From owner-freebsd-net Wed Dec 19 7:19:38 2001 Delivered-To: freebsd-net@freebsd.org Received: from comp.chem.msu.su (comp-xl.chem.msu.su [158.250.32.157]) by hub.freebsd.org (Postfix) with ESMTP id BC36737B416; Wed, 19 Dec 2001 07:19:31 -0800 (PST) Received: (from yar@localhost) by comp.chem.msu.su (8.11.1/8.11.1) id fBJFJTv21729; Wed, 19 Dec 2001 18:19:29 +0300 (MSK) (envelope-from yar) Date: Wed, 19 Dec 2001 18:19:29 +0300 From: Yar Tikhiy To: net@freebsd.org, hackers@freebsd.org Subject: Processing IP options reveals IPSTEALH router Message-ID: <20011219181929.A20425@comp.chem.msu.su> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi there, I ran into an absolutely clear, but year-old PR pointing out that a router in the IPSTEALTH mode will reveal itself when processing IP options: kern/23123. The fix proposed seems clean and right to me: don't do IP options at all when in the IPSTEALTH mode. Does anyone have objections? If no, I'll commit the fix. -- Yar To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message