On 11/02/06 16:18, YOSHIFUJI Hideaki wrote: > In article <[EMAIL PROTECTED]> (at Thu, 02 Nov 2006 15:16:23 +0200), Ville > Nuorvala <[EMAIL PROTECTED]> says: > >> On 11/02/06 14:59, YOSHIFUJI Hideaki wrote: >>> In article <[EMAIL PROTECTED]> (at Thu, 02 Nov 2006 13:39:19 +0200), Ville >>> Nuorvala <[EMAIL PROTECTED]> says: >>> >>>> read_unlock(&ip6ip6_lock); >>>> - return 1; >>>> - >>>> + icmpv6_send(skb, ICMPV6_DEST_UNREACH, >>>> + ICMPV6_ADDR_UNREACH, 0, skb->dev); >>>> discard: >>> I'd argue this. We probably should not send back any ICMPv6 packets >>> to the original sender in this case to avoid DoS. >> Sorry, I don't follow you. I don't see the DoS scenario here (after we >> apply the patch, that is ;-). > > Well, leaving aside whether sending icmpv6 is good thing (*), > the code for sending icmpv6 was moved from ip6_tunnel.c > to tunnel6.c by commit-id 50fba2aa7cefa6b0e1768cb350c9e69042320c03 > by Herbert. > > The ip6_tunnel.c change that Herbert made does not seem consistent > with ipip.c change. To fix your issue the appropriate change is just > fall through to discard section, as we're doing for ipip.c. > > Please do not re-add sending icmpv6 logic here. > If you DO think it is appropriate, please fix other codes > such as ipip.c, and your comment.
Ok, I'll resubmit a patch doesn't send an ICMPv6 error message. Regards, Ville - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
