From owner-freebsd-stable@FreeBSD.ORG  Fri Apr  1 08:25:41 2005
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 38EF116A4CE
	for <freebsd-stable@freebsd.org>;
	Fri,  1 Apr 2005 08:25:41 +0000 (GMT)
Received: from rproxy.gmail.com (rproxy.gmail.com [64.233.170.199])
	by mx1.FreeBSD.org (Postfix) with ESMTP id A502043D49
	for <freebsd-stable@freebsd.org>;
	Fri,  1 Apr 2005 08:25:40 +0000 (GMT)
	(envelope-from chrcoluk@gmail.com)
Received: by rproxy.gmail.com with SMTP id a41so596890rng
	for <freebsd-stable@freebsd.org>;
	Fri, 01 Apr 2005 00:25:40 -0800 (PST)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
	s=beta; d=gmail.com;
	h=received:message-id:date:from:reply-to:to:subject:mime-version:content-type:content-transfer-encoding;
	b=GOvKpno7kC7C+bcFMf0oyQSCuHdck8cYGr5w4zgip3wDCPKisBJ9aQIbPZ45HW/4hfU80zRSmY6mAE6Fx8VtUbaQEdaf/UmfD41O8/u3PlXfp+q76QUZmDJvOdfdyzwlm6i4gGeFocPF56kHhDqHNEoc44loiI3DC9vaDiuhLcE=
Received: by 10.38.12.35 with SMTP id 35mr2556272rnl;
        Fri, 01 Apr 2005 00:25:40 -0800 (PST)
Received: by 10.39.1.32 with HTTP; Fri, 1 Apr 2005 00:25:40 -0800 (PST)
Message-ID: <3aaaa3a050401002558c6dc60@mail.gmail.com>
Date: Fri, 1 Apr 2005 09:25:40 +0100
From: Chris <chrcoluk@gmail.com>
To: freebsd-stable@freebsd.org
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: ipoptions sysctl option
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
Reply-To: Chris <chrcoluk@gmail.com>
List-Id: Production branch of FreeBSD source code
	<freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Apr 2005 08:25:41 -0000

Hi I read the pdf detailing new changes in 5.3 networking and noticed
a new sysctl variable is added 'net.inet.ip.process_options'

Here is the description.

"IP Options do not have any practical use today. The only useful
application is RR
(Record Route) where it remembers the last 8 hops the packet traversed through.
That allows you to check parts of the path back to you. IP options
processing is rather
expensive because the packet header has to be modified and expanded. In addition
the only other use is to circumvent or trick firewalls thus it is
normally blocked there.
The options are these: (By: andre)
# sysctl net.inet.ip.process_options=0
Possible Modes:
net.inet.ip.process_options=0 Ignore IP options and pass pkts unmodfied
net.inet.ip.process_options=1 Process all IP options (default)
net.inet.ip.process_options=2 Reject all pkts with IP options with ICMP
IPv4 Processing"

As it says above mine is set to 1 the default, would setting it to 0
help with things like DDOS attacks because it is processing less and
what side affects if any could I expect from ignoring ip options?

thanks

Chris