From owner-freebsd-security Mon Dec 18 8: 6:32 2000 From owner-freebsd-security@FreeBSD.ORG Mon Dec 18 08:06:30 2000 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193]) by hub.freebsd.org (Postfix) with ESMTP id F045637B400 for ; Mon, 18 Dec 2000 08:06:28 -0800 (PST) Received: (from wollman@localhost) by khavrinen.lcs.mit.edu (8.9.3/8.9.3) id LAA20972; Mon, 18 Dec 2000 11:06:19 -0500 (EST) (envelope-from wollman) Date: Mon, 18 Dec 2000 11:06:19 -0500 (EST) From: Garrett Wollman Message-Id: <200012181606.LAA20972@khavrinen.lcs.mit.edu> To: Jesper Skriver Cc: security@freebsd.org Subject: Re: cvs commit: src/sys/netinet ip_icmp.c tcp_subr.c tcp_var.h In-Reply-To: <20001217155826.A16170@skriver.dk> References: <20001217012007.A18038@citusc.usc.edu> <17340.977045052@critter> <20001217015414.A18302@citusc.usc.edu> <20001217155826.A16170@skriver.dk> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org < said: > It solves problems when trying to connects to hosts behind packet > filters and/or firewalls, and I can add that Linux has this "feature" > enabled by default, atleast since kernel v2.0 which was the oldest box I > could find. I would suggest that these ICMP errors should be treated in the same way as net/host unreachable -- that is, recorded for the purposes of useful error reporting, but not acted upon immediately. 112[23] has its share of bugs. -GAWollman To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message