| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 16 Nov 2011 17:02:13 -0500 (EST) From: David Miller <davem@...emloft.net> To: fbl@...hat.com Cc: netdev@...r.kernel.org Subject: Re: [PATCH] route: add more relaxed option for secure_redirects From: Flavio Leitner <fbl@...hat.com> Date: Wed, 16 Nov 2011 18:46:12 -0200 > Thus, the only option at the sender side would be using iptables > to change the ICMP redirect source address to be the float address, > but that is not working as well. (It isn't passing through -t nat) If it's going to mangle the packet in one direct, the only option for sane operation is to make the exact reverse transformation in the other direction for ICMP messages. I'm sorry to be so difficult about this, but this is the only way to handle this problem. If packet mangling is performed to change the world, that mangling entity has taken on the responsibility to make everything look correct to all entities for the mangled packets and any packets generated in response to such mangled packets. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists