| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20111017.194344.510280595317217573.davem@davemloft.net> Date: Mon, 17 Oct 2011 19:43:44 -0400 (EDT) From: David Miller <davem@...emloft.net> To: fbl@...hat.com Cc: netdev@...r.kernel.org Subject: Re: [PATCH] route: fix ICMP redirect validation From: Flavio Leitner <fbl@...hat.com> Date: Wed, 5 Oct 2011 11:20:04 -0300 > The commit f39925dbde7788cfb96419c0f092b086aa325c0f > (ipv4: Cache learned redirect information in inetpeer.) > removed some ICMP packet validations which are required by > RFC 1122, section 3.2.2.2: > ... > A Redirect message SHOULD be silently discarded if the new > gateway address it specifies is not on the same connected > (sub-) net through which the Redirect arrived [INTRO:2, > Appendix A], or if the source of the Redirect is not the > current first-hop gateway for the specified destination (see > Section 3.3.1). > > Signed-off-by: Flavio Leitner <fbl@...hat.com> The reason for putting this into the inetpeer cache was so that we didn't need to consult the routing cache at all. We're working to remove it at some point, so every dependency matters. Can you implement this such that only an inetpeer cache probe is necessary? Thanks. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists