lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Sat, 9 Jan 2016 17:41:54 +0100
From:	Robert Sander <r.sander@...nlein-support.de>
To:	netfilter@...r.kernel.org, netdev@...r.kernel.org
Subject: Re: Configure ICMP error source address

Hi,

Am 09.01.2016 um 10:57 schrieb Hannes Frederic Sowa:
> 
> I would also use dummy interfaces in production systems, merely to split
> the statistics from dummy.

Thank you for discussing the merits of dummy interfaces. I will consider
your arguments. But unfortunately this did not answer my question.

Let me rephrase it:

Is it a good idea to set a specific global IPv4 address as source
address for outgoing ICMP error messages?

Would it be OK to create a /proc/sys/net/ipv4/icmp_errors_source where
you could write an arbitrary IPv4 address into? And that would get used
as the source address of ICMP errors?

My questions did contain the loopback interface as I first thought it a
good source of a globally routable IPv4 address (at least in our case).

Secound thought: Instead of writing an IPv4 address to
/proc/sys/net/ipv4/icmp_errors_source write an interface name to that
file and take the first global IPv4 address from that interface as
source for ICMP errors. Then you could create a dummy interface for that
use case, too.

Still: Is it a good idea to do so?

Regards
-- 
Robert Sander
Heinlein Support GmbH
Schwedter Str. 8/9b, 10119 Berlin

http://www.heinlein-support.de

Tel: 030 / 405051-43
Fax: 030 / 405051-19

Zwangsangaben lt. §35a GmbHG:
HRB 93818 B / Amtsgericht Berlin-Charlottenburg,
Geschäftsführer: Peer Heinlein -- Sitz: Berlin


Download attachment "signature.asc" of type "application/pgp-signature" (837 bytes)

Powered by blists - more mailing lists