From e5fe0b9c14661f8a4d64ed0dc536b3e9ba16ca37 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Thu, 23 Aug 2012 15:11:43 +0200 Subject: [PATCH] doc: update xt_SYSRQ.man to reflect that the full IPv6 address is needed xt_SYSRQ uses NIP6_FMT, so requires the expanded form for the digest. Reported-by: Jan Krcmar --- doc/changelog.txt | 1 + extensions/libxt_SYSRQ.man | 6 +++--- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/doc/changelog.txt b/doc/changelog.txt index 348774a..e315d58 100644 --- a/doc/changelog.txt +++ b/doc/changelog.txt @@ -5,6 +5,7 @@ Fixes: - length2, SYSRQ, RAWNAT: preinitialize values for ipv6_find_hdr - TARPIT: fix memory leak when tarpit_generic() fails - build: build: remove extraneous closing bracket in configure.ac +- doc: update xt_SYSRQ.man to reflect that the full IPv6 address is needed v1.45 (2012-07-16) diff --git a/extensions/libxt_SYSRQ.man b/extensions/libxt_SYSRQ.man index ab230a8..ade9f13 100644 --- a/extensions/libxt_SYSRQ.man +++ b/extensions/libxt_SYSRQ.man @@ -62,7 +62,7 @@ password="password" seqno="$(date +%s)" salt="$(dd bs=12 count=1 if=/dev/urandom 2>/dev/null | openssl enc \-base64)" -ipaddr=10.10.25.7 +ipaddr="2001:0db8:0000:0000:0000:ff00:0042:8329" req="$sysrq_key,$seqno,$salt" req="$req,$(echo \-n "$req,$ipaddr,$password" | sha1sum | cut \-c1\-40)" @@ -75,8 +75,8 @@ sysrq key can be used at once, but bear in mind that, for example, a sync may not complete before a subsequent reboot or poweroff. .PP An IPv4 address should have no leading zeros, an IPv6 address should -be in the form recommended by RFC 5952. The debug option will log the -correct form of the address. +be in the full expanded form (as shown above). The debug option will cause +output to be emitted in the same form. .PP The hashing scheme should be enough to prevent mis-use of SYSRQ in many environments, but it is not perfect: take reasonable precautions to