Date: Thu, 20 Dec 2001 00:35:55 +0300 From: Yar Tikhiy <yar@FreeBSD.ORG> To: Maxim Konovalov <maxim@macomnet.ru> Cc: net@FreeBSD.ORG, hackers@FreeBSD.ORG Subject: IP options (was: Processing IP options reveals IPSTEALH router) Message-ID: <20011220003555.A52848@comp.chem.msu.su> In-Reply-To: <20011219195659.G25693-100000@news1.macomnet.ru>; from maxim@macomnet.ru on Wed, Dec 19, 2001 at 08:54:50PM %2B0300 References: <20011219194903.D21732@comp.chem.msu.su> <20011219195659.G25693-100000@news1.macomnet.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Dec 19, 2001 at 08:54:50PM +0300, Maxim Konovalov wrote:
>
> By the way, is it correct to forward the packet with incorrect ip
> options? Now we do not.
No RFC seems to specify that particularly. However, RFC 1812 reads
in general:
(1) A router MUST verify the IP header, as described in section
[5.2.2], before performing any actions based on the contents of
the header. This allows the router to detect and discard bad
packets before the expenditure of other resources.
Meanwhile more IP option issues came to my attention...
Neither RFC 791 nor RFC 1122 nor RFC 1812 specify the following:
if a source-routed IP packet reachs the end of its route, but its
destination address doesn't match a current host/router, whether
the packet should be discarded, sent forth through usual routing
or accepted as destined for this host? FreeBSD will route such a
packet as usual.
Then, a FreeBSD host (net.inet.ip.forwarding=0) will respond with
Source Route Failed ICMPs to source-routed IP packets if source
route processing is prohibited using net.inet.ip.sourceroute or
net.inet.ip.accept_sourceroute. To my mind, it may be deduced
from RFC 1122 that a host must stay silent in this case...
--
Yar
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011220003555.A52848>