> From: "George V. Neville-Neil" <[EMAIL PROTECTED]> > Date: Mon, 23 Apr 2007 09:32:04 +0000 (UTC) > Sender: [EMAIL PROTECTED] > > gnn 2007-04-23 09:32:04 UTC > > FreeBSD src repository > > Modified files: > sys/netinet6 route6.c > Log: > Turn off route header processing for now due to issues pointed out > by Philippe Biondi and Arnaud Ebalard. This is a temporary fix > until more discussion can be had on the exact risks involved in > allowing source routing in IPv6 > > Submitted by: itojun > Reviewed by: jinmei > MFC after: 1 day > > Revision Changes Path > 1.13 +7 -0 src/sys/netinet6/route6.c
George, Thanks! I was just typing up a request for this or a sysctl to control the processing of RH0. And thanks for NOT breaking RH2 while you were at it. (That has happened elsewhere.) I am hoping for a sysctl to manage this with the default set disable RH0 processing. I have reviewed the Biondi/Ebalard report and the risks look very real to me. It looks serious enough that it should go into RELENG_6_2, too. As an engineer for a network that routes IPv6 universally and the user of a FreeBSD system that actively employs IPv6 in normal and essential operations, this looks to have the potential for a spectacular DOS. (Note that this message started out over an IPv6 path.) Thanks again! -- R. Kevin Oberman, Network Engineer Energy Sciences Network (ESnet) Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) E-mail: [EMAIL PROTECTED] Phone: +1 510 486-8634 Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751
pgpfIQf3HkSus.pgp
Description: PGP signature