From owner-freebsd-net  Mon Dec 24 19:25:26 2001
Delivered-To: freebsd-net@freebsd.org
Received: from mars-gw.morning.ru (ns.morning.ru [195.161.98.5])
	by hub.freebsd.org (Postfix) with ESMTP
	id 979E637B405; Mon, 24 Dec 2001 19:25:20 -0800 (PST)
Received: from NDNM ([195.161.98.250])
	by mars-gw.morning.ru (8.11.5/8.11.5) with ESMTP id fBP3PI710679;
	Tue, 25 Dec 2001 10:25:19 +0700 (KRAT)
Date: Tue, 25 Dec 2001 10:26:46 +0700
From: Igor M Podlesny <poige@morning.ru>
X-Mailer: The Bat! (v1.53d) Business
Organization: Morning Network
X-Priority: 3 (Normal)
Message-ID: <121521816522.20011225102646@morning.ru>
To: Yar Tikhiy <yar@FreeBSD.ORG>
Cc: Maxim Konovalov <maxim@macomnet.ru>, net@FreeBSD.ORG,
	hackers@FreeBSD.ORG
Subject: Re[2]: Processing IP options reveals IPSTEALH router
In-Reply-To: <20011224225343.A5819@comp.chem.msu.su>
References: <20011221185118.B25868@comp.chem.msu.su>
 <20011223022614.U18529-100000@news1.macomnet.ru>
 <20011224225343.A5819@comp.chem.msu.su>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-net.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-net>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-net>
X-Loop: FreeBSD.org


> On Sun, Dec 23, 2001 at 02:29:14AM +0300, Maxim Konovalov wrote:
>> 
>> On 18:51+0300, Dec 21, 2001, Yar Tikhiy wrote:
>> 
>> > I made a patch that adds the "stealthy IP options feature".
>> > Honestly, now I'm afraid it's "much ado about nothing", given how
>> > clumsy solution is needed for such a small problem.  Even the way
>> > of ignoring IP options completely when doing IPSTEALTH looks way
>> > better...
>> 
>> IMHO it is not a good idea to forward a packet with possible incorrect
>> ip options.

> Forwarding a packet without decreasing its TTL may be even worse idea :-)

yeah.

Two  routers  with  IPSTEALTH  and  wrong  routing (when A-box sends a
datagram  to  B-box  and the B-box uses the default route to A-box for
it)  will  effectively  eat up the channel between them... And this is
quite easy to set up...

> We're breaking the standard with IPSTEALTH anyway, so to my mind the
> best idea is to avoid spoiling the system code too much.
 
>> The patch looks OK for me.

> All right, if anyone else feels committing that patch of mine is
> OK and tells that to me, I'll commit it.

-- 
Igor M Podlesny a.k.a. Poige
http://www.morning.ru/~poige


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message