| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20100628.200105.115936568.davem@davemloft.net> Date: Mon, 28 Jun 2010 20:01:05 -0700 (PDT) From: David Miller <davem@...emloft.net> To: joakim.tjernlund@...nsmode.se Cc: eric.dumazet@...il.com, netdev@...r.kernel.org, shemminger@...tta.com Subject: Re: [PATCH net-next-2.6] ipv4: sysctl to block responding on down interface From: Joakim Tjernlund <joakim.tjernlund@...nsmode.se> Date: Tue, 29 Jun 2010 01:30:26 +0200 > This is an strict interpretation of the weak host model and does not > answer my questions. Mind to elaborate why such a strict view and > what is gained by answering on an IP address which has been "downed"? IP addresses are never "downed" just as your default route is not "downed" when you take down an interface. Rather, hosts are configured with an IP address and when they are so configured they respond to it and can generate local application sourced packets with that IP address as a source. And what this means is that even in situations where hosts are slightly mis-configured communication between them can still be possible. That's the goal of the weak host model, to get a host respond to IP datagrams in every situation where such an act is plausible. All of the design decisions we've made in the networking in this area are meant to increase the likelyhood of successful communication between two hosts. And in the 10+ years this behavior has existed, I know for sure that people have ended up with a working networking because of the way we do things. So from that perspective it doesn't matter one iota what you or any other particular entity wish things to be, since 10+ years of having this behavior is ingrained enough that changing it is guarenteed to break someone's setup so we absolutely can't do it. This topic comes up at least once every few months, therefore someone should post a FAQ somewhere because it's tiring to explain over and over again why this is a good design decision and why the default behavior is never going to change. The RFCs allow both models equally, and just because many other system does things the other way doesn't make it any better or more valid than what Linux is doing. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists