On 2024-06-13 06:34, Rodney W. Grimes wrote:
On 2024-06-12 15:05, Chris wrote:
> On 2024-06-12 14:47, Rodney W. Grimes wrote:
>>> I propose that we start dropping inbound ICMP REDIRECTs by default, by
>>> setting the net.inet.icmp.drop_redirect sysctl to 1 by default (and
>>> changing the associa
> > > Discarding ICMP redirects on a internet host is non-conformant with
> > > STD-3 via rfc-1122. Processing of ICMP rediects is a MUST for hosts.
> >
> > In that case our default of "auto" is non-conformant if you have a
> > routing daemon.
>
> NO, because then your not subject to rfc-1122 as y
On Wed, 12 Jun 2024 at 18:05, Chris wrote:
>
> As Rodeney already effectively explains; dropping packets makes routing,
> and discovery exceedingly difficult. Which is NOT what the average user
> wants,
This is on end hosts only, not routers (which already drop ICMP REDIRECT).
> or expects. I us
> On Wed, 12 Jun 2024 at 18:05, Chris wrote:
> >
> > As Rodeney already effectively explains; dropping packets makes routing,
> > and discovery exceedingly difficult. Which is NOT what the average user
> > wants,
>
> This is on end hosts only, not routers (which already drop ICMP REDIRECT).
Prob
> > > > Discarding ICMP redirects on a internet host is non-conformant with
> > > > STD-3 via rfc-1122. Processing of ICMP rediects is a MUST for hosts.
> > >
> > > In that case our default of "auto" is non-conformant if you have a
> > > routing daemon.
> >
> > NO, because then your not subject to
On Fri, 14 Jun 2024 at 09:52, Rodney W. Grimes
wrote:
> >
> > I would argue that having IP forwarding enabled (i.e.
> > net.inet.ip.forwarding for IPv4) is what establishes FreeBSD as a
> > router, and ICMP REDIRECT messages are already dropped in kernel in
> > that case.
>
> Yet another mistake b
On Fri, 14 Jun 2024 at 09:57, Rodney W. Grimes
wrote:
>
> I am not sure that it would "hang" the port, but by ignoring the
> rediect your going to place additional burden on the router that
> is trying to redirect you as all packets would have to be forwarded
> by that router. I suppose it could
> On Fri, 14 Jun 2024 at 09:52, Rodney W. Grimes
> wrote:
> > >
> > > I would argue that having IP forwarding enabled (i.e.
> > > net.inet.ip.forwarding for IPv4) is what establishes FreeBSD as a
> > > router, and ICMP REDIRECT messages are already dropped in kernel in
> > > that case.
> >
> > Yet
W dniu 8.05.2024 o 21:14, Ed Maste pisze:
It may make sense to apply the same default change for IPv6, but I
don't think we need to tie the two discussions / investigations
together.
IMHO it is important to link ICMP6 with ICMP in terms of ICMP
redirection. I have the impression that we are ne
On Fri, 14 Jun 2024 at 11:13, Rodney W. Grimes
wrote:
>
> That section is about how the router responds to an ICMP redirect
> set to IT, not one that is going THROUGH it.
Sorry I wasn't explicit, in all cases I'm talking about ICMP REDIRECTs
destined for the machine (as a host or as a router). Th
> On Fri, 14 Jun 2024 at 11:13, Rodney W. Grimes
> wrote:
> >
> > That section is about how the router responds to an ICMP redirect
> > set to IT, not one that is going THROUGH it.
>
> Sorry I wasn't explicit, in all cases I'm talking about ICMP REDIRECTs
> destined for the machine (as a host or
On 2024-06-14 05:50, Ed Maste wrote:
On Wed, 12 Jun 2024 at 18:05, Chris wrote:
As Rodeney already effectively explains; dropping packets makes routing,
and discovery exceedingly difficult. Which is NOT what the average user
wants,
This is on end hosts only, not routers (which already drop I
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=279653
--- Comment #3 from Zhenlei Huang ---
(In reply to Andrey V. Elsukov from comment #2)
Emm, I guess we have to disassemble the kernel file to figure out what happens
behind, if this can not be repeated.
--
You are receiving this mail becau
13 matches
Mail list logo
