From owner-freebsd-current@FreeBSD.ORG  Thu May  6 15:42:47 2004
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 6C27E16A4CF; Thu,  6 May 2004 15:42:47 -0700 (PDT)
Received: from rwcrmhc13.comcast.net (rwcrmhc13.comcast.net [204.127.198.39])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id B578143D49; Thu,  6 May 2004 15:42:46 -0700 (PDT)
	(envelope-from julian@elischer.org)
Received: from interjet.elischer.org ([24.7.73.28])
          by comcast.net (rwcrmhc13) with ESMTP
          id <20040506224245015007ndl1e>; Thu, 6 May 2004 22:42:46 +0000
Received: from localhost (localhost.elischer.org [127.0.0.1])
	by InterJet.elischer.org (8.9.1a/8.9.1) with ESMTP id PAA85900;
	Thu, 6 May 2004 15:42:44 -0700 (PDT)
Date: Thu, 6 May 2004 15:42:43 -0700 (PDT)
From: Julian Elischer <julian@elischer.org>
To: "David W. Chapman Jr." <dwcjr@inethouston.net>
In-Reply-To: <20040506223545.GA61873@minubian.inethouston.net>
Message-ID: <Pine.BSF.4.21.0405061542170.82978-100000@InterJet.elischer.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
cc: freebsd-net@freebsd.org
cc: freebsd-current@freebsd.org
cc: Andre Oppermann <andre@freebsd.org>
Subject: Re: Default behaviour of IP Options processing
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 06 May 2004 22:42:47 -0000



On Thu, 6 May 2004, David W. Chapman Jr. wrote:

> > We are using RR option all the time to track down routing asymmetry
> > and traceroute is not an option, ping -R is very useful in that cases.
> > We all know that ipfw (and I am sure all other *pf*) is able to
> > process ip opts quite well and personally see no point in this
> > sysctls.  I fail to see a documentation update (inet.4 ?) as well.
> > 
> > It is not clear for me why you ever ask for opinions after commit not
> > before.  Strick "nay" if you care :-)
> 
> He hasn't changed the default yet.  But I think for the select few 
> who actually use such tcp options, they can enable it.  Most of the 
> users however will not need this.  I think the point that is trying 
> to be made is that they want the default installation to be more 
> secure and those who need these features can simply turn them on.

what security problem are you expecting?


> 
> -- 
> David W. Chapman Jr.
> dwcjr@inethouston.net	Raintree Network Services, Inc. <www.inethouston.net>
> _______________________________________________
> freebsd-net@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
>