Hello!
> > bind(s, 127.0.0.1)
> > sendto(s, 193.233.7.65)
>
> Somehow I had it in my head that you couldn't send IP packets out an
> interface unless the bound source address matched one of the
> interfaces' addresses.
Certainly not. This question was discussed in 80th f.e. rfc1022
contains some reasonings about "strong" and "weak" ES multihoming models.
Only "weak" model is used really, because "strong" one requires
completely different design of DNS etc.
BTW IPv6 scoped addresses are invented exactly to try to sanitize
(and to generalize) "strong" model.
> But then you go on to say it is could be a user attempt at network
> spoofing so it should be LOG_INFO at least. There should also be
> a limit on how frequently it is generated or you have a trivially
> exploitable denial of service...
and
> Let me clarify it then, there should be a document describing
> what has changed between 2.0 and 2.2 and what effect it might
> have. Expecting users to have studied the RFCs and to then compare
> the source for 2.0 and 2.2 is not a suitable policy for a stable
> kernel release!
Mike, certainly, you are right. Only, unfortunately, there exist
lots of much more improtant things which really require systematic
documentation. If you would blame on poor documentation of new socket
options, traffic control, policy routing...
What's about documenting this feature, it is from area of FAQ. Until someone
asked it (you are the first one, though age of this feature is ~2 years),
it does not take sense to record it, because it is only one small piece
of information. There are lots of such micro-differences.
What's about "stable": did you really see this message?
If you did, it is OK, we made one more step to stabilization. 8)8)
I hope you do not think, that change in version number means something.
BTW this chunk is 2 year old and in fact networking has been frozen
year ago. Really.
Alexey
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
