Package: linux-image Version: 2.6.18 This really isnt debian's fault. I just want to see if I can get a bug that was talked about and a patch offered for linux 2.2 in 2000 (!!) and discussed several times since actually FIXED sometime somehow. At least debian can patch it in its kernels even if the rest of the world carries this around forever.
All the details of how this bug works are described here (though Ive included all salient details in this report): http://oss.sgi.com/archives/netdev/2004-07/msg00512.html The offending line in linux-tree-2.6.18 is now at line 1750 of net/ipv4/route.c and can use the same patch as per the above url. As the url above indicates, reproduce this bug with: To trigger this, you need two linux boxes. On the box acting as router (it only needs one ethernet interface), do: ifconfig eth0 down ifconfig eth0 192.168.10.1 netmask 255.255.255.0 ifconfig eth0:1 192.168.99.1 netmask 255.255.255.0 echo 1 > /proc/sys/net/ipv4/ip_forward for f in /proc/sys/net/ipv4/conf/*/shared_media do echo 0 > $f done On the other box, start a sniffer such as ethereal, and do: ifconfig eth0 down ifconfig eth0 192.168.10.2 netmask 255.255.255.0 route add -net 192.168.99.0/24 gw 192.168.10.1 ping 192.168.99.2 You will see ICMP redirect packets sent from 10.1 to 10.2 telling it to route to 99.2 directly itself. Obviously impossible for 10.2 since it's not on the 99.0/24 network. This is tested with 2.6.17-2-vserver-k7 and 2.4.22-ac2 (which I spose is not strictly debian), but the bug has been in the source since linux 2.2 as mentioned. /kc -- Ken Chase - [EMAIL PROTECTED] Toronto CANADA. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
