From owner-cvs-all Mon Dec 18 14:18:55 2000 From owner-cvs-all@FreeBSD.ORG Mon Dec 18 14:18:51 2000 Return-Path: Delivered-To: cvs-all@freebsd.org Received: from freesbee.wheel.dk (freesbee.wheel.dk [193.162.159.97]) by hub.freebsd.org (Postfix) with ESMTP id 6624737B400; Mon, 18 Dec 2000 14:18:51 -0800 (PST) Received: by freesbee.wheel.dk (Postfix, from userid 1001) id CF0D93E59; Mon, 18 Dec 2000 23:18:49 +0100 (CET) Date: Mon, 18 Dec 2000 23:18:49 +0100 From: Jesper Skriver To: Barney Wolff Cc: Mike Silbersack , Kris Kennaway , Poul-Henning Kamp , security-officer@FreeBSD.ORG, cvs-all@FreeBSD.ORG, freebsd-net@FreeBSD.ORG Subject: Re: what to do now ? Was: cvs commit: src/sys/netinet ip_icmp.c tcp_subr.c tcp_var.h Message-ID: <20001218231849.D37894@skriver.dk> References: <20001218182600.C1856@skriver.dk> <20001218202710.A16059@skriver.dk> <20001218171248.A67546@mx.databus.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20001218171248.A67546@mx.databus.com>; from barney@databus.com on Mon, Dec 18, 2000 at 05:12:48PM -0500 Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Mon, Dec 18, 2000 at 05:12:48PM -0500, Barney Wolff wrote: > I suggest that the ICMP unreachable affect connections only in > SYN-SENT and only if the seq number matches, and that it not > affect IPSEC'd connections at all. When you say IPsec doesn't use TCP at all, it will not be affected in any way by this code. /Jesper -- Jesper Skriver, jesper(at)skriver(dot)dk - CCIE #5456 Work: Network manager @ AS3292 (Tele Danmark DataNetworks) Private: Geek @ AS2109 (A much smaller network ;-) One Unix to rule them all, One Resolver to find them, One IP to bring them all and in the zone to bind them. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message