Date: Tue, 25 Dec 2001 10:26:46 +0700 From: Igor M Podlesny <poige@morning.ru> To: Yar Tikhiy <yar@FreeBSD.ORG> Cc: Maxim Konovalov <maxim@macomnet.ru>, net@FreeBSD.ORG, hackers@FreeBSD.ORG Subject: Re[2]: Processing IP options reveals IPSTEALH router Message-ID: <121521816522.20011225102646@morning.ru> In-Reply-To: <20011224225343.A5819@comp.chem.msu.su> References: <20011221185118.B25868@comp.chem.msu.su> <20011223022614.U18529-100000@news1.macomnet.ru> <20011224225343.A5819@comp.chem.msu.su>
next in thread | previous in thread | raw e-mail | index | archive | help
> On Sun, Dec 23, 2001 at 02:29:14AM +0300, Maxim Konovalov wrote: >> >> On 18:51+0300, Dec 21, 2001, Yar Tikhiy wrote: >> >> > I made a patch that adds the "stealthy IP options feature". >> > Honestly, now I'm afraid it's "much ado about nothing", given how >> > clumsy solution is needed for such a small problem. Even the way >> > of ignoring IP options completely when doing IPSTEALTH looks way >> > better... >> >> IMHO it is not a good idea to forward a packet with possible incorrect >> ip options. > Forwarding a packet without decreasing its TTL may be even worse idea :-) yeah. Two routers with IPSTEALTH and wrong routing (when A-box sends a datagram to B-box and the B-box uses the default route to A-box for it) will effectively eat up the channel between them... And this is quite easy to set up... > We're breaking the standard with IPSTEALTH anyway, so to my mind the > best idea is to avoid spoiling the system code too much. >> The patch looks OK for me. > All right, if anyone else feels committing that patch of mine is > OK and tells that to me, I'll commit it. -- Igor M Podlesny a.k.a. Poige http://www.morning.ru/~poige To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?121521816522.20011225102646>