cvs commit: src/sys/netinet6 route6.c
Kevin Oberman
oberman at es.net
Mon Apr 23 19:57:36 UTC 2007
> From: "George V. Neville-Neil" <gnn at FreeBSD.org>
> Date: Mon, 23 Apr 2007 09:32:04 +0000 (UTC)
> Sender: owner-cvs-all at freebsd.org
>
> gnn 2007-04-23 09:32:04 UTC
>
> FreeBSD src repository
>
> Modified files:
> sys/netinet6 route6.c
> Log:
> Turn off route header processing for now due to issues pointed out
> by Philippe Biondi and Arnaud Ebalard. This is a temporary fix
> until more discussion can be had on the exact risks involved in
> allowing source routing in IPv6
>
> Submitted by: itojun
> Reviewed by: jinmei
> MFC after: 1 day
>
> Revision Changes Path
> 1.13 +7 -0 src/sys/netinet6/route6.c
George,
Thanks! I was just typing up a request for this or a sysctl to control
the processing of RH0. And thanks for NOT breaking RH2 while you were at
it. (That has happened elsewhere.)
I am hoping for a sysctl to manage this with the default set disable RH0
processing. I have reviewed the Biondi/Ebalard report and the risks look
very real to me. It looks serious enough that it should go into
RELENG_6_2, too.
As an engineer for a network that routes IPv6 universally and the user
of a FreeBSD system that actively employs IPv6 in normal and essential
operations, this looks to have the potential for a spectacular
DOS. (Note that this message started out over an IPv6 path.)
Thanks again!
--
R. Kevin Oberman, Network Engineer
Energy Sciences Network (ESnet)
Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab)
E-mail: oberman at es.net Phone: +1 510 486-8634
Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 224 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/cvs-src/attachments/20070423/4bf1862f/attachment.pgp
More information about the cvs-src
mailing list