lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 8 Jan 2016 17:21:13 +0100
From:	Hannes Frederic Sowa <hannes@...essinduktion.org>
To:	Robert Sander <r.sander@...nlein-support.de>,
	netfilter@...r.kernel.org, netdev@...r.kernel.org
Subject: Re: Configure ICMP error source address

On 08.01.2016 10:31, Robert Sander wrote:
> Is it a good idea to develop a kernel patch that makes it possible to
> select the first IPv4 address on dev lo with scope global as the source
> address for ICMP errors? Would that do any harm to the Internet at large?

I think the way to go is to have a ip rule option in which the admin can 
add routes which get consulted only by the icmp source address 
determination logic. I can assume that some other installations use 
other interface number logic or multiple public addresses. This kind of 
lookup seems to allow all possible lookup scenarios.

Thoughts?

Hannes

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ