netdev
[Top] [All Lists]

Re: source routing honored by hosts?

To: ak@xxxxxx
Subject: Re: source routing honored by hosts?
From: YOSHIFUJI Hideaki / 吉藤英明 <yoshfuji@xxxxxxxxxxxxxx>
Date: Sat, 01 Sep 2001 19:57:08 +0900
Cc: dlstevens@xxxxxxxxxx, netdev@xxxxxxxxxxx, usagi-users@xxxxxxxxxxxxxx
In-reply-to: <20010901122229.64064@xxxxxxxxxxxx>
References: <OF4584EB28.376150E0-ON88256AB9.007DDA19@xxxxxxxxxxxxxxx> <20010901122229.64064@xxxxxxxxxxxx>
Sender: owner-netdev@xxxxxxxxxxx
In article <20010901122229.64064@xxxxxxxxxxxx> (at Sat, 1 Sep 2001 12:22:29 
+0200), Andi Kleen <ak@xxxxxx> says:

> On Sat, Sep 01, 2001 at 01:14:11AM +0200, David Stevens wrote:
> > ip6_forward() has the following two lines:
> > 
> >      if (ipv6_devconf.forwarding == 0 && opt->srcrt == 0)
> >           goto error;
> > 
> > Aside from the other issue of per-interface forwarding :-), this appears to 
> > allow
> > forwarding of source-routed packets even when the node is a host, only. That
> > seems to be a security hole to me. Suppose you have a multihomed host, or

> >      if (ipv6_devconf.forwarding == 0)
> >           goto error;
> 
> Definitely.

NO.  In IPv6, even a node is not a router (i.e. it is a host), 
it MUST forward source routed packet.  So,

> >      if (ipv6_devconf.forwarding == 0 && opt->srcrt == 0)
> >           goto error;

is OK.


RFC 2460 says:

4.4  Routing Header
:
   If, while processing a received packet, a *node* encounters a Routing
                                             ~~~~~~
   header with an unrecognized Routing Type value, the required behavior
   of the node depends on the value of the Segments Left field, as
   follows:
:

While,

2.  Terminology

   node        - a device that implements IPv6.

   router      - a node that forwards IPv6 packets not explicitly
                 addressed to itself.  [See Note below].

   host        - any node that is not a router.  [See Note below].

--yoshfuji

<Prev in Thread] Current Thread [Next in Thread>