From owner-freebsd-hackers  Wed Dec 19 13:36: 6 2001
Delivered-To: freebsd-hackers@freebsd.org
Received: from comp.chem.msu.su (comp-xl.chem.msu.su [158.250.32.157])
	by hub.freebsd.org (Postfix) with ESMTP
	id 228AC37B419; Wed, 19 Dec 2001 13:35:59 -0800 (PST)
Received: (from yar@localhost)
	by comp.chem.msu.su (8.11.1/8.11.1) id fBJLZuB62560;
	Thu, 20 Dec 2001 00:35:56 +0300 (MSK)
	(envelope-from yar)
Date: Thu, 20 Dec 2001 00:35:55 +0300
From: Yar Tikhiy <yar@FreeBSD.ORG>
To: Maxim Konovalov <maxim@macomnet.ru>
Cc: net@FreeBSD.ORG, hackers@FreeBSD.ORG
Subject: IP options (was: Processing IP options reveals IPSTEALH router)
Message-ID: <20011220003555.A52848@comp.chem.msu.su>
References: <20011219194903.D21732@comp.chem.msu.su> <20011219195659.G25693-100000@news1.macomnet.ru>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <20011219195659.G25693-100000@news1.macomnet.ru>; from maxim@macomnet.ru on Wed, Dec 19, 2001 at 08:54:50PM +0300
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-hackers.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-hackers>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-hackers>
X-Loop: FreeBSD.ORG

On Wed, Dec 19, 2001 at 08:54:50PM +0300, Maxim Konovalov wrote:
> 
> By the way, is it correct to forward the packet with incorrect ip
> options? Now we do not.

No RFC seems to specify that particularly.  However, RFC 1812 reads
in general:

   (1) A router MUST verify the IP header, as described in section
       [5.2.2], before performing any actions based on the contents of
       the header.  This allows the router to detect and discard bad
       packets before the expenditure of other resources.

Meanwhile more IP option issues came to my attention...

Neither RFC 791 nor RFC 1122 nor RFC 1812 specify the following:
if a source-routed IP packet reachs the end of its route, but its
destination address doesn't match a current host/router, whether
the packet should be discarded, sent forth through usual routing
or accepted as destined for this host?  FreeBSD will route such a
packet as usual.

Then, a FreeBSD host (net.inet.ip.forwarding=0) will respond with
Source Route Failed ICMPs to source-routed IP packets if source
route processing is prohibited using net.inet.ip.sourceroute or
net.inet.ip.accept_sourceroute.  To my mind, it may be deduced
from RFC 1122 that a host must stay silent in this case...

-- 
Yar

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message