From owner-cvs-src@FreeBSD.ORG  Thu May  6 12:17:37 2004
Return-Path: <owner-cvs-src@FreeBSD.ORG>
Delivered-To: cvs-src@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id CB23D16A4CE
	for <cvs-src@FreeBSD.org>; Thu,  6 May 2004 12:17:37 -0700 (PDT)
Received: from mailtoaster1.pipeline.ch (mailtoaster1.pipeline.ch
	[62.48.0.70])	by mx1.FreeBSD.org (Postfix) with ESMTP id 6E57C43D4C
	for <cvs-src@FreeBSD.org>; Thu,  6 May 2004 12:17:36 -0700 (PDT)
	(envelope-from andre@freebsd.org)
Received: (qmail 75518 invoked from network); 6 May 2004 19:17:35 -0000
Received: from unknown (HELO freebsd.org) ([62.48.0.53])
          (envelope-sender <andre@freebsd.org>)
          by mailtoaster1.pipeline.ch (qmail-ldap-1.03) with SMTP
          for <nectar@FreeBSD.org>; 6 May 2004 19:17:35 -0000
Message-ID: <409A8F4E.3B35DA9F@freebsd.org>
Date: Thu, 06 May 2004 21:17:34 +0200
From: Andre Oppermann <andre@freebsd.org>
X-Mailer: Mozilla 4.8 [en] (Windows NT 5.0; U)
X-Accept-Language: en
MIME-Version: 1.0
To: "Jacques A. Vidrine" <nectar@FreeBSD.org>
References: <200405061846.i46Ik3Jc060969@repoman.freebsd.org>
	<20040506185854.GB1777@madman.celabo.org>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
cc: cvs-src@FreeBSD.org
cc: src-committers@FreeBSD.org
cc: cvs-all@FreeBSD.org
Subject: Re: cvs commit: src/sys/netinet ip_fastfwd.c ip_input.c ip_var.h
X-BeenThere: cvs-src@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: CVS commit messages for the src tree <cvs-src.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src>,
	<mailto:cvs-src-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-src>
List-Post: <mailto:cvs-src@freebsd.org>
List-Help: <mailto:cvs-src-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src>,
	<mailto:cvs-src-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 06 May 2004 19:17:38 -0000

"Jacques A. Vidrine" wrote:
> 
> On Thu, May 06, 2004 at 11:46:03AM -0700, Andre Oppermann wrote:
> > andre       2004/05/06 11:46:03 PDT
> >
> >   FreeBSD src repository
> >
> >   Modified files:
> >     sys/netinet          ip_fastfwd.c ip_input.c ip_var.h
> >   Log:
> >   Provide the sysctl net.inet.ip.process_options to control the processing
> >   of IP options.
> >
> >    net.inet.ip.process_options=0  Ignore IP options and pass packets unmodified.
> >    net.inet.ip.process_options=1  Process all IP options (default).
> >    net.inet.ip.process_options=2  Reject all packets with IP options with ICMP
> >     filter prohibited message.
> >
> >   This sysctl affects packets destined for the local host as well as those
> >   only transiting through the host (routing).
> >
> >   IP options do not have any legitimate purpose anymore and are only used
> >   to circumvent firewalls or to exploit certain behaviours or bugs in TCP/IP
> >   stacks.
> >
> >   Reviewed by:    sam (mentor)
> 
> Yay!
> Shall we have the default be `2 Reject all packets with IP options...' ?
> I think so.

Please restate your opinion in the separate thread I just started on -current
and -net.  :-)

-- 
Andre