Subject: Re: making our tcp/ip a strong-end system
To: None <>
From: Michael Richardson <>
List: tech-net
Date: 11/08/1998 20:25:00
>>>>> "Havard" == Havard Eidnes <> writes:
Havard> Hm, if I have understood what the "strong host model" is
Havard> about, I think there is a place for a "strong router
Havard> model" too. The corresponding function in a router would
Havard> be to refuse to forward a packet entering an interface if
Havard> the router did not have a route for the source address in
Havard> the packet pointing back out the same interface the packet
Havard> entered on.
This is often called ingress filtering. The method that you propose
to use is the correct one, but it needs to implemented properly. Given
that a strong router probably also wants to be a strong host, I
suspect it may be time to build (or extend the PCB hash) to handle
caching these decisions.
[The company I'm currently working for, Solidum Systems actually
provides hardware to do this and other things, and we'll have a NetBSD
driver before Xmas for the card that will likely to exactly this as
its first sample application]
] Internet Security. Have encryption, will travel |1 Fish/2 Fish[
] Michael Richardson, Sandelman Software Works, Ottawa, ON |Red F./Blow F[
] |strong crypto[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy"); [
Version: 2.6.3ia
Charset: latin1
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface