Date: Tue, 08 Jul 2003 04:17:04 -0700 From: Terry Lambert <tlambert2@mindspring.com> To: Socketd <db@traceroute.dk> Cc: hackers@freebsd.org Subject: Re: 5 "Advanced" networking questions Message-ID: <3F0AA830.9A82CB37@mindspring.com> References: <20030707012205.3103dfc8.db@traceroute.dk> <20030707153314.GA1695@webboy.soth.at> <20030707180252.44036c61.db@traceroute.dk> <20030708131339.16da151f.db@traceroute.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
Socketd wrote: > > I guess you want to do this so that you can break path MTU > > discovery and fail to properly exchange packets with the DF > > bit set in the headers, and which don't take into account > > intermediate links with smaller MTUs, like VPNs or PPPOE > > links? > > > > What exactly are you getting from disabling ICMP, besides a > > broken network connection to some systems you may wish to be > > able to exchange packets with? > > I don't want to disable ICMP, just don't want to respond when ttl=0, > meaning when my firewall/gateway is on a "traceroute path". You should specifically modify the ICMP code to not respond to echo datagrams, or when ttl == 0, then, and work it that way. In other words, it's time to hack your network stack to specifically add that "feature". -- Terry
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3F0AA830.9A82CB37>