Firewalls: Re: producing source routed packets

Firewalls
(July 1994)

Indexed By Thread: [Previous] [Next]

Subject:	Re: producing source routed packets
From:	mooks @ csi . gmu . edu (Mark (Mookie))
Date:	Fri, 8 Jul 1994 00:35:09 -0400 (EDT)
To:	danny @ austin . unimelb . edu . au (Daniel O'Callaghan)
Cc:	mjr @ tis . com, pjh70 @ eng . amdahl . com, firewalls @ greatcircle . com
In-reply-to:	<Pine . 3 . 89 . 9407081040 . A7574-0100000 @ pet3 . austin . unimelb . edu . au> from "Daniel O'Callaghan" at Jul 8, 94 11:05:53 am

>But I feel much happier with my bastion 
>host having tried and failed to source route through it, than not knowing 
>whether I got the kernel mods right. (Especially when it is Linux, and 
>there is no-one to sue if it doesn't do as it claims).

A word of warning... the reason linux is safe *NOW* from source routing
packets is the routines in /usr/src/linux/net/inet/ip.c to do source
routing arent written yet. This WILL change in the future. (Hopefully
with an appropriate #define to turn it off).

>From linux 1.1.11 /usr/src/linux/net/inet/ip.c
/* these two routines will do routing. */

static void
strict_route(struct iphdr *iph, struct options *opt)
{
}

static void
loose_route(struct iphdr *iph, struct options *opt)
{
}


Please watch your future kernel installs (if you feel the need to do them)
for the implmentation of source routing.

Mark
mark @
 netsys .
 com

References:

Re: producing source routed packets
From: "Daniel O'Callaghan" <danny @ austin . unimelb . edu . au>

Indexed By Date	Previous:	Re: Faking source address on TCP packets From: Brent Chapman <brent @ mycroft . GreatCircle . COM>
Indexed By Date	Next:	Re: Faking source address on TCP packets From: "Rob Tanner" <tanner @ george . arc . nasa . gov>
Indexed By Thread	Previous:	Re: producing source routed packets From: "Daniel O'Callaghan" <danny @ austin . unimelb . edu . au>
Indexed By Thread	Next:	Re: producing source routed packets From: John Hawkinson <jhawk @ panix . com>