[hipl-dev] Re: [Question #194991]: "Invalid I1 packet with payload detected" when using RVS and HIPFW
- From: Miika Komu <question194991@xxxxxxxxxxxxxxxxxxxxx>
- To: hipl-dev@xxxxxxxxxxxxx
- Date: Fri, 27 Apr 2012 18:10:54 -0000
Question #194991 on HIPL changed:
https://answers.launchpad.net/hipl/+question/194991
Miika Komu posted a new comment:
The current way of handling the issue conflicts with RVS and also HIPv2
when it hits the trunk. I would suggest to revert this patch from the
trunk until its properly solved:
revno: 6363
committer: Diego Biurrun <diego@xxxxxxxxxx>
branch nick: trunk
timestamp: Tue 2012-03-27 14:51:53 +0200
message:
hipfw: Reject I1 packets larger than the HIP header size.
By accepting I1 packets that exceed the HIP header size we would open
ourselves
up to cross-firewall communication. Hosts could exchange I1 packets between
themselves and attach arbitrary payload after the HIP header.
modified:
hipfw/conntrack.c
hipfw/hipfw_defines.h
--
You received this question notification because you are a member of HIPL
core team, which is an answer contact for HIPL.
Other related posts:
