From owner-freebsd-net  Mon Aug 27  6: 9:27 2001
Delivered-To: freebsd-net@freebsd.org
Received: from freesbee.wheel.dk (freesbee.wheel.dk [193.162.159.97])
	by hub.freebsd.org (Postfix) with ESMTP id 7B21F37B403
	for <freebsd-net@FreeBSD.ORG>; Mon, 27 Aug 2001 06:09:24 -0700 (PDT)
	(envelope-from jesper@skriver.dk)
Received: by freesbee.wheel.dk (Postfix, from userid 1001)
	id 9D14A5D9F; Mon, 27 Aug 2001 15:09:23 +0200 (CEST)
Date: Mon, 27 Aug 2001 15:09:23 +0200
From: Jesper Skriver <jesper@FreeBSD.org>
To: Scott Renfro <scott@renfro.org>
Cc: Barney Wolff <barney@databus.com>, freebsd-net@FreeBSD.ORG,
	Jonathan Lemon <jlemon@flugsvamp.com>,
	Bill Fenner <fenner@research.att.com>,
	Cory Scott <cory@crazypenguin.com>, Mike Silbersack <silby@silby.com>
Subject: Re: Proposed change to icmp_may_rst induced ENETRESET
Message-ID: <20010827150923.L55723@skriver.dk>
References: <20010822020504.C24160@bonsai.home.renfro.org> <20010823165326.A24963@tp.databus.com> <20010823182331.A38019@bonsai.home.renfro.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <20010823182331.A38019@bonsai.home.renfro.org>; from scott@renfro.org on Thu, Aug 23, 2001 at 06:23:31PM -0700
X-PGP-Fingerprint: 6B88 9CE8 66E9 E631 C9C5  5EB4 22AB F0EC F956 1C31
X-PGP-Public-Key: http://freesbee.wheel.dk/~jesper/gpgkey.pub
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-net.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-net>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-net>
X-Loop: FreeBSD.org

On Thu, Aug 23, 2001 at 06:23:31PM -0700, Scott Renfro wrote:
> On Thu, Aug 23, 2001 at 04:53:26PM -0400, Barney Wolff wrote:
> >
> > As another heavy nmap user, I'd vote just the other way.  It's useful
> > to differentiate between a reset coming back from the destination host
> > and an unreachable from a firewall/router-acl.  Ordinary apps probably
> > don't care all that much about why a connection could not be
> > established, and just report the error to the user.
> 
> I suspect that most (good) applications use strerror(3) to map errors
> into messages for the user.  Today, users get "Network dropped
> connection on reset"; with the patch they'd get "Connection refused".
> I think the latter is preferred under POLA, especially when the former
> is not a documented response to connect(2).
> 
> You have a valid point that icmp_may_rst changes nmap's behavior, even
> with the proposed patch.  If you want nmap's historic behavior (admin
> prohib ==> filtered), then turning off icmp_may_rst works.  With
> icmp_may_rst turned on and the patch commited, you get the other
> behavior (admin prohib ==> closed).  Without the patch, nmap spews
> errors and would need a FreeBSD-specific change.

I pretty much doesn't care, Jonathan, Bill, Mike what do you think ?

/Jesper

-- 
Jesper Skriver, jesper(at)skriver(dot)dk  -  CCIE #5456
Work:    Network manager   @ AS3292 (Tele Danmark DataNetworks)
Private: FreeBSD committer @ AS2109 (A much smaller network ;-)

One Unix to rule them all, One Resolver to find them,
One IP to bring them all and in the zone to bind them.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message