From: YOSHIFUJI Hideaki / 吉藤英明 <[EMAIL PROTECTED]> Date: Thu, 10 Jan 2008 08:46:55 +0900 (JST)
> In article <[EMAIL PROTECTED]> (at Wed, 09 Jan 2008 15:32:12 -0800 (PST)), > David Miller <[EMAIL PROTECTED]> says: > > > I question any RFC mandate that shuts down IP communication on a node > > because of packets received from remote systems. > > RFC4862 tell us that we SHOULD disable IP communication. > (IP means IPv6 here; IPv4 is out of scope.) > In IETF term, a SHOULD is almost a MUST. We are required to follow > unless we have very good reason to ignore it. A DoS by definition is a very good reason. > > If the TAHI test can trigger this, so can a compromised system on your > > network and won't that be fun? :-) > > So, I know the specification, but I have ignored it. > I think it is fine to implent in some way, but I do think we must have > a switch not to do this. Because of the above, the existing behavior must still stay the default. I hope this is your plan. By default Linux will not implement this SHOULD, it's a security issue. I more and more do not like these conformance tests, they leave no room whatsoever for handling bugs or ill-specified features in the specification. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html