On Sat, Feb 23, 2002 at 04:28:28AM -0800, Crist J. Clark wrote: > On Sat, Feb 23, 2002 at 01:50:33PM +0200, Ruslan Ermilov wrote: > [snip] > > > Nice catch! > > Igor M Podlesny <[EMAIL PROTECTED]>, PR misc/35022, caught it. I just > analyzed it. > > [snip] > > > The patch is incomplete (see dropwithreset below). Here's the tcp_input.c > > part of the original delta that introduced this bug: > > I considered what to do for non-SYN segments, but I didn't see a > requirement in the standards (I may have missed it), so I just didn't > touch it. > > > : Script started on Sat Feb 23 13:37:18 2002 > > : $ sccs prs -r7.35 tcp_input.c > > : D 7.35 93/04/07 19:28:08 sklower 159 158 00007/00003/01623 > > : MRs: > > : COMMENTS: > > : Mostly changes recommended by jch for variable subnets & multiple > > : IP addresses per physical interface. May require further work. > > [snip] > > > I think you should just back the CSRG revision 7.35 out of tcp_input.c, > > mentioning what was wrong with removing in_broadcast() check. > > Where'd you pull this out? I'll integrate this version. > > > route add -net 192.168.4 192.168.1.1 > > ping 192.168.4.255 > > > > on a directly attached 192.168.1 network isn't a "malicious use". > > Then I would put that under the "misconfigured" header. The machine > you are pinging from would have to be local to 192.168.4.0/24 also, > why are you routing it through 192.168.1.1? But there may be some > situations that I have not considered where one might wish to do > that. > Um, why?
Router B: if0 (192.168.1.1/24) and if1 (192.168.4.1/24) Router A: if0 (192.168.1.2/24) On router A: route add -net 192.168.4 192.168.1.1, telnet 192.168.4.255. Or even simpler: Router: if0 (192.168.1.1/24 and 192.168.100.1/24) Host: if0 (192.168.1.2, default gateway 192.168.1.1) On host: $ ping 192.168.100.255 PING 192.168.100.255 (192.168.100.255): 56 data bytes 64 bytes from 192.168.100.1: icmp_seq=0 ttl=64 time=0.245 ms 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.207 ms 64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.207 ms ^C --- 192.168.100.255 ping statistics --- 3 packets transmitted, 3 packets received, 0% packet loss round-trip min/avg/max/stddev = 0.207/0.220/0.245/0.018 ms $ telnet 192.168.100.255 25 Trying 192.168.100.255... Connected to 192.168.100.255. Escape character is '^]'. 220 my.router.local.net ESMTP Sendmail 8.11.6/8.11.2; Sat, 23 Feb 2002 14:39:21 +0200 (EET) > Anyway, if there are legit configurations where this rears its head, > it is even worse. > Yes. :-) Cheers, -- Ruslan Ermilov Sysadmin and DBA, [EMAIL PROTECTED] Sunbay Software AG, [EMAIL PROTECTED] FreeBSD committer, +380.652.512.251 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
