netdev
[Top] [All Lists]

Re: [PATCH][IPSEC] IPsec policy can be matched by ICMP type and code

To: David Stevens <dlstevens@xxxxxxxxxx>
Subject: Re: [PATCH][IPSEC] IPsec policy can be matched by ICMP type and code
From: "David S. Miller" <davem@xxxxxxxxxx>
Date: Wed, 11 Aug 2004 13:30:43 -0700
Cc: nakam@xxxxxxxxxxxxxx, netdev@xxxxxxxxxxx, usagi-core@xxxxxxxxxxxxxx, yoshfuji@xxxxxxxxxxxxxx
In-reply-to: <OF94FC19D3.2EA706DF-ON88256EED.006875F7-88256EED.006980E7@us.ibm.com>
References: <20040810230144.2a68914b.davem@redhat.com> <OF94FC19D3.2EA706DF-ON88256EED.006875F7-88256EED.006980E7@us.ibm.com>
Sender: netdev-bounce@xxxxxxxxxxx
On Wed, 11 Aug 2004 13:14:19 -0600
David Stevens <dlstevens@xxxxxxxxxx> wrote:

> raw sockets predate VJ contributions by many years and are
> typically used by protocols not in the kernel. The original "ping"
> used raw sockets, as well as routing protocols like BGP and RIP
> which are directly encapsulated in IP, without a separate transport
> protocol. The original traceroute I believe used UDP and just set
> the TTL-- I don't believe it used raw sockets at all. Don't know what
> the current versions do; haven't looked in a while.

"ping" does not use the hdrinclude feature.

> And IPv6 does support raw sockets; it just doesn't let you
> generate bad checksums and some header fields, I expect
> to make it harder to write attack software.

So like I said, raw without the hdrinclude feature.

<Prev in Thread] Current Thread [Next in Thread>