lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 13 Sep 2013 09:21:42 +0200
From:	Andy Johnson <johnsonzjo@...il.com>
To:	netdev@...r.kernel.org
Subject: ICMP rate limiting in IPv4 but not in IPv6

Hello,

I am trying to understand the difference between ICMP rate limiting
in IPv4 and in IPv6.

In IPv4 we have the ability to rate limit ICMPv4 while in IPv6 we do not have
this ability.

To be more code-oriented:
The icmpv4_xrlim_allow() method does inspect the rate mask,
(net->ipv4.sysctl_icmp_ratemask)
whereas the icmpv6_xrlim_allow() method does not inspect the rate mask.

I do not understand why, for example, we can rate limit ICMPv4 messages of
Echo Reply and not rate limit ICMPv6 messages of Echo Reply.

See: icmp_ratemask and icmp_ratelimit in Documentation/networking/ip-sysctl.txt

I believe there is some reason behind it (adding checking of rate mask
seems to me trivial). I try to figure out the reason behind this but I did not
find anything reasonable,

Does anybody happen to know ?

Regards,
Andy
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ