From owner-freebsd-current@FreeBSD.ORG  Thu May  6 17:18:50 2004
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 84F5716A4CE
	for <freebsd-current@freebsd.org>;
	Thu,  6 May 2004 17:18:50 -0700 (PDT)
Received: from mailtoaster1.pipeline.ch (mailtoaster1.pipeline.ch
	[62.48.0.70])	by mx1.FreeBSD.org (Postfix) with ESMTP id A609B43D54
	for <freebsd-current@freebsd.org>;
	Thu,  6 May 2004 17:18:49 -0700 (PDT)
	(envelope-from andre@freebsd.org)
Received: (qmail 92198 invoked from network); 7 May 2004 00:18:47 -0000
Received: from unknown (HELO freebsd.org) ([62.48.0.54])
          (envelope-sender <andre@freebsd.org>)
          by mailtoaster1.pipeline.ch (qmail-ldap-1.03) with SMTP
          for <julian@elischer.org>; 7 May 2004 00:18:47 -0000
Message-ID: <409AD5E6.34E3D191@freebsd.org>
Date: Fri, 07 May 2004 02:18:46 +0200
From: Andre Oppermann <andre@freebsd.org>
X-Mailer: Mozilla 4.8 [en] (Windows NT 5.0; U)
X-Accept-Language: en
MIME-Version: 1.0
To: Julian Elischer <julian@elischer.org>
References: <Pine.BSF.4.21.0405061702000.82978-100000@InterJet.elischer.org>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
cc: Sam Leffler <sam@errno.com>
cc: freebsd-current@freebsd.org
cc: freebsd-net@freebsd.org
Subject: Re: Default behaviour of IP Options processing
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 07 May 2004 00:18:50 -0000

Julian Elischer wrote:
> 
> On Thu, 6 May 2004, Sam Leffler wrote:
> 
> >
> > For fine-grained selection packet filtering is the better solution.  This is a
> > simple, much lighterweight, mechanism that doesn't require touching every
> > packet.
> 
> I would only do the tests if the packet HAD an ip option..
> 
> either way I'm not going to scream about it..
> just my thoughts on the matter..

On a side note:  Setting this sysctl to ignore does not prevent the host
from generating or receiving packets with IP options on sockets.  Only
from adding to them when they come by.  Rejecting such packets does not
prevent you from sending them but certainly does from receiving them.

-- 
Andre