lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAF0Lin2-ooC6iQCwjnf5196cfy0Xii6H5prS4CEsjeJVAFYcyA@mail.gmail.com>
Date:	Fri, 13 Sep 2013 18:57:56 +0300
From:	Andy Johnson <johnsonzjo@...il.com>
To:	netdev@...r.kernel.org
Subject: Re: ICMP rate limiting in IPv4 but not in IPv6

Hello,
After probing into the RFC of ICMPv6, I am even more confused.

RFC 4443 says:

2.4.  Message Processing Rules
...

(f) Finally, in order to limit the bandwidth and forwarding costs
       incurred by originating ICMPv6 error messages, an IPv6 node MUST
       limit the rate of ICMPv6 error messages it originates.
...
The rate-limiting parameters SHOULD be configurable.
...

Any ideas?

regards,
Andy

On Fri, Sep 13, 2013 at 10:21 AM, Andy Johnson <johnsonzjo@...il.com> wrote:
> Hello,
>
> I am trying to understand the difference between ICMP rate limiting
> in IPv4 and in IPv6.
>
> In IPv4 we have the ability to rate limit ICMPv4 while in IPv6 we do not have
> this ability.
>
> To be more code-oriented:
> The icmpv4_xrlim_allow() method does inspect the rate mask,
> (net->ipv4.sysctl_icmp_ratemask)
> whereas the icmpv6_xrlim_allow() method does not inspect the rate mask.
>
> I do not understand why, for example, we can rate limit ICMPv4 messages of
> Echo Reply and not rate limit ICMPv6 messages of Echo Reply.
>
> See: icmp_ratemask and icmp_ratelimit in Documentation/networking/ip-sysctl.txt
>
> I believe there is some reason behind it (adding checking of rate mask
> seems to me trivial). I try to figure out the reason behind this but I did not
> find anything reasonable,
>
> Does anybody happen to know ?
>
> Regards,
> Andy
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ