| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 01 Jun 2009 20:43:45 +0200 From: Eric Dumazet <dada1@...mosbay.com> To: nicolas.dichtel@...nd.com CC: Florian Westphal <fw@...len.de>, netdev <netdev@...r.kernel.org> Subject: Re: [PATCH] ipv4/ipv6: check hop limit field on input Nicolas Dichtel a écrit : > Le 01.06.2009 18:19, Florian Westphal a écrit : >> Nicolas Dichtel <nicolas.dichtel@....6wind.com> wrote: >>> when network stack receives a packet, it didn't check value of >>> ttl/hop limit >>> field. RFC indicates that a router must drop the packet if this field >>> is 0. >> >> Whats wrong with the checks in ip(6)_forward? > It's on forward, not on input. Router must not process it. > For example, if you try to ping (with ttl set to 0) the router, you will > receive a reply. > You seem to mix requirements for routers and hosts. ttl processing is relevant for a gateway only, not for a host. (terminology : gateway / host in rfc 792) I would say : who sent this ttl=0 packet at first ? ping -t 0 host ping: can't set unicast time-to-live: Invalid argument So Linux is not able to do that, unless using tricks of course, or patching IP_TTL BTW, sending ttl=0 packets to my cisco host (also a router but not relevant) is ok, it replies to this packets... I wonder why Linux forbids sending ttl=0 packets, time to read again all these RFCs :) -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists