lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 01 Jun 2009 14:55:20 -0400 From: Brian Haley <brian.haley@...com> To: Eric Dumazet <dada1@...mosbay.com> CC: nicolas.dichtel@...nd.com, Florian Westphal <fw@...len.de>, netdev <netdev@...r.kernel.org> Subject: Re: [PATCH] ipv4/ipv6: check hop limit field on input Eric Dumazet wrote: > Nicolas Dichtel a écrit : >> Le 01.06.2009 18:19, Florian Westphal a écrit : >>> Nicolas Dichtel <nicolas.dichtel@....6wind.com> wrote: >>>> when network stack receives a packet, it didn't check value of >>>> ttl/hop limit >>>> field. RFC indicates that a router must drop the packet if this field >>>> is 0. >>> Whats wrong with the checks in ip(6)_forward? >> It's on forward, not on input. Router must not process it. >> For example, if you try to ping (with ttl set to 0) the router, you will >> receive a reply. >> > > You seem to mix requirements for routers and hosts. ttl processing > is relevant for a gateway only, not for a host. > > (terminology : gateway / host in rfc 792) > > I would say : who sent this ttl=0 packet at first ? > > ping -t 0 host > ping: can't set unicast time-to-live: Invalid argument > > So Linux is not able to do that, unless using tricks of course, or patching IP_TTL 'ping6 -t 0 host' does work however. The problem I see is that if you ping a system, if it's a host it will respond, if it's a router it won't - the RFCs don't explicitly state the host should drop the packet. I don't know if that difference in behavior is desired. Do we know how any other OSes behave? -Brian -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists