Date: Mon, 23 Apr 2007 12:42:15 -0700 From: "Kevin Oberman" <oberman@es.net> To: "George V. Neville-Neil" <gnn@FreeBSD.org> Cc: cvs-src@FreeBSD.org, src-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sys/netinet6 route6.c Message-ID: <20070423194215.1443B4506A@ptavv.es.net> In-Reply-To: Your message of "Mon, 23 Apr 2007 09:32:04 -0000." <200704230932.l3N9W5x3094078@repoman.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--==_Exmh_1177357335_18721P Content-Type: text/plain; charset=us-ascii Content-Disposition: inline > From: "George V. Neville-Neil" <gnn@FreeBSD.org> > Date: Mon, 23 Apr 2007 09:32:04 +0000 (UTC) > Sender: owner-cvs-all@freebsd.org > > gnn 2007-04-23 09:32:04 UTC > > FreeBSD src repository > > Modified files: > sys/netinet6 route6.c > Log: > Turn off route header processing for now due to issues pointed out > by Philippe Biondi and Arnaud Ebalard. This is a temporary fix > until more discussion can be had on the exact risks involved in > allowing source routing in IPv6 > > Submitted by: itojun > Reviewed by: jinmei > MFC after: 1 day > > Revision Changes Path > 1.13 +7 -0 src/sys/netinet6/route6.c George, Thanks! I was just typing up a request for this or a sysctl to control the processing of RH0. And thanks for NOT breaking RH2 while you were at it. (That has happened elsewhere.) I am hoping for a sysctl to manage this with the default set disable RH0 processing. I have reviewed the Biondi/Ebalard report and the risks look very real to me. It looks serious enough that it should go into RELENG_6_2, too. As an engineer for a network that routes IPv6 universally and the user of a FreeBSD system that actively employs IPv6 in normal and essential operations, this looks to have the potential for a spectacular DOS. (Note that this message started out over an IPv6 path.) Thanks again! -- R. Kevin Oberman, Network Engineer Energy Sciences Network (ESnet) Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) E-mail: oberman@es.net Phone: +1 510 486-8634 Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751 --==_Exmh_1177357335_18721P Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (FreeBSD) Comment: Exmh version 2.5 06/03/2002 iD8DBQFGLQwXkn3rs5h7N1ERAknkAJ4sNaTGe0ViU1RDpCfWXGr5w8e2ZgCZAc2R 6gdRZRPLFoOm2aG67ou+48U= =YC0K -----END PGP SIGNATURE----- --==_Exmh_1177357335_18721P--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070423194215.1443B4506A>