From owner-cvs-src@FreeBSD.ORG Mon Apr 23 19:57:35 2007 Return-Path: X-Original-To: cvs-src@FreeBSD.org Delivered-To: cvs-src@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id E1EC016A409 for ; Mon, 23 Apr 2007 19:57:35 +0000 (UTC) (envelope-from SRS0=8360544638c3f8ee760cf8ff56bc0739fa4c4ca0=314=es.net=oberman@es.net) Received: from postal1.es.net (postal1.es.net [198.128.3.205]) by mx1.freebsd.org (Postfix) with ESMTP id 6A27F13C4B8 for ; Mon, 23 Apr 2007 19:57:35 +0000 (UTC) (envelope-from SRS0=8360544638c3f8ee760cf8ff56bc0739fa4c4ca0=314=es.net=oberman@es.net) Received: from ptavv.es.net (ptavv.es.net [198.128.4.29]) by postal1.es.net (Postal Node 1) with ESMTP (SSL) id CXN05515; Mon, 23 Apr 2007 12:42:15 -0700 Received: from ptavv.es.net (ptavv.es.net [127.0.0.1]) by ptavv.es.net (Tachyon Server) with ESMTP id 1443B4506A; Mon, 23 Apr 2007 12:42:15 -0700 (PDT) To: "George V. Neville-Neil" In-Reply-To: Your message of "Mon, 23 Apr 2007 09:32:04 -0000." <200704230932.l3N9W5x3094078@repoman.freebsd.org> Mime-Version: 1.0 Content-Type: multipart/signed; boundary="==_Exmh_1177357335_18721P"; micalg=pgp-sha1; protocol="application/pgp-signature" Content-Transfer-Encoding: 7bit Date: Mon, 23 Apr 2007 12:42:15 -0700 From: "Kevin Oberman" Message-Id: <20070423194215.1443B4506A@ptavv.es.net> Cc: cvs-src@FreeBSD.org, src-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sys/netinet6 route6.c X-BeenThere: cvs-src@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: CVS commit messages for the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Apr 2007 19:57:36 -0000 --==_Exmh_1177357335_18721P Content-Type: text/plain; charset=us-ascii Content-Disposition: inline > From: "George V. Neville-Neil" > Date: Mon, 23 Apr 2007 09:32:04 +0000 (UTC) > Sender: owner-cvs-all@freebsd.org > > gnn 2007-04-23 09:32:04 UTC > > FreeBSD src repository > > Modified files: > sys/netinet6 route6.c > Log: > Turn off route header processing for now due to issues pointed out > by Philippe Biondi and Arnaud Ebalard. This is a temporary fix > until more discussion can be had on the exact risks involved in > allowing source routing in IPv6 > > Submitted by: itojun > Reviewed by: jinmei > MFC after: 1 day > > Revision Changes Path > 1.13 +7 -0 src/sys/netinet6/route6.c George, Thanks! I was just typing up a request for this or a sysctl to control the processing of RH0. And thanks for NOT breaking RH2 while you were at it. (That has happened elsewhere.) I am hoping for a sysctl to manage this with the default set disable RH0 processing. I have reviewed the Biondi/Ebalard report and the risks look very real to me. It looks serious enough that it should go into RELENG_6_2, too. As an engineer for a network that routes IPv6 universally and the user of a FreeBSD system that actively employs IPv6 in normal and essential operations, this looks to have the potential for a spectacular DOS. (Note that this message started out over an IPv6 path.) Thanks again! -- R. Kevin Oberman, Network Engineer Energy Sciences Network (ESnet) Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) E-mail: oberman@es.net Phone: +1 510 486-8634 Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751 --==_Exmh_1177357335_18721P Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (FreeBSD) Comment: Exmh version 2.5 06/03/2002 iD8DBQFGLQwXkn3rs5h7N1ERAknkAJ4sNaTGe0ViU1RDpCfWXGr5w8e2ZgCZAc2R 6gdRZRPLFoOm2aG67ou+48U= =YC0K -----END PGP SIGNATURE----- --==_Exmh_1177357335_18721P--