| To: | "David S. Miller" <davem@xxxxxxxxxx> |
|---|---|
| Subject: | Re: [ROUTE] PMTU only works on half the time |
| From: | "David S. Miller" <davem@xxxxxxxxxx> |
| Date: | Mon, 1 Dec 2003 15:22:15 -0800 |
| Cc: | herbert@xxxxxxxxxxxxxxxxxxx, netdev@xxxxxxxxxxx |
| In-reply-to: | <20031201142131.5da50a07.davem@xxxxxxxxxx> |
| References: | <20031201201651.GA20194@xxxxxxxxxxxxxxxxxxx> <20031201204700.GA20349@xxxxxxxxxxxxxxxxxxx> <20031201135154.6906454c.davem@xxxxxxxxxx> <20031201220509.GA20827@xxxxxxxxxxxxxxxxxxx> <20031201142131.5da50a07.davem@xxxxxxxxxx> |
| Sender: | netdev-bounce@xxxxxxxxxxx |
On Mon, 1 Dec 2003 14:21:31 -0800 "David S. Miller" <davem@xxxxxxxxxx> wrote: > Let me think about this some more, maybe you're right and the > error exists in both of these places. Ok, I did my thinking :) rt->rt_src is special. It is the source address we have selected to use with this route. All output packets using this route must use rt->rt_src as iph->saddr. So, in effect, when we say "if (rt->rt_src == iph->saddr)" we are asking the question "did we make this packet?" I think this is why Alexey coded the test in this way. You are speaking of a case of zero source addresses. When would we output such an iph->saddr, by way of a route? Right now this is the only part I'm not seeing. I want to be careful in changing this code, as loosening the key check opens the possibility of new kinds of PMTU lowering attacks. |
| Previous by Date: | Re: NAPI 8139too.c for 2.4.23, Octave |
|---|---|
| Next by Date: | Re: [ROUTE] PMTU only works on half the time, Julian Anastasov |
| Previous by Thread: | Re: [ROUTE] PMTU only works on half the time, David S. Miller |
| Next by Thread: | Re: [ROUTE] PMTU only works on half the time, Herbert Xu |
| Indexes: | [Date] [Thread] [Top] [All Lists] |