Great Circle Associates Firewalls
(July 1994)
 

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: Re: producing source routed packets
From: mooks @ csi . gmu . edu (Mark (Mookie))
Date: Fri, 8 Jul 1994 00:35:09 -0400 (EDT)
To: danny @ austin . unimelb . edu . au (Daniel O'Callaghan)
Cc: mjr @ tis . com, pjh70 @ eng . amdahl . com, firewalls @ greatcircle . com
In-reply-to: <Pine . 3 . 89 . 9407081040 . A7574-0100000 @ pet3 . austin . unimelb . edu . au> from "Daniel O'Callaghan" at Jul 8, 94 11:05:53 am

>But I feel much happier with my bastion 
>host having tried and failed to source route through it, than not knowing 
>whether I got the kernel mods right. (Especially when it is Linux, and 
>there is no-one to sue if it doesn't do as it claims).

A word of warning... the reason linux is safe *NOW* from source routing
packets is the routines in /usr/src/linux/net/inet/ip.c to do source
routing arent written yet. This WILL change in the future. (Hopefully
with an appropriate #define to turn it off).

>From linux 1.1.11 /usr/src/linux/net/inet/ip.c
/* these two routines will do routing. */

static void
strict_route(struct iphdr *iph, struct options *opt)
{
}

static void
loose_route(struct iphdr *iph, struct options *opt)
{
}


Please watch your future kernel installs (if you feel the need to do them)
for the implmentation of source routing.

Mark
mark @
 netsys .
 com


References:
Indexed By Date Previous: Re: Faking source address on TCP packets
From: Brent Chapman <brent @ mycroft . GreatCircle . COM>
Next: Re: Faking source address on TCP packets
From: "Rob Tanner" <tanner @ george . arc . nasa . gov>
Indexed By Thread Previous: Re: producing source routed packets
From: "Daniel O'Callaghan" <danny @ austin . unimelb . edu . au>
Next: Re: producing source routed packets
From: John Hawkinson <jhawk @ panix . com>

Google
 
Search Internet Search www.greatcircle.com