lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <CA+42Kx5UKSnzhaKSfz2t1Kis7Q4=Ms3spd-tnW-CDHKvzTm5PA@mail.gmail.com>
Date: Sat, 3 Aug 2024 01:54:13 +0300
From: Davis Mosenkovs <davis@...enkovs.lv>
To: netdev@...r.kernel.org
Subject: Mirror DF flag in ICMP echo replies

Greetings!

Currently, after receiving an IPv4 ICMP echo request packet with the
Don't Fragment (DF) flag set in the IP header, a Linux node sends an
ICMP echo response packet without the DF (Don't Fragment) flag.
Some other operating systems (e.g. some commercial network devices)
mirror the DF flag in ICMP echo responses (ICMP echo responses have
the same value of the DF flag as the received ICMP echo requests had).

Would such feature (mirroring DF flag value in ICMP echo reply
packets) be welcome in the Linux kernel?
If yes, should it be configurable via a sysctl named
icmp_echo_mirror_df (under /proc/sys/net/ipv4) with 0 (off - the
current behavior) as the default?

Best regards,
Davis Mosenkovs

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ