From owner-freebsd-current  Thu Feb 29 10:02:16 1996
Return-Path: owner-current
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.3/8.7.3) id KAA26185
          for current-outgoing; Thu, 29 Feb 1996 10:02:16 -0800 (PST)
Received: from precipice.shockwave.com (precipice.shockwave.com [171.69.108.33])
          by freefall.freebsd.org (8.7.3/8.7.3) with ESMTP id KAA26180
          for <current@freebsd.org>; Thu, 29 Feb 1996 10:02:14 -0800 (PST)
Received: from localhost.shockwave.com (localhost.shockwave.com [127.0.0.1]) by precipice.shockwave.com (8.7.4/8.7.3) with SMTP id KAA00600; Thu, 29 Feb 1996 10:01:21 -0800 (PST)
Message-Id: <199602291801.KAA00600@precipice.shockwave.com>
To: Warner Losh <imp@village.org>
cc: Andras Olah <olah@cs.utwente.nl>, current@freebsd.org
Subject: Re: Processing ICMP packets (was: -stable hangs at boot (fwd)) 
In-reply-to: Your message of "Thu, 29 Feb 1996 10:57:55 MST."
             <199602291757.KAA03050@rover.village.org> 
Date: Thu, 29 Feb 1996 10:01:21 -0800
From: Paul Traina <pst@shockwave.com>
Sender: owner-current@freebsd.org
Precedence: bulk

the old tcp code does not understand type 13 packets


  From: Warner Losh <imp@village.org>
  Subject: Re: Processing ICMP packets (was: -stable hangs at boot (fwd)) 
  : It does have special meaning.  Theoretically, you SHOULD be able to say
  : "if I get 9 (or 10) I cannot reach that net (or host), period."  However,
  : many firewalls generate 9 or 10 (which was obsoleted by 13 for just this
  : reason).  13 says "don't assume anything other than this connection attempt
  : was refused for administrative reasons."
  
  
  Just so long as you don't wind up triggering the old 4.2 TCP bug.
  Namely, when a port is unreachible, then *ALL* connections to that
  host are discarded.  It is safer to silently discard packets in a
  packet filter than to send back ICMP messages since it won't trigger
  these bugs and will be treateed as if it was lost and retransmitted or
  timed out.  If people feel strongly that they want it, then it should
  be an option that can be turned off since we have to deal with said
  4.2 TCP implementations from time to time and  an accidental
  connection could cause us great grief.  If someone has the old TCP
  code from then, and can assure me that this won't be a problem because
  it doesn't understand type 13 packets, then never mind.  
  
  Warner