Date: Fri, 21 Jan 2000 17:44:48 -0700 From: Brett Glass <brett@lariat.org> To: gdonl@tsc.tdk.com (Don Lewis), Jared Mauch <jared@puck.nether.net> Cc: Wes Peters <wes@softweyr.com>, TrouBle <trouble@netquick.net>, security@FreeBSD.ORG Subject: Re: stream.c worst-case kernel paths Message-ID: <4.2.2.20000121170250.01986ea0@localhost> In-Reply-To: <200001212350.PAA14888@salsa.gv.tsc.tdk.com> References: <Brett Glass <brett@lariat.org>
next in thread | previous in thread | raw e-mail | index | archive | help
At 04:50 PM 1/21/2000 , Don Lewis wrote: >I'm tempted to move the existing multicast tests up to the top >of tcp_input() and check the source address as well. I just hate >to add extra code to the main code path, though. Checking the source address early would not hurt, since it seems to be done so much anyway. Go to the /sys/netinet directory and do a "grep IN_MULTICAST *" to see what I mean! In fact, the number of scattered tests makes a strong argument for doing this check lower down in the stack and setting a flag. It might also prevent other problems if multicast packets were intercepted before they were ever passed to non-multicast protocols. I'd hate to see an attack based on, for example, sending ICMP packets to or from a multicast source address (shudder). Perhaps we should set a flag in m_flags, as (if I'm reading the code correctly) is done for the destination address almost as soon as the packet arrives. There seem to be bits available (see /sys/sys/mbuf.h). (By the way, some of the bits in m_flags aren't documented in mbuf.h. I just noticed that /sys/net/if_ppp.c defines two.) --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.2.2.20000121170250.01986ea0>