From owner-cvs-sys Mon Oct 27 23:51:22 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id XAA05158 for cvs-sys-outgoing; Mon, 27 Oct 1997 23:51:22 -0800 (PST) (envelope-from owner-cvs-sys) Received: from gvr.gvr.org (root@gvr.gvr.org [194.151.74.97]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id XAA05138; Mon, 27 Oct 1997 23:51:10 -0800 (PST) (envelope-from guido@gvr.org) Received: (from guido@localhost) by gvr.gvr.org (8.8.6/8.8.5) id IAA14324; Tue, 28 Oct 1997 08:51:03 +0100 (MET) From: Guido van Rooij Message-Id: <199710280751.IAA14324@gvr.gvr.org> Subject: Re: cvs commit: src/sys/netinet ip_input.c In-Reply-To: <97Oct27.204111pst.177487@crevenia.parc.xerox.com> from Bill Fenner at "Oct 27, 97 08:41:04 pm" To: fenner@parc.xerox.com (Bill Fenner) Date: Tue, 28 Oct 1997 08:51:03 +0100 (MET) Cc: guido@freebsd.org, cvs-committers@freebsd.org, cvs-all@freebsd.org, cvs-sys@freebsd.org X-Mailer: ELM [version 2.4ME+ PL32 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-cvs-sys@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Bill Fenner wrote: > Guido van Rooij wrote: > > Modified files: > > sys/netinet ip_input.c > > Log: > > When dosourcerouting is set do not sourceoute.... > > Well, let's be clear about what the semantics are. Previously, they were: > > "Do not allow yourself to be named as a router in a source-route, but > forward LSRR packets if you're not one of the routers in the > source-route, and accept source-routed packets if you're the ultimate > destination." > > Now, they are: > > "Do not forward any source-routed packets, but still accept > source-routed packets if you're the ultimate destination". > > Are these the semantics we want? (My personal feeling is that there > should be 2 variables, one for forwarding and one for accepting). > Yes. If dosourceroute is NOT set, the machine should never forward source routes. The second variable (accept_sourceroute) will come later; it's already implemented over here after a deabte with Paul Traina, Garrett Wollman an David Greenmen. > However, there is a problem with the actual change: the "goto" bypasses > the strcpy() which gives log() something to print. In addition, the whole > log(LOG_WARNING, ...) for each packet provides a wonderful denial of service > attack (I understand this isn't new with this commit, but it's still an > issue). I will correct the strcpy thing tonight. The denail os service attack is indeed present, but we do want the logging. A kludge would be to add yet another sysctl variable, that controls the logging that is cleared after a number of logs, together with a message that logging has stopped and can be restarted by resetting the flag. Another solution is to not allow more then XXX logging entries per minut. -Guido