lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 01 Jun 2009 20:54:06 -0500
From:	John Dykstra <john.dykstra1@...il.com>
To:	Brian Haley <brian.haley@...com>
Cc:	Eric Dumazet <dada1@...mosbay.com>, nicolas.dichtel@...nd.com,
	Florian Westphal <fw@...len.de>,
	netdev <netdev@...r.kernel.org>
Subject: Re: [PATCH] ipv4/ipv6: check hop limit field on input

On Mon, 2009-06-01 at 14:55 -0400, Brian Haley wrote: 
> 'ping6 -t 0 host' does work however.  The problem I see is that if you ping a system,
> if it's a host it will respond, if it's a router it won't - the RFCs don't
> explicitly state the host should drop the packet.  

There are two cases--an echo request to an address assigned to a
router's interface, and to an address _beyond_ the router on another
link.

Any given interface on a router can have forwarding dynamically enabled
or disabled.  I don't remember prescribed echo request or hop limit
behavior changing depending on the forwarding enable, so it seems that
if you ping an address assigned to a router's interface, the router is
expected to follow the (apparently unwritten) host rules.  

Echo requests forwarded by a router should obviously have the hop limit
decremented and checked.

> I don't know if that difference
> in behavior is desired.  Do we know how any other OSes behave?

FWIW, the random BSD flavors I have on hand all check hop limit when
forwarding, but not when processing local ingress traffic.

Also FWIW, as I remember, the TAHI tests only check hop limit behavior
on forwarded traffic.

Nicolas, what's driving your patch?  Are you trying to align slow path
behavior with one of the 6WIND fast path implementations?

  --  John

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ