From owner-freebsd-net  Mon Dec 24 11:53:52 2001
Delivered-To: freebsd-net@freebsd.org
Received: from comp.chem.msu.su (comp-ext.chem.msu.su [158.250.32.157])
	by hub.freebsd.org (Postfix) with ESMTP
	id B33F337B41A; Mon, 24 Dec 2001 11:53:46 -0800 (PST)
Received: (from yar@localhost)
	by comp.chem.msu.su (8.11.1/8.11.1) id fBOJrhH07686;
	Mon, 24 Dec 2001 22:53:44 +0300 (MSK)
	(envelope-from yar)
Date: Mon, 24 Dec 2001 22:53:43 +0300
From: Yar Tikhiy <yar@FreeBSD.ORG>
To: Maxim Konovalov <maxim@macomnet.ru>
Cc: net@FreeBSD.ORG, hackers@FreeBSD.ORG
Subject: Re: Processing IP options reveals IPSTEALH router
Message-ID: <20011224225343.A5819@comp.chem.msu.su>
References: <20011221185118.B25868@comp.chem.msu.su> <20011223022614.U18529-100000@news1.macomnet.ru>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <20011223022614.U18529-100000@news1.macomnet.ru>; from maxim@macomnet.ru on Sun, Dec 23, 2001 at 02:29:14AM +0300
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-net.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-net>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-net>
X-Loop: FreeBSD.org

On Sun, Dec 23, 2001 at 02:29:14AM +0300, Maxim Konovalov wrote:
> 
> On 18:51+0300, Dec 21, 2001, Yar Tikhiy wrote:
> 
> > I made a patch that adds the "stealthy IP options feature".
> > Honestly, now I'm afraid it's "much ado about nothing", given how
> > clumsy solution is needed for such a small problem.  Even the way
> > of ignoring IP options completely when doing IPSTEALTH looks way
> > better...
> 
> IMHO it is not a good idea to forward a packet with possible incorrect
> ip options.

Forwarding a packet without decreasing its TTL may be even worse idea :-)
We're breaking the standard with IPSTEALTH anyway, so to my mind the
best idea is to avoid spoiling the system code too much.
 
> The patch looks OK for me.

All right, if anyone else feels committing that patch of mine is
OK and tells that to me, I'll commit it.

-- 
Yar

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message