[Top] [All Lists]

Re: [BK PATCH] [IPV6] Merge Specification Conformity Improvements

To: YOSHIFUJI Hideaki / 吉藤英明 <yoshfuji@xxxxxxxxxxxxxx>
Subject: Re: [BK PATCH] [IPV6] Merge Specification Conformity Improvements
From: Pekka Savola <pekkas@xxxxxxxxxx>
Date: Mon, 13 Sep 2004 17:29:20 +0300 (EEST)
Cc: davem@xxxxxxxxxxxxx, <netdev@xxxxxxxxxxx>, <vnuorval@xxxxxxxxxx>
In-reply-to: <20040913.231732.94153456.yoshfuji@xxxxxxxxxxxxxx>
Sender: netdev-bounce@xxxxxxxxxxx
Thanks for doing these; I hope you guys will have energy for the other 
spec fixes to come :)

One thing I noted when reading the comment:

On Mon, 13 Sep 2004, YOSHIFUJI Hideaki / [iso-2022-jp] 吉藤英明 wrote:
> +     /*
> +      * Redirect received -> path was valid.
> +      * Look, redirects are sent only in response to data packets,
> +      * so that this nexthop apparently is reachable. --ANK
> +      */
> +     dst_confirm(&rt->u.dst);
> +
> +     /* Duplicate redirect: silently ignore. */
> +     if (neigh == rt->u.dst.neighbour)
> +             goto out;

The above applies for "valid" redirects, which have been received 
based on the traffic sent.

However, if someone would be forging redirects, the comment would no 
longer hold.

I don't know the implications in this case: whether the code needs to 
have different assumptions wrt. source of redirects, or whether this 
is just a wording issue in the comment above.

Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings

<Prev in Thread] Current Thread [Next in Thread>