From owner-freebsd-net  Mon Aug 27 15:10:26 2001
Delivered-To: freebsd-net@freebsd.org
Received: from freesbee.wheel.dk (freesbee.wheel.dk [193.162.159.97])
	by hub.freebsd.org (Postfix) with ESMTP id 9964C37B403
	for <freebsd-net@FreeBSD.ORG>; Mon, 27 Aug 2001 15:10:21 -0700 (PDT)
	(envelope-from jesper@skriver.dk)
Received: by freesbee.wheel.dk (Postfix, from userid 1001)
	id 3D8995D33; Tue, 28 Aug 2001 00:10:21 +0200 (CEST)
Date: Tue, 28 Aug 2001 00:10:21 +0200
From: Jesper Skriver <jesper@skriver.dk>
To: Mike Silbersack <silby@silby.com>
Cc: Scott Renfro <scott@renfro.org>,
	Barney Wolff <barney@databus.com>, freebsd-net@FreeBSD.ORG,
	Jonathan Lemon <jlemon@flugsvamp.com>,
	Bill Fenner <fenner@research.att.com>,
	Cory Scott <cory@crazypenguin.com>
Subject: Re: Proposed change to icmp_may_rst induced ENETRESET
Message-ID: <20010828001021.I65064@skriver.dk>
References: <20010827150923.L55723@skriver.dk> <Pine.BSF.4.30.0108271652040.96218-100000@niwun.pair.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <Pine.BSF.4.30.0108271652040.96218-100000@niwun.pair.com>; from silby@silby.com on Mon, Aug 27, 2001 at 04:54:31PM -0400
X-PGP-Fingerprint: 6B88 9CE8 66E9 E631 C9C5  5EB4 22AB F0EC F956 1C31
X-PGP-Public-Key: http://freesbee.wheel.dk/~jesper/gpgkey.pub
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-net.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-net>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-net>
X-Loop: FreeBSD.org

On Mon, Aug 27, 2001 at 04:54:31PM -0400, Mike Silbersack wrote:
> 
> On Mon, 27 Aug 2001, Jesper Skriver wrote:
> 
> > On Thu, Aug 23, 2001 at 06:23:31PM -0700, Scott Renfro wrote:
> > > You have a valid point that icmp_may_rst changes nmap's behavior, even
> > > with the proposed patch.  If you want nmap's historic behavior (admin
> > > prohib ==> filtered), then turning off icmp_may_rst works.  With
> > > icmp_may_rst turned on and the patch commited, you get the other
> > > behavior (admin prohib ==> closed).  Without the patch, nmap spews
> > > errors and would need a FreeBSD-specific change.
> >
> > I pretty much doesn't care, Jonathan, Bill, Mike what do you think ?
> >
> > /Jesper
> 
> Seems best to have icmp admin-prohibited return what a RST would, just to
> be compatible with the widest range of apps, IMHO.

Ack, committed to -current

/Jesper

-- 
Jesper Skriver, jesper(at)skriver(dot)dk  -  CCIE #5456
Work:    Network manager   @ AS3292 (Tele Danmark DataNetworks)
Private: FreeBSD committer @ AS2109 (A much smaller network ;-)

One Unix to rule them all, One Resolver to find them,
One IP to bring them all and in the zone to bind them.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message