Morning,
On 00:35+0300, Dec 20, 2001, Yar Tikhiy wrote: > On Wed, Dec 19, 2001 at 08:54:50PM +0300, Maxim Konovalov wrote: > > > > By the way, is it correct to forward the packet with incorrect ip > > options? Now we do not. > > No RFC seems to specify that particularly. However, RFC 1812 reads > in general: > > (1) A router MUST verify the IP header, as described in section > [5.2.2], before performing any actions based on the contents of > the header. This allows the router to detect and discard bad > packets before the expenditure of other resources. > > Meanwhile more IP option issues came to my attention... > > Neither RFC 791 nor RFC 1122 nor RFC 1812 specify the following: > if a source-routed IP packet reachs the end of its route, but its > destination address doesn't match a current host/router, whether > the packet should be discarded, sent forth through usual routing > or accepted as destined for this host? FreeBSD will route such a > packet as usual. Stevens, TCP Ill. vII, p.257 says: "If the destination address of the packet does not match one of the local addresses and the option is a strict source routing (IPOPT_SSRR), an ICMP source route failure error is sent. If a local address isn't listed in the route, the previous system sent the packet to the wrong host. This isn't an error for a loose source route (IPOPT_LSRR); it means IP must forward the packet toward the destionation." That is what ip_input does near the line 1193. > Then, a FreeBSD host (net.inet.ip.forwarding=0) will respond with > Source Route Failed ICMPs to source-routed IP packets if source > route processing is prohibited using net.inet.ip.sourceroute or > net.inet.ip.accept_sourceroute. To my mind, it may be deduced > from RFC 1122 that a host must stay silent in this case... -- Maxim Konovalov, MAcomnet, Internet-Intranet Dept., system engineer phone: +7 (095) 796-9079, mailto: [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
