Re: [PATCH] RAW6: Do not allow set IPV6_CHECKSUM for ICMPv6 socket

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "Rémi Denis-Courmont" <rdenis@simphalempin.com>
To: "YOSHIFUJI Hideaki / 吉藤英明" <yoshfuji@linux-ipv6.org>
Cc: davem@davemloft.net, ellre923@gmail.com, wangchen@cn.fujitsu.com,
	netdev@vger.kernel.org
Subject: Re: [PATCH] RAW6: Do not allow set IPV6_CHECKSUM for ICMPv6 socket
Date: Thu, 24 Apr 2008 18:26:52 +0300	[thread overview]
Message-ID: <200804241826.52507.rdenis@simphalempin.com> (raw)
In-Reply-To: <20080424.211953.52921169.yoshfuji@linux-ipv6.org>

Le Thursday 24 April 2008 15:19:53 YOSHIFUJI Hideaki / 吉藤英明, vous avez écrit :
> RFC3542 discusses about IPPROTO_IPV6 level IPV6_CHECKSUM socket option
> only. IPPROTO_RAW level IPV6_CHECKSUM socket option is undocumented Linux
> extension.  So, we are free to choose allowing setting that option on
> ICMPv6 socket as we have been doing.

I wonder why RFC3542 forbids the contentious case. Is it a security 
consideration, that userland should not be allowed to create bogus ICMPv6 
packets (IPV6_CHECKSUM can be set after dropping root after opening a raw 
socket, right?), or is it just some random IETF folklore ??

I'd note that my ndisc6 package does call setsockopt(SOL_IPV6, 
ICMPV6_CHECKSUM). Fortunately, it does not check for error values, so I don't 
really care if this is changed.

-- 
Rémi Denis-Courmont
http://www.remlab.net/

next prev parent reply	other threads:[~2008-04-24 15:46 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-04-18 10:32 [PATCH] RAW6: Do not allow set IPV6_CHECKSUM for ICMPv6 socket Wang Chen
2008-04-18 11:09 ` David Miller
2008-04-20  7:18   ` Wang Chen
2008-04-20  7:33     ` David Miller
2008-04-20  9:18       ` Wang Chen
2008-04-20  9:38         ` YOSHIFUJI Hideaki / 吉藤英明
2008-04-20  9:37           ` David Miller
     [not found]           ` <dd9c5f130804200342r4bdc938fq4af15c9747ba6e06@mail.gmail.com>
2008-04-24 10:48             ` David Miller
2008-04-24 12:19               ` YOSHIFUJI Hideaki / 吉藤英明
2008-04-24 15:26                 ` Rémi Denis-Courmont [this message]
2008-04-25  1:03                   ` Wang Chen
2008-04-25  4:46                     ` David Miller
2008-04-25  4:31                 ` David Miller

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=200804241826.52507.rdenis@simphalempin.com \
    --to=rdenis@simphalempin.com \
    --cc=davem@davemloft.net \
    --cc=ellre923@gmail.com \
    --cc=netdev@vger.kernel.org \
    --cc=wangchen@cn.fujitsu.com \
    --cc=yoshfuji@linux-ipv6.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.