| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <c3aec7d5-8c28-49f8-ac0c-18436d5b4da5@redhat.com> Date: Tue, 11 Feb 2025 10:12:13 +0100 From: Paolo Abeni <pabeni@...hat.com> To: Will Hawkins <hawkinsw@....cr>, netdev@...r.kernel.org Subject: Re: [PATCH net] icmp: MUST silently discard certain extended echo requests On 2/6/25 2:57 AM, Will Hawkins wrote: > Per RFC 8335 Section 4, > """ > When a node receives an ICMP Extended Echo Request message and any of > the following conditions apply, the node MUST silently discard the > incoming message: > > ... > - The Source Address of the incoming message is not a unicast address. > - The Destination Address of the incoming message is a multicast address. > """ I think it would be helpful mentioning this is for ICMP PROBE extension. > Packets meeting the former criteria do not pass martian detection, but > packets meeting the latter criteria must be explicitly dropped. > > Signed-off-by: Will Hawkins <hawkinsw@....cr> The patch should target the net-next tree, and you should add a related self-test (i.e. extending icmp.sh). Also even if the new behavior will respect the RFC, changing the established behavior could break existing setups, I *think* we would need at least a sysctl to revert to the old one. /P
Powered by blists - more mailing lists