From owner-freebsd-net@FreeBSD.ORG Thu Feb 10 10:19:36 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A557A16A4CF for ; Thu, 10 Feb 2005 10:19:36 +0000 (GMT) Received: from relay.bestcom.ru (relay.bestcom.ru [217.72.144.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id A417943D4C for ; Thu, 10 Feb 2005 10:19:35 +0000 (GMT) (envelope-from glebius@freebsd.org) Received: from cell.sick.ru (root@cell.sick.ru [217.72.144.68]) by relay.bestcom.ru (8.13.1/8.12.9) with ESMTP id j1AAJX9j090287 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Thu, 10 Feb 2005 13:19:34 +0300 (MSK) (envelope-from glebius@freebsd.org) Received: from cell.sick.ru (glebius@localhost [127.0.0.1]) by cell.sick.ru (8.12.11/8.12.8) with ESMTP id j1AAJXpw021120 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 10 Feb 2005 13:19:33 +0300 (MSK) (envelope-from glebius@freebsd.org) Received: (from glebius@localhost) by cell.sick.ru (8.12.11/8.12.11/Submit) id j1AAJWnl021119; Thu, 10 Feb 2005 13:19:32 +0300 (MSK) (envelope-from glebius@freebsd.org) X-Authentication-Warning: cell.sick.ru: glebius set sender to glebius@freebsd.org using -f Date: Thu, 10 Feb 2005 13:19:32 +0300 From: Gleb Smirnoff To: Andre Oppermann Message-ID: <20050210101932.GB21066@cell.sick.ru> Mail-Followup-To: Gleb Smirnoff , Andre Oppermann , "David G. Andersen" , freebsd-net@freebsd.org References: <20050209170802.GA39472@lcs.mit.edu> <420A4957.15E0D656@networx.ch> <20050209185828.GD39472@lcs.mit.edu> <20050209203534.GA41287@lcs.mit.edu> <420A7712.45001B85@networx.ch> Mime-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: <420A7712.45001B85@networx.ch> User-Agent: Mutt/1.5.6i X-Virus-Scanned: ClamAV version devel-20050125, clamav-milter version 0.80ff on relay.bestcom.ru X-Virus-Status: Clean cc: freebsd-net@freebsd.org cc: "David G. Andersen" Subject: Re: Kern/73129 and 5.3-STABLE X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Feb 2005 10:19:36 -0000 On Wed, Feb 09, 2005 at 09:48:18PM +0100, Andre Oppermann wrote: A> The problem is with locally generated packets which go the wrong way. A> This gets nasty when the box has to generate some path MTU discovery A> ICMP message and such. What I implemented is the correct thing to do A> and prevents foot-shooting. On the other hand it prevents people from A> forwarding local ports and such. Both sides of the coin have merit A> and there is no easy deciding between them or obvious right or wrong A> choice. If it will fix said PR but break forwarding of local ports, then this is not acceptable. In this case we will have another PRs in short period. All functionality in ipfw fwd must remain present. -- Totus tuus, Glebius. GLEBIUS-RIPN GLEB-RIPE