From owner-cvs-sys  Mon Oct 27 20:43:37 1997
Return-Path: <owner-cvs-sys>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id UAA25176
          for cvs-sys-outgoing; Mon, 27 Oct 1997 20:43:37 -0800 (PST)
          (envelope-from owner-cvs-sys)
Received: from alpha.xerox.com (alpha.Xerox.COM [13.1.64.93])
          by hub.freebsd.org (8.8.7/8.8.7) with SMTP id UAA25095;
          Mon, 27 Oct 1997 20:41:51 -0800 (PST)
          (envelope-from fenner@parc.xerox.com)
Received: from crevenia.parc.xerox.com ([13.2.116.11]) by alpha.xerox.com with SMTP id <62513(3)>; Mon, 27 Oct 1997 20:41:15 PST
Received: from localhost by crevenia.parc.xerox.com with SMTP id <177487>; Mon, 27 Oct 1997 20:41:11 -0800
To: Guido van Rooij <guido@freebsd.org>
cc: cvs-committers@freebsd.org, cvs-all@freebsd.org, cvs-sys@freebsd.org
Subject: Re: cvs commit: src/sys/netinet ip_input.c 
In-reply-to: Your message of "Mon, 27 Oct 97 13:07:27 PST."
             <199710272107.NAA27213@freefall.freebsd.org> 
Date: Mon, 27 Oct 1997 20:41:04 PST
From: Bill Fenner <fenner@parc.xerox.com>
Message-Id: <97Oct27.204111pst.177487@crevenia.parc.xerox.com>
Sender: owner-cvs-sys@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

Guido van Rooij <guido@FreeBSD.ORG> wrote:
>  Modified files:
>    sys/netinet          ip_input.c 
>  Log:
>  When dosourcerouting is set do not sourceoute....

Well, let's be clear about what the semantics are.  Previously, they were:

"Do not allow yourself to be named as a router in a source-route, but
forward LSRR packets if you're not one of the routers in the
source-route, and accept source-routed packets if you're the ultimate
destination."

Now, they are:

"Do not forward any source-routed packets, but still accept
source-routed packets if you're the ultimate destination".

Are these the semantics we want?  (My personal feeling is that there
should be 2 variables, one for forwarding and one for accepting).

However, there is a problem with the actual change: the "goto" bypasses
the strcpy() which gives log() something to print.  In addition, the whole
log(LOG_WARNING, ...) for each packet provides a wonderful denial of service
attack (I understand this isn't new with this commit, but it's still an
issue).

  Bill