From: Bill Fink <billfink@mindspring.com>
To: Francois-Xavier Le Bail <fx.lebail@yahoo.com>
Cc: netdev@vger.kernel.org,
Hannes Frederic Sowa <hannes@stressinduktion.org>,
"David S. Miller" <davem@davemloft.net>,
Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>,
James Morris <jmorris@namei.org>,
Hideaki Yoshifuji <yoshfuji@linux-ipv6.org>,
Patrick McHardy <kaber@trash.net>
Subject: Re: [PATCH net-next v5] IPv6: add the option to use anycast addresses as source addresses in echo reply
Date: Tue, 7 Jan 2014 17:55:07 -0500 [thread overview]
Message-ID: <20140107175507.fb543c70.billfink@mindspring.com> (raw)
In-Reply-To: <1389103047-3380-1-git-send-email-fx.lebail@yahoo.com>
On Tue, 7 Jan 2014, Francois-Xavier Le Bail wrote:
> This change allows to follow a recommandation of RFC4942.
>
> - Add "anycast_src_echo_reply" sysctl to control the use of anycast addresses
> as source addresses for ICMPv6 echo reply. This sysctl is false by default
> to preserve existing behavior.
> - Add inline check ipv6_anycast_destination().
> - Use them in icmpv6_echo_reply().
>
> Reference:
> RFC4942 - IPv6 Transition/Coexistence Security Considerations
> (http://tools.ietf.org/html/rfc4942#section-2.1.6)
>
> 2.1.6. Anycast Traffic Identification and Security
>
> [...]
> To avoid exposing knowledge about the internal structure of the
> network, it is recommended that anycast servers now take advantage of
> the ability to return responses with the anycast address as the
> source address if possible.
>
> Signed-off-by: Francois-Xavier Le Bail <fx.lebail@yahoo.com>
> ---
> v4: update Subject and Documentation, this work also with anycast addresses
> created via API, not just with Subnet-Router anycast addresses.
>
> v5: alternative way, replace ipv6_chk_acast_addr() test by
> ipv6_anycast_destination() test.
Why is ICMPV6 Echo Reply special? Can't the internal structure
of the network be divined from other ICMPv6 responses such as
Destination Unreachable, Time Exceeded (Hop Limit), and Parameter
Problem.
-Bill
next prev parent reply other threads:[~2014-01-07 22:55 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-01-07 13:57 [PATCH net-next v5] IPv6: add the option to use anycast addresses as source addresses in echo reply Francois-Xavier Le Bail
2014-01-07 19:14 ` Hannes Frederic Sowa
2014-01-08 8:06 ` François-Xavier Le Bail
2014-01-07 20:51 ` Hannes Frederic Sowa
2014-01-08 8:17 ` François-Xavier Le Bail
2014-01-08 8:22 ` Hannes Frederic Sowa
2014-01-07 20:52 ` David Miller
2014-01-07 22:55 ` Bill Fink [this message]
2014-01-07 23:01 ` Hannes Frederic Sowa
2014-01-07 23:17 ` Hannes Frederic Sowa
2014-01-08 9:56 ` François-Xavier Le Bail
2014-01-07 23:33 ` David Miller
2014-01-07 23:39 ` Hannes Frederic Sowa
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140107175507.fb543c70.billfink@mindspring.com \
--to=billfink@mindspring.com \
--cc=davem@davemloft.net \
--cc=fx.lebail@yahoo.com \
--cc=hannes@stressinduktion.org \
--cc=jmorris@namei.org \
--cc=kaber@trash.net \
--cc=kuznet@ms2.inr.ac.ru \
--cc=netdev@vger.kernel.org \
--cc=yoshfuji@linux-ipv6.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.