From owner-freebsd-security Fri Jan 21 16:46: 5 2000 Delivered-To: freebsd-security@freebsd.org Received: from lariat.lariat.org (lariat.lariat.org [206.100.185.2]) by hub.freebsd.org (Postfix) with ESMTP id E008615662 for ; Fri, 21 Jan 2000 16:46:02 -0800 (PST) (envelope-from brett@lariat.org) Received: from workhorse (IDENT:ppp0.lariat.org@lariat.lariat.org [206.100.185.2]) by lariat.lariat.org (8.9.3/8.9.3) with ESMTP id RAA26604; Fri, 21 Jan 2000 17:45:40 -0700 (MST) Message-Id: <4.2.2.20000121170250.01986ea0@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.2 Date: Fri, 21 Jan 2000 17:44:48 -0700 To: gdonl@tsc.tdk.com (Don Lewis), Jared Mauch From: Brett Glass Subject: Re: stream.c worst-case kernel paths Cc: Wes Peters , TrouBle , security@FreeBSD.ORG In-Reply-To: <200001212350.PAA14888@salsa.gv.tsc.tdk.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 04:50 PM 1/21/2000 , Don Lewis wrote: >I'm tempted to move the existing multicast tests up to the top >of tcp_input() and check the source address as well. I just hate >to add extra code to the main code path, though. Checking the source address early would not hurt, since it seems to be done so much anyway. Go to the /sys/netinet directory and do a "grep IN_MULTICAST *" to see what I mean! In fact, the number of scattered tests makes a strong argument for doing this check lower down in the stack and setting a flag. It might also prevent other problems if multicast packets were intercepted before they were ever passed to non-multicast protocols. I'd hate to see an attack based on, for example, sending ICMP packets to or from a multicast source address (shudder). Perhaps we should set a flag in m_flags, as (if I'm reading the code correctly) is done for the destination address almost as soon as the packet arrives. There seem to be bits available (see /sys/sys/mbuf.h). (By the way, some of the bits in m_flags aren't documented in mbuf.h. I just noticed that /sys/net/if_ppp.c defines two.) --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message