tech-net: heads up: IPv6 routing header 0 issues

Subject: heads up: IPv6 routing header 0 issues
To: None <tech-net@netbsd.org>
From: Gert Doering <gert@greenie.muc.de>
List: tech-net
Date: 04/25/2007 08:46:05

Hi,

I'm not sure whether "the NetBSD network folks" are aware of the following
issue:

http://www.secdev.org/conf/IPv6_RH_security-csw07.pdf

it's about IPv6 type 0 routing headers, and the fact that all BSDs are
processing them to forward frames, even if ip6.forwarding = 0.

OpenBSD and FreeBSD have commited changes to their stacks yesterday
already (do not forward frames if we're not a router), so there seems to 
be some sort of consensus on what's "the right thing to do".

I'm not qualified to work on adding RH0 filtering to pf(4), but if 
nobody better qualified can find time, I could try to look at the FreeBSD 
patches and see whether they can easily fit into NetBSD.

gert

-- 
USENET is *not* the non-clickable part of WWW!
                                                           //www.muc.de/~gert/
Gert Doering - Munich, Germany                             gert@greenie.muc.de
fax: +49-89-35655025                        gert@net.informatik.tu-muenchen.de