| To: | Stephen Hemminger <shemminger@xxxxxxxx> |
|---|---|
| Subject: | Re: OSDL Bugzilla #2399: A user can remotely route a packet through eth0 on a Li |
| From: | David Stevens <dlstevens@xxxxxxxxxx> |
| Date: | Thu, 13 May 2004 12:10:41 -0600 |
| Cc: | netdev@xxxxxxxxxxx, niv@xxxxxxxxxx, "J. M." <snortwiz@xxxxxxxxxxx> |
| In-reply-to: | <20040513103139.08ebc779@dell_ss3.pdx.osdl.net> |
| Sender: | netdev-bounce@xxxxxxxxxxx |
Stephen Hemminger wrote on 05/13/2004 10:31:39 AM:
> The security model is correct, and well defined, just different than BSD
> derived systems. It does conform to the standards (RFC's).
Stephen,
This is not different from BSD behavior. IP has always used the
weak end-system model. The question for delivery is "is the destination
address a local address" (not just on the receiving interface). See WRS
"TCP/IP Illustrated" for relevant BSD code.
Re: security, Jared. If you want to restrict it, you can use netfilter
rules to drop packets targeted to the back-side interface of the one
you're receiving them on. bind() selects packets whose destination address
matches-- doesn't matter what interface they come in on. So, bind()
simply isn't the mechanism you want if you want it to be restricted to a
particular interface.
+-DLS
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | Re: OSDL Bugzilla #2399: A user can remotely route a packet through eth0 on a Li, Sridhar Samudrala |
|---|---|
| Next by Date: | Re: PATCH: bonding might sleep with lock held, Jay Vosburgh |
| Previous by Thread: | Re: OSDL Bugzilla #2399: A user can remotely route a packet through eth0 on a Li, Sridhar Samudrala |
| Next by Thread: | Re: OSDL Bugzilla #2399: A user can remotely route a packet through eth0 on a Li, J. M. |
| Indexes: | [Date] [Thread] [Top] [All Lists] |