Date: Fri, 7 May 2004 02:49:58 +0400 (MSD) From: Maxim Konovalov <maxim@macomnet.ru> To: "David W. Chapman Jr." <dwcjr@inethouston.net> Cc: Andre Oppermann <andre@freebsd.org> Subject: Re: Default behaviour of IP Options processing Message-ID: <20040507023844.B96754@mp3files.int.ru> In-Reply-To: <20040506223545.GA61873@minubian.inethouston.net> References: <200405061846.i46Ik3Jc060969@repoman.freebsd.org> <409A8EF3.5825EF0C@freebsd.org> <20040507020422.D94207@mp3files.int.ru> <20040506223545.GA61873@minubian.inethouston.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 6 May 2004, 17:35-0500, David W. Chapman Jr. wrote: > > We are using RR option all the time to track down routing asymmetry > > and traceroute is not an option, ping -R is very useful in that cases. > > We all know that ipfw (and I am sure all other *pf*) is able to > > process ip opts quite well and personally see no point in this > > sysctls. I fail to see a documentation update (inet.4 ?) as well. > > > > It is not clear for me why you ever ask for opinions after commit not > > before. Strick "nay" if you care :-) > > He hasn't changed the default yet. But I think for the select few > who actually use such tcp options, they can enable it. Most of the You mean ip options not tcp, right? I do not understant why we invent a new mechanism if we already have one. Put an example in /etc/rc.firewall. > users however will not need this. I think the point that is trying > to be made is that they want the default installation to be more > secure and those who need these features can simply turn them on. You mean "more obscure", right? Where net.inet.ip.process_options documented? How does it operate with f.e. IPSTEALTH? -- Maxim Konovalov
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040507023844.B96754>