From owner-freebsd-net Sun Dec 17 13:12:32 2000 From owner-freebsd-net@FreeBSD.ORG Sun Dec 17 13:12:30 2000 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id A974637B400; Sun, 17 Dec 2000 13:12:29 -0800 (PST) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.11.1/8.11.1) with SMTP id eBHLCJe53127; Sun, 17 Dec 2000 16:12:20 -0500 (EST) (envelope-from robert@fledge.watson.org) Date: Sun, 17 Dec 2000 16:12:19 -0500 (EST) From: Robert Watson X-Sender: robert@fledge.watson.org To: Jesper Skriver Cc: "Jacques A. Vidrine" , freebsd-net@FreeBSD.org, Poul-Henning Kamp , Kris Kennaway , security-officer@FreeBSD.org Subject: Re: cvs commit: src/sys/netinet ip_icmp.c tcp_subr.c tcp_var.h In-Reply-To: <20001217220852.A20296@skriver.dk> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: robert@fledge.watson.org Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sun, 17 Dec 2000, Jesper Skriver wrote: > - ip source and destination addresses > - tcp source and destination ports > - tcp sequence number > > Can we make it zap the sessions regardless of the current state ? > > And perhaps enable it by default ? I admit that I had assumed, from the commit message, that that was the way it would be done, because anything else would be silly :-). If all of these conditions hold (and ICMP messages are correctly ignored if they are truncated too early to include the info (rather than wild-carding), and IP + TCP options are correctly handled without alignment problems), then I see no reason not to turn this on by default. Robert N M Watson FreeBSD Core Team, TrustedBSD Project robert@fledge.watson.org NAI Labs, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message