Date: Tue, 25 Jan 2000 09:33:16 -0800 (PST) From: Matthew Dillon <dillon@apollo.backplane.com> To: Warner Losh <imp@village.org> Cc: security@FreeBSD.ORG Subject: Re: Merged patches Message-ID: <200001251733.JAA04770@apollo.backplane.com> References: <200001251637.JAA04226@harmony.village.org>
next in thread | previous in thread | raw e-mail | index | archive | help
:this patch. I'm thinking seriously of removing the ICMP_BANDLIM :option as an option (eg compile the code in no matter what), but :raising the limit from 100 to 1000 or something like that so it won't :normally impact people, but those desiring to harden their servers can :drift the number downward. : :Comment? : :Warner I'd increase the default to 200, no higher. 1000 is probably too high a rate. I found a bug in the patch: : #endif :- if (IN_MULTICAST(ntohl(ip->ip_dst.s_addr))) :- goto drop; :+ if (IN_MULTICAST(ntohl(ip->ip_dst.s_addr)) || :+ IN_MULTICAST(ntohl(ip->ip_src.s_addr)) || :+ IN_EXPERIMENTAL(ntohl(ip->ip_src.s_addr))) : #ifdef INET6 : if (isipv6) { : MALLOC(sin6, struct sockaddr_in6 *, sizeof *sin6, In the above section, the 'goto drop' was removed. Shouldn't that stay in? The body of this 'if' statement is now the conditional that follows it, which is not what I think you meant to do. -Matt Matthew Dillon <dillon@backplane.com> To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200001251733.JAA04770>