| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <alpine.LRH.2.00.1003190837210.6428@netcore.fi> Date: Fri, 19 Mar 2010 09:58:09 +0200 (EET) From: Pekka Savola <pekkas@...core.fi> To: Stephen Hemminger <shemminger@...tta.com> cc: David Miller <davem@...emloft.net>, netdev@...r.kernel.org Subject: Re: [PATCH] tcp: Generalized TTL Security Mechanism On Thu, 18 Mar 2010, Stephen Hemminger wrote: >> The experimental, earlier spec (GTSH, RFC3682) did not have this >> requirement. Most if not all implementations support only GTSH mode. >> So a backward-compatibility option may be desirable. > > The ICMP receive error handling does need to be updated. > > But any application using GTSM should be setting IP_TTL socket option > to set send TTL. But, not sure if Linux TCP ever sends ICMP > for existing sessions at all. Thanks, Stephen! It's nice to see at least one compliant RFC5082 implementation ;-) Good point that no one should should probably even be sending ICMP messages for TCP sockets, but on receive side the checks are important :-) -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists