From owner-freebsd-hackers  Wed Dec  2 13:28:15 1998
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id NAA06824
          for freebsd-hackers-outgoing; Wed, 2 Dec 1998 13:28:15 -0800 (PST)
          (envelope-from owner-freebsd-hackers@FreeBSD.ORG)
Received: from gvr.gvr.org (gvr.gvr.org [194.151.74.97])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id NAA06807
          for <hackers@FreeBSD.ORG>; Wed, 2 Dec 1998 13:28:03 -0800 (PST)
          (envelope-from guido@gvr.org)
Received: (from guido@localhost)
	by gvr.gvr.org (8.8.8/8.8.5) id WAA23322;
	Wed, 2 Dec 1998 22:27:02 +0100 (MET)
Message-ID: <19981202222702.A23308@gvr.org>
Date: Wed, 2 Dec 1998 22:27:02 +0100
From: Guido van Rooij <guido@gvr.org>
To: Nate Williams <nate@mt.sri.com>
Cc: Daniel Eischen <eischen@vigrid.com>, dillon@apollo.backplane.com,
        hackers@FreeBSD.ORG, luigi@labinfo.iet.unipi.it
Subject: Re: TCP bug
References: <199812021626.LAA27156@pcnet1.pcnet.com> <199812021636.JAA06068@mt.sri.com> <19981202215730.B23018@gvr.org> <199812022104.OAA07720@mt.sri.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.93.2i
In-Reply-To: <199812022104.OAA07720@mt.sri.com>; from Nate Williams on Wed, Dec 02, 1998 at 02:04:20PM -0700
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Wed, Dec 02, 1998 at 02:04:20PM -0700, Nate Williams wrote:
> > In my previous mail I already stated why things can go wrong if the
> > www server on the internet has a badly configured packet filter.
> > In your case it seems that your router is badly configured. Does it
> > filter out ICMP ICMP_UNREACH_NEEDFRAG pakcets from the ethernet to
> > the ouside, but not from your router to the outside?
> 
> See my followup.  I don't filter out ICMP type 3 packets, but instead
> allow them.  (I can't take any credit for this, it was part of the
> firewall ruleset PHK gave me years ago...)

Yes I saw that too late. Anyway the bottom line is that the amount of clue
on the internet is realling getting so low that new developments (well..new)
like path MTU discovery can no longer be used. And when you try to
convince the owners of the web site to change their packet filter
(because usually it is theirs that is causing the problems) you easily
give up after talking to the n-th clueless person.

It is my fear that the current cluelessness will have a severe impact
on other new developments as well.



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message