Date: Thu, 6 May 2004 14:22:09 -0500 From: "Jacques A. Vidrine" <nectar@FreeBSD.org> To: Andre Oppermann <andre@freebsd.org> Cc: freebsd-current@freebsd.org Subject: Re: Default behaviour of IP Options processing Message-ID: <20040506192209.GC1939@madman.celabo.org> In-Reply-To: <409A8EF3.5825EF0C@freebsd.org> References: <200405061846.i46Ik3Jc060969@repoman.freebsd.org> <409A8EF3.5825EF0C@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, May 06, 2004 at 09:16:03PM +0200, Andre Oppermann wrote: > I have just committed the attached change to ip_input() to control the > behaviour of IP Options processing. The default is the unchanged > current behaviour. > > However I want to propose to change the default from processing options > to ignoring options (or even stronger to reject them). > > The rationale is as follows. IP Options do not have any legitimate use > in todays Internet at all. For a long time now we have disabled source > routing. The remaining IP Options are RR (record route) and TS (time > stamp) which are both useless. For finding out which path a packet takes > we use traceroute instead of RR. Besides that RR is limited to the space > in the IP Options field and can possibly record only a few hops (9 IIRC). > Time stamp is useless for the same reason and since it doesn't have a > fixed and synchronized timebase it is even more so useless. > > Opinions? Discussion? Yes/Nay? Maybe you've already seen my reply to your commit, but: I would very much like to see the default be 1-ignore or 2-reject, preferably the latter. I believe your analysis is correct. I haven't been able to use record route for anything useful since around 1996--- this partially because networks became larger and partly because many systems started dropping packets with options :-) Timestamp is also somewhat esoteric. But the point is that enabling these options should require a concious decision by users. Those who want them can turn them on ... most users probably don't know these options even exist, and for them I think it is better to have them default off. Cheers, -- Jacques Vidrine / nectar@celabo.org / jvidrine@verio.net / nectar@freebsd.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040506192209.GC1939>