[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
(usagi-users 00750) Re: source routing honored by hosts?
- To: ak@xxxxxx
- Subject: (usagi-users 00750) Re: source routing honored by hosts?
- From: YOSHIFUJI Hideaki / 吉藤英明 <yoshfuji@xxxxxxxxxxxxxx>
- Date: Sat, 01 Sep 2001 19:57:08 +0900
- Cc: dlstevens@xxxxxxxxxx, netdev@xxxxxxxxxxx, usagi-users@xxxxxxxxxxxxxx
- In-reply-to: <20010901122229.64064@colin.muc.de>
- List-subscribe: <mailto:usagi-users-ctl@linux-ipv6.org?body=subscribe>
- References: <OF4584EB28.376150E0-ON88256AB9.007DDA19@boulder.ibm.com> <20010901122229.64064@colin.muc.de>
- Reply-to: usagi-users@xxxxxxxxxxxxxx
- Sender: "Hideaki YOSHIFUJI" <yoshfuji@xxxxxxxxxxxxxxxxxxxxxxxxx>
In article <20010901122229.64064@xxxxxxxxxxxx> (at Sat, 1 Sep 2001 12:22:29 +0200), Andi Kleen <ak@xxxxxx> says:
> On Sat, Sep 01, 2001 at 01:14:11AM +0200, David Stevens wrote:
> > ip6_forward() has the following two lines:
> >
> > if (ipv6_devconf.forwarding == 0 && opt->srcrt == 0)
> > goto error;
> >
> > Aside from the other issue of per-interface forwarding :-), this appears to allow
> > forwarding of source-routed packets even when the node is a host, only. That
> > seems to be a security hole to me. Suppose you have a multihomed host, or
> > if (ipv6_devconf.forwarding == 0)
> > goto error;
>
> Definitely.
NO. In IPv6, even a node is not a router (i.e. it is a host),
it MUST forward source routed packet. So,
> > if (ipv6_devconf.forwarding == 0 && opt->srcrt == 0)
> > goto error;
is OK.
RFC 2460 says:
4.4 Routing Header
:
If, while processing a received packet, a *node* encounters a Routing
~~~~~~
header with an unrecognized Routing Type value, the required behavior
of the node depends on the value of the Segments Left field, as
follows:
:
While,
2. Terminology
node - a device that implements IPv6.
router - a node that forwards IPv6 packets not explicitly
addressed to itself. [See Note below].
host - any node that is not a router. [See Note below].
--yoshfuji