From owner-freebsd-security  Fri Jan 21 19:59:42 2000
Delivered-To: freebsd-security@freebsd.org
Received: from apollo.backplane.com (apollo.backplane.com [216.240.41.2])
	by hub.freebsd.org (Postfix) with ESMTP id C806B1553B
	for <security@FreeBSD.ORG>; Fri, 21 Jan 2000 19:59:38 -0800 (PST)
	(envelope-from dillon@apollo.backplane.com)
Received: (from dillon@localhost)
	by apollo.backplane.com (8.9.3/8.9.1) id TAA66907;
	Fri, 21 Jan 2000 19:59:12 -0800 (PST)
	(envelope-from dillon)
Date: Fri, 21 Jan 2000 19:59:12 -0800 (PST)
From: Matthew Dillon <dillon@apollo.backplane.com>
Message-Id: <200001220359.TAA66907@apollo.backplane.com>
To: Giorgos Keramidas <charon@hades.hell.gr>
Cc: Brett Glass <brett@lariat.org>, Warner Losh <imp@village.org>,
	Darren Reed <avalon@coombs.anu.edu.au>, security@FreeBSD.ORG
Subject: Re: stream.c worst-case kernel paths
References: <200001210417.PAA24853@cairo.anu.edu.au> <200001210642.XAA09108@harmony.village.org> <200001212321.PAA64674@apollo.backplane.com> <4.2.2.20000121163937.01a51dc0@localhost> <20000122044638.B27337@hades.hell.gr>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

:So what needs to be done is:
:
:(a) drop all multicast packets that reach the tcp stack.
:(b) extend ICMP_BANDLIM to RST packets, and
:(c) avoid sending anything tcp to a multicast address
:
:Do I forget something here?
:
:-- Giorgos

    That's pretty much it.  I've already sent a patch set to Warner for (b).
    I don't think we should do (a) or (c) until after the release, multicast
    isn't going to explode on us in the next 4 months.

						-Matt



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message