| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20080728174432.GA15892@gerrit.erg.abdn.ac.uk> Date: Mon, 28 Jul 2008 18:44:32 +0100 From: Gerrit Renker <gerrit@....abdn.ac.uk> To: Vlad Yasevich <vladislav.yasevich@...com> Cc: netdev@...r.kernel.org Subject: Re: [RFC] sctp/tcp: Question -- ICMPv4 length check (not) redundant? | > In TCP, the 8 bytes happen to be enough for doing sequence number checks. Other | > protocols have different header lengths and semantics. Thus doing the checks | > at the transport layer makes more sense than in the ICMP handler. | > | > RFC 1122 is almost 20 years old, from a time before IPcomp, SCTP, or DCCP. | | So the suggestion really is then to remove the length check icmp_unreach()? | Yes, but there are a large number of handlers in which the check is absent (TCPv4, SCTPv4 and DCCP are exceptions). This would need to be added. The ipv6/icmp.c code agrees with your suggestion of using 8 bytes as lower bound. I did not want to jump to the conclusion of writing a patch, since there are more complex uses of ICMP (such as in a nested tunnel, perhaps with IPsec). This needs to be understood. Gerrit -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists