Date: Thu, 24 Jan 2008 01:07:44 -0600 (CST) From: Mike Silbersack <silby@silby.com> To: Andre Oppermann <andre@freebsd.org> Cc: Mike Silbersack <silby@FreeBSD.org>, kmacy@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org, src-committers@FreeBSD.org, freebsd-net@freebsd.org Subject: Re: cvs commit: src/sys/netinet tcp_syncache.c Message-ID: <20080124005006.D93697@odysseus.silby.com> In-Reply-To: <4797B77E.2090605@freebsd.org> References: <200711200656.lAK6u4bc021279@repoman.freebsd.org> <4797B77E.2090605@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 23 Jan 2008, Andre Oppermann wrote: > OTOH the enforcement of this rule wasn't really there before and it > may be argued that we've got a POLA violation here. A careful reading That's exactly the point. We were not enforcing timestamps since... whenever the RFC1323 code went in. Then we start enforcing them, and start getting bug reports while we're still in the beta phase. That indicates to me that we would've been likely to see many reports as time went on. If you want to put the check back in, but hide it behind a sysctl that is disabled by default, that would be ok with me. I'm not generally opposed to security improvements that only affect edge cases... but being unable to connect is not an edge case! -Mike
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080124005006.D93697>