On Dec 11, 2019, at 09:26 , Saku Ytti <saku@ytti.fi> wrote:
On Wed, 11 Dec 2019 at 19:14, Rob Foehl <rwf@loonybin.net> wrote:
Support claims that it was a mistake, but it's also been 15+ months and it's pretty deliberate behavior. Draw your own conclusions...
TTL decrement issues are fairly common across multiple vendors and hw, can be sw can be hw limit. Common issues for example is if MPLS egress PE receives explicit null labeled packet, it may not be able to decrement TTL. I may lack in imagination, but I struggle to envision a situation where people decided to do this and then decided to be sneaky peaky about it.
All of those would still result in either a dropped packet or some form of erroneous ICMP error message. Responding to an ICMP ECHO REQUEST with a TTL of 1 and a destination address that isn’t local using an ICMP ECHO REPLY spoofing the destination address (the observed behavior) doesn’t fit any of those scenarios. It would require some pretty strong creativity and custom code to implement. Owen