Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 28 Oct 1997 08:51:03 +0100 (MET)
From:      Guido van Rooij <guido@gvr.org>
To:        fenner@parc.xerox.com (Bill Fenner)
Cc:        guido@freebsd.org, cvs-committers@freebsd.org, cvs-all@freebsd.org, cvs-sys@freebsd.org
Subject:   Re: cvs commit: src/sys/netinet ip_input.c
Message-ID:  <199710280751.IAA14324@gvr.gvr.org>
In-Reply-To: <97Oct27.204111pst.177487@crevenia.parc.xerox.com> from Bill Fenner at "Oct 27, 97 08:41:04 pm"
next in thread | previous in thread | raw e-mail | index | archive | help 
Bill Fenner wrote:
> Guido van Rooij <guido@FreeBSD.ORG> wrote:
> >  Modified files:
> >    sys/netinet          ip_input.c 
> >  Log:
> >  When dosourcerouting is set do not sourceoute....
> 
> Well, let's be clear about what the semantics are.  Previously, they were:
> 
> "Do not allow yourself to be named as a router in a source-route, but
> forward LSRR packets if you're not one of the routers in the
> source-route, and accept source-routed packets if you're the ultimate
> destination."
> 
> Now, they are:
> 
> "Do not forward any source-routed packets, but still accept
> source-routed packets if you're the ultimate destination".
> 
> Are these the semantics we want?  (My personal feeling is that there
> should be 2 variables, one for forwarding and one for accepting).
> 

Yes. If dosourceroute is NOT set, the machine should never forward
source routes. 

The second variable (accept_sourceroute) will come later; it's
already implemented over here after a deabte with Paul Traina,
Garrett Wollman an David Greenmen.


> However, there is a problem with the actual change: the "goto" bypasses
> the strcpy() which gives log() something to print.  In addition, the whole
> log(LOG_WARNING, ...) for each packet provides a wonderful denial of service
> attack (I understand this isn't new with this commit, but it's still an
> issue).

I will correct the strcpy thing tonight. The denail os service attack is indeed
present, but we do want the logging.
A kludge would be to add yet another sysctl variable, that controls
the logging that is cleared after a number of logs, together with a message
that logging has stopped and can be restarted by resetting the flag.
Another solution is to not allow more then XXX logging entries per minut.

-Guido

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199710280751.IAA14324>