From owner-svn-src-head@freebsd.org  Thu Jul 19 12:09:55 2018
Return-Path: <owner-svn-src-head@freebsd.org>
Delivered-To: svn-src-head@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 727971031A68;
 Thu, 19 Jul 2018 12:09:55 +0000 (UTC)
 (envelope-from Michael.Tuexen@macmic.franken.de)
Received: from drew.franken.de (drew.ipv6.franken.de
 [IPv6:2001:638:a02:a001:20e:cff:fe4a:feaa])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "*.franken.de",
 Issuer "COMODO RSA Domain Validation Secure Server CA" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 10E5D8DC66;
 Thu, 19 Jul 2018 12:09:54 +0000 (UTC)
 (envelope-from Michael.Tuexen@macmic.franken.de)
Received: from [IPv6:2001:67c:1232:144:6041:44ed:1857:b362] (unknown
 [IPv6:2001:67c:1232:144:6041:44ed:1857:b362])
 (Authenticated sender: macmic)
 by drew.franken.de (Postfix) with ESMTPSA id 82BC4721E280D;
 Thu, 19 Jul 2018 14:09:50 +0200 (CEST)
Content-Type: text/plain;
	charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
Subject: Re: svn commit: r336465 - in head/sys/netinet: . tcp_stacks
From: Michael Tuexen <Michael.Tuexen@macmic.franken.de>
In-Reply-To: <alpine.BSF.2.20.1807191009050.76318@mp2.macomnet.net>
Date: Thu, 19 Jul 2018 08:09:48 -0400
Cc: Randall Stewart <rrs@FreeBSD.org>, src-committers@freebsd.org,
 svn-src-all@freebsd.org, svn-src-head@freebsd.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <7FC7DAA2-9B03-4D89-A878-7706EDE4294A@macmic.franken.de>
References: <201807182249.w6IMns6D076446@repo.freebsd.org>
 <alpine.BSF.2.20.1807191009050.76318@mp2.macomnet.net>
To: Maxim Konovalov <maxim.konovalov@gmail.com>
X-Mailer: Apple Mail (2.3445.9.1)
X-Spam-Status: No, score=-2.9 required=5.0 tests=ALL_TRUSTED,BAYES_00
 autolearn=disabled version=3.4.1
X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on mail-n.franken.de
X-BeenThere: svn-src-head@freebsd.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: SVN commit messages for the src tree for head/-current
 <svn-src-head.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-head/>
List-Post: <mailto:svn-src-head@freebsd.org>
List-Help: <mailto:svn-src-head-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Jul 2018 12:09:55 -0000

> On 19. Jul 2018, at 03:12, Maxim Konovalov <maxim.konovalov@gmail.com> =
wrote:
>=20
> Hi Randall,
>=20
> On Wed, 18 Jul 2018, 22:49-0000, Randall Stewart wrote:
>=20
>> Author: rrs
>> Date: Wed Jul 18 22:49:53 2018
>> New Revision: 336465
>> URL: https://svnweb.freebsd.org/changeset/base/336465
>>=20
>> Log:
>>  Bump the ICMP echo limits to match the RFC
>>=20
> [...]
>=20
> Just wonder, are there any practical reasons to do that?
In case you send encapsulated packets triggering an ICMP message
you actually need more than the 8 bytes which are currently
reflected. The number 8 comes from RFC 792, which was
published 1981. The new number comes from RFC 1812, which was
published 1995.
>=20
> While I don't see any meaningful vectors right now this could
> potentially make amplification DoS easier, no?
I don't think so. When sending packets smaller than 576 - 20 - 8,
you get a byte amplification of 8 bytes.

Please note that IPv6 already reflects as much as fits in a single
packet.

So this is not something completely new...

Best regards
Michael
>=20
> --=20
> Maxim Konovalov
>=20