lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 17 Oct 2016 15:09:34 +0000
From:   David Laight <David.Laight@...LAB.COM>
To:     'David Lebrun' <david.lebrun@...ouvain.be>,
        "netdev@...r.kernel.org" <netdev@...r.kernel.org>
Subject: RE: [PATCH 0/9] net: add support for IPv6 Segment Routing

From: David Lebrun
> Sent: 17 October 2016 15:42
 
> Segment Routing (SR) is a source routing paradigm, architecturally
> defined in draft-ietf-spring-segment-routing-09 [1]. The IPv6 flavor of
> SR is defined in draft-ietf-6man-segment-routing-header-02 [2].
> 
> The main idea is that an SR-enabled packet contains a list of segments,
> which represent mandatory waypoints. Each waypoint is called a segment
> endpoint. The SR-enabled packet is routed normally (e.g. shortest path)
> between the segment endpoints. A node that inserts an SRH into a packet
> is called an ingress node, and a node that is the last segment endpoint
> is called an egress node.

Is this a new source routing definition?

I thought the original IPv6 definition contained source routing
(probably because someone thought it was a good idea (tm))
but no one implemented it because of the security implications.

You really don't want sending systems using source routing to
get packets across routers (etc) in ways that are contrary to
the packets actual addresses.

	David

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ