From nobody Fri Jun 14 18:15:02 2024
X-Original-To: freebsd-net@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4W16rZ2XBFz5PGqx
	for <freebsd-net@mlmmj.nyi.freebsd.org>; Fri, 14 Jun 2024 18:15:10 +0000 (UTC)
	(envelope-from bsd-lists@bsdforge.com)
Received: from udns.ultimatedns.net (udns.ultimatedns.net [24.113.41.81])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "ultimatedns.net", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4W16rY6P4Kz49YF;
	Fri, 14 Jun 2024 18:15:09 +0000 (UTC)
	(envelope-from bsd-lists@bsdforge.com)
Authentication-Results: mx1.freebsd.org;
	none
Received: from ultimatedns.net (localhost [127.0.0.1])
	by udns.ultimatedns.net (8.16.1/8.16.1) with ESMTP id 45EIF2rr000719;
	Fri, 14 Jun 2024 11:15:08 -0700 (PDT)
	(envelope-from bsd-lists@bsdforge.com)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=ultimatedns.net;
	s=mx99; t=1718388908; x=1718389508; r=y;
	bh=1lNIf4hKo5Ci/5MQH6iLxuXCku1cTsyfy85fE6bKUwQ=;
	h=Date:From:To:Cc:Subject:In-Reply-To:References;
	b=amdbzP/uMcabMiSbMsWSP1FKrKbs+jstkVOQScktryIGlmtgJv3hDK0A8PsDgwYL9
	 ZwrEo4/8Fq0hAlQy9O59WHrB6eE9RlxBj7qrhUSkSbbpTUHh3pYT34Y+ZPOxkmJCvu
	 Yhs3FVQqPF8Zr10ZhRa9eB7s/xxW3V2nV0nD1+SQexBKMpiG1T9uSEYEtT49EimQu/
	 8OnMnW78HOBgoWe3/dNGFnKLSXRdDVhGDBBmVL6qKYPs+mYScm1sIAGkbIH11U8Sgc
	 p78FtKGiwiGiGB2no09JxLIxxqcnGlYbnsgNn/ed6TLbwVBXum9PNfPScNNK6Cp75x
	 ZMxKFYwDg5CqQ==
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-net
List-Help: <mailto:freebsd-net+help@freebsd.org>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Subscribe: <mailto:freebsd-net+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-net+unsubscribe@freebsd.org>
Sender: owner-freebsd-net@FreeBSD.org
MIME-Version: 1.0
Date: Fri, 14 Jun 2024 11:15:02 -0700
From: Chris <bsd-lists@bsdforge.com>
To: Ed Maste <emaste@freebsd.org>
Cc: "Rodney W. Grimes" <freebsd-rwg@gndrsh.dnsmgr.net>,
        freebsd-net@freebsd.org
Subject: Re: Discarding inbound ICMP REDIRECT by default
In-Reply-To: <CAPyFy2DmbfYOYvWKm7+fq5RMgM8que6OW7LKJHKoMH=L+9-wwg@mail.gmail.com>
References: <202406122147.45CLlsgN042313@gndrsh.dnsmgr.net>
 <72ceb2fe26812a237a17bd8de4024b7f@bsdforge.com>
 <CAPyFy2DmbfYOYvWKm7+fq5RMgM8que6OW7LKJHKoMH=L+9-wwg@mail.gmail.com>
User-Agent: UDNSMS/17.0
Message-ID: <3c5aeeae30d6b21b8fa408126bf9230c@bsdforge.com>
X-Sender: bsd-lists@bsdforge.com
Content-Type: text/plain; charset=US-ASCII;
 format=flowed
Content-Transfer-Encoding: 7bit
X-Spamd-Bar: ----
X-Rspamd-Pre-Result: action=no action;
	module=replies;
	Message is reply to one we originated
X-Spamd-Result: default: False [-4.00 / 15.00];
	REPLY(-4.00)[];
	ASN(0.00)[asn:11404, ipnet:24.113.0.0/16, country:US]
X-Rspamd-Queue-Id: 4W16rY6P4Kz49YF

On 2024-06-14 05:50, Ed Maste wrote:
> On Wed, 12 Jun 2024 at 18:05, Chris <bsd-lists@bsdforge.com> wrote:
>> 
>> As Rodeney already effectively explains; dropping packets makes routing,
>> and discovery exceedingly difficult. Which is NOT what the average user
>> wants,
> 
> This is on end hosts only, not routers (which already drop ICMP REDIRECT).
> 
>> or expects. I use "set block-policy drop" in pf(4). But as already noted,
>> this is for "filtering" purposes. Your suggestion also has the negative
>> affect
>> of hanging remote ports. Which can result in other negative results by 
>> peers.
> 
> I don't follow -- how does a host not processing ICMP REDIRECT cause
> these effects?
It appears I may have overstated my point here. Dropping redirects isn't
(necessarily) out of line. I was thinking in terms of dropping (all) queries.
Which is wrong in this context. Sorry. :)
Thanks for taking the time to respond.

--Chris