On Sun, Nov 20, 2022 at 05:28:06PM -0500, Stefan R. Filipek wrote:
> My router advertises its MTU over ICMPv6 router advertisements. It's
> somewhat large (9216), and exceeds the hardware capabilities of my
> OpenBSD system's rge interface (9194). This results in a bunch of
> noisy log messages of:
On 2022-11-21, Stefan R. Filipek wrote:
> On the IPv6 front:
>
> What gives me further hesitation is that not matching the
> router-advertised MTU may still lead to issues.
>
> RFC 4861 notes:
>> Neighbor Discovery allows routers to specify an
>> MTU for the link, which all nodes then use. All
>>
> But it is still more kernel code reached.
Very true. And I appreciate the feedback on due diligence in general.
On the IPv6 front:
What gives me further hesitation is that not matching the
router-advertised MTU may still lead to issues.
RFC 4861 notes:
> Neighbor Discovery allows routers to s
Stefan R. Filipek wrote:
> > they could change the mtu on an interface.
>
> No. I'm only proposing the ability to GET the MTU (SIOCG...).
>
> Setting the MTU (SIOCSIFMTU) is currently in "wroute", which slaacd
> already has pledged.
OK.
But it is still more kernel code reached.
> they could change the mtu on an interface.
No. I'm only proposing the ability to GET the MTU (SIOCG...).
Setting the MTU (SIOCSIFMTU) is currently in "wroute", which slaacd
already has pledged.
On Sun, Nov 20, 2022 at 5:59 PM Theo de Raadt wrote:
>
> the v6 people in the group will consider t
the v6 people in the group will consider the v6 aspects.
I wanted to comment on the "let's change pledge!" enthusiasm, which is
again failed to consider the other programs which are affected by such
a proposed change. Any proposal must consider the impact in *ALL PROGRAMS*.
I do this all the tim
sorry you've missed the point entire, and didn't answer either question.
the shortlist of affected programs is:
dhclientdhcpleased iked route
slaacd bgpd dhcpddhcrelay
ifstatedradroute6d
with your proposal, if any of
> you've failed to ask the two required questions
They were implied (with the security-minded audience in mind). I chose brevity.
> If one of them gets subverted, what danger can it cause?
This question matters the most, and the answer really determines if we
even care about the first implied qu
> 1. Does it make sense to add SIOCGIFHARDMTU (and maybe SIOCGIFMTU too)
> to pledge("route")?
No, I don't think so.
Set it ahead of time.
(In particular, you've failed to ask the two required questions: If this is
capability is added to all programs that use "route", what is that list
of progr
My router advertises its MTU over ICMPv6 router advertisements. It's
somewhat large (9216), and exceeds the hardware capabilities of my
OpenBSD system's rge interface (9194). This results in a bunch of
noisy log messages of:
> slaacd[...]: failed to set MTU: Invalid argument
And the obvious outco
10 matches
Mail list logo
