lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Sun, 28 Mar 2010 08:57:27 -0700
From:	Stephen Hemminger <shemminger@...tta.com>
To:	YOSHIFUJI Hideaki <yoshfuji@...ux-ipv6.org>
Cc:	David Miller <davem@...emloft.net>, netdev@...r.kernel.org
Subject: Re: [RFC] GTSM for IPv6

On Mon, 22 Mar 2010 16:27:24 +0900
YOSHIFUJI Hideaki <yoshfuji@...ux-ipv6.org> wrote:

> (2010/03/20 1:56), Stephen Hemminger wrote:
> > Also RFC doesn't explicitly address GTSM on IPV6.
> > Maybe the RFC editors think the problem will magically no longer exist
> > in IPv6 world because everyone will be using IPsec.
> 
> > ---
> >   include/linux/in6.h      |    3 +++
> >   include/linux/ipv6.h     |    3 ++-
> >   net/ipv6/ipv6_sockglue.c |   12 ++++++++++++
> >   net/ipv6/tcp_ipv6.c      |   17 ++++++++++++++---
> >   4 files changed, 31 insertions(+), 4 deletions(-)
> 
> Why don't we have code for other protocols such as
> UDP etc?  We already have similar protection in NDP,
> It seem to make sense.
> 
> And, as many other socket options (such as IPV6_UNICAST_HOPS
> etc.) do, please accept value of -1 to set the system's
> default (0 so far).
> 
>              x < -1:        return an error of EINVAL
>              x == -1:       use kernel default
>              0 <= x <= 255: use x
>              x >= 256:      return an error of EINVAL
> 
> We may also want to have sysctl for it.

The choice was made with IPv4 to follow the precedent of FreeBSD.
And it makes sense to me to have IPv6 follow what IPv4 did.

It doesn't make sense as a sysctl value since the value is associated
with a socket. It requires both sides to cooperate and the path
has to be known. The sender sets the hop count to 255 and the receiver
knows the sender is at most N hops away. The receiver then sets the
MIN_HOPCOUNT value to 255 - N.

Implementing GTSM for UDP, SCTP, DCCP is left as an exercise for
the reader. It can't be done in the IP layer since the IP layer
does not a socket and shouldn't be looking it up.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ