lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 12 Jan 2016 18:26:24 +0100 From: Hannes Frederic Sowa <hannes@...essinduktion.org> To: Stas Sergeev <stsp@...t.ru> Cc: netdev <netdev@...r.kernel.org>, Sowmini Varadhan <sowmini.varadhan@...cle.com> Subject: Re: Q: bad routing table cache entries On 12.01.2016 18:18, Stas Sergeev wrote: > 12.01.2016 20:06, Hannes Frederic Sowa пишет: >> On 12.01.2016 17:56, Stas Sergeev wrote: >>> 12.01.2016 19:42, Stas Sergeev пишет: >>> Also the rfc1620 you pointed, seems to be saying this: >>> >>> A Redirect message SHOULD be silently discarded if the >>> new router address it specifies is not on the same >>> connected (sub-) net through which the Redirect arrived, >>> or if the source of the Redirect is not the current >>> first-hop router for the specified destination. >>> >>> It seems, this is exactly the rule we were trying to find >>> during the thread. And it seems violated, either. Unless I am >>> mis-interpreting it, of course. >> >> If you read on you will read that with shared_media this exact clause (the first of those) is not in effect any more. > OK. But how to get such a redirect to work, if (checked with > tcpdump) the packets do not even go to eth0, but to "lo"? I don't know, the router must be on the same shared medium. I guess physical reconfiguration is required? Aren't there arp request for the host on eth0? > And how to deal with the above quote from rfc1812? > >> I don't know why shared_media=1 is the default in Linux, this decision was made long before I joined here. Anyway, with shared_media=1 this is absolutely the required behavior. > Then it should work. How? :) What should work? Sorry, I can't follow you. Everything looks fine to me. The default is shared_media, so servers send such redirects and client accept those. If it would be 0 the rfc1812 applies and should stop servers to send such redirects and clients to accept those. Bye, Hannes
Powered by blists - more mailing lists