| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 30 May 2007 11:38:28 +0200 From: KOVACS Krisztian <hidden@...abit.hu> To: David Miller <davem@...emloft.net> Cc: ja@....bg, kaber@...sh.net, horms@...ge.net.au, jkrzyszt@....icnet.pl, netdev@...r.kernel.org Subject: Re: [IPV4] LVS: Allow to send ICMP unreachable responses when real-servers are removed Hi, On Friday 18 May 2007 11:05, David Miller wrote: > From: Julian Anastasov <ja@....bg> > Date: Fri, 18 May 2007 11:40:54 +0300 (EEST) > > > On Thu, 17 May 2007, Patrick McHardy wrote: > > > In any case some better solution than the current one needs to be > > > found, allowing users to send spoofed packets is far worse than > > > using a non-desired source address for ICMP packets. > > > > yes, I would prefer the sysctl_ip_nonlocal_bind change to be > > removed until such solution is found. > > Ok, I'll revert it. I'm just about to publish the next round of tproxy patches (with the routing code modifications completely removed), but this issue is still present. I've posted a few patches making omitting this check possible selectively back in March. Do those changes look acceptable? http://marc.info/?l=linux-netdev&m=117310979823297&w=3 And the related socket layer changes: http://marc.info/?l=linux-netdev&m=117310979815374&w=3 http://marc.info/?l=linux-netdev&m=117310979902806&w=3 http://marc.info/?l=linux-netdev&m=117310980027541&w=3 -- Regards, Krisztian Kovacs - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists