be performed

jorritn
jorritn requested changes May 13, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@jorritn jorritn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think this idea of link-local as currently specified will work. An IPv4 link-local address has a dedicated IP range and is used in case static IP is not configured and DHCP failed. So it cannot reliably be used to determine if a node is on the same LAN. It is very uncommon that a device has a static/DHCP IPv4 address and a link local address. According to RFC 3927 Section 2.1, an IPv4 device should not keep both addresses active at the same time because it introduces unnecessary routing table complexity.

The situation with IPv6 is totally different but then we have to specify that IPv6 addresses must be used by the endpoint.

@wilcowijbrandi
Copy link
Copy Markdown
Member Author

wilcowijbrandi commented May 19, 2026

We've decided that the LAN check is not necessary, since there is no inherent security risk if a node claims to be in the LAN, but is not. The specification does need to explain this explicitly.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jorritn jorritn jorritn requested changes

Assignees

@jorritn jorritn

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@wilcowijbrandi @jorritn