lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Mon, 10 Nov 2008 10:40:22 +0200
From:	"Rami Rosen" <roszenrami@...il.com>
To:	"Rémi Denis-Courmont" 
	<remi.denis-courmont@...ia.com>
Cc:	"ext Roman Chertov" <roman@...tabarbaralabs.com>,
	netdev@...r.kernel.org
Subject: Re: 2.6.24.7 ipv6 send redirect

Hello,

1)  There is no way to disable IPv6 ICMP redirect **sending ** messages.
You can only disable IPv6 ICMP redirect ** receiving** messages, via:
echo "0" > /proc/sys/net/ipv6/conf/all/accept_redirects

(Taking a brief look in the implementation will show that there
is a field named "accept_redirects" in ipv6_devconf structure,
but there is **no** field named send_redirects ,as in ipv4;
see: include/linux/ipv6.h.)

2) The RFC (rfc4294) says: (§4.2)
" Redirect functionality SHOULD be supported.  If the node is  a
router, Redirect functionality MUST be supported."


Regards,
Rami Rosen


On Mon, Nov 10, 2008 at 10:17 AM, Rémi Denis-Courmont
<remi.denis-courmont@...ia.com> wrote:
> On Friday 07 November 2008 21:16:16 ext Roman Chertov, you wrote:
>>     I need to disable IPv6 ICMP redirect messages.  In the
>> /proc/sys/net/ipv4/conf/all/ there is a flag send_redirects which
>> disables sending of the redirects in IPv4.  However, this option is not
>> present in the /proc/sys/net/ipv6/conf/all/.  Did this option get moved
>> to another location?  I would prefer to disable the redirects via a flag
>> and want to resort to changing the IPv6 forwarding code as the last
>> measure.
>
> In my understanding, disabling redirects on an IPv6 router is not allowed by
> the specification (see RFC4294 §4.2).
>
> --
> Rémi Denis-Courmont
> Maemo Software, Nokia Devices R&D
> --
> To unsubscribe from this list: send the line "unsubscribe netdev" in
> the body of a message to majordomo@...r.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ