lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 02 Jun 2009 11:35:03 +0200 From: Nicolas Dichtel <nicolas.dichtel@...nd.com> To: John Dykstra <john.dykstra1@...il.com> Cc: Brian Haley <brian.haley@...com>, Eric Dumazet <dada1@...mosbay.com>, Florian Westphal <fw@...len.de>, netdev <netdev@...r.kernel.org> Subject: Re: [PATCH] ipv4/ipv6: check hop limit field on input John Dykstra wrote: > On Mon, 2009-06-01 at 14:55 -0400, Brian Haley wrote: >> 'ping6 -t 0 host' does work however. The problem I see is that if you ping a system, >> if it's a host it will respond, if it's a router it won't - the RFCs don't >> explicitly state the host should drop the packet. > > There are two cases--an echo request to an address assigned to a > router's interface, and to an address _beyond_ the router on another > link. > > Any given interface on a router can have forwarding dynamically enabled > or disabled. I don't remember prescribed echo request or hop limit > behavior changing depending on the forwarding enable, so it seems that > if you ping an address assigned to a router's interface, the router is > expected to follow the (apparently unwritten) host rules. Good point. > > Echo requests forwarded by a router should obviously have the hop limit > decremented and checked. > >> I don't know if that difference >> in behavior is desired. Do we know how any other OSes behave? > > FWIW, the random BSD flavors I have on hand all check hop limit when > forwarding, but not when processing local ingress traffic. > > Also FWIW, as I remember, the TAHI tests only check hop limit behavior > on forwarded traffic. Right. > > Nicolas, what's driving your patch? Are you trying to align slow path > behavior with one of the 6WIND fast path implementations? No. I'm just checking RFC conformance ;-) Nicolas > > -- John > > -- > To unsubscribe from this list: send the line "unsubscribe netdev" in > the body of a message to majordomo@...r.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists