Date: Wed, 20 Dec 2000 10:28:36 +0100 From: Jesper Skriver <jesper@skriver.dk> To: Don Lewis <Don.Lewis@tsc.tdk.com> Cc: Kris Kennaway <kris@FreeBSD.ORG>, Poul-Henning Kamp <phk@critter.freebsd.dk>, security-officer@FreeBSD.ORG, cvs-all@FreeBSD.ORG, freebsd-net@FreeBSD.ORG Subject: Re: what to do now ? Was: cvs commit: src/sys/netinet ip_icmp.c tcp_subr.c tcp_var.h Message-ID: <20001220102836.A71228@skriver.dk> In-Reply-To: <200012200124.RAA17477@salsa.gv.tsc.tdk.com>; from Don.Lewis@tsc.tdk.com on Tue, Dec 19, 2000 at 05:24:46PM -0800 References: <20001218182600.C1856@skriver.dk> <200012191425.GAA14731@salsa.gv.tsc.tdk.com> <20001219191929.D40568@skriver.dk> <200012200124.RAA17477@salsa.gv.tsc.tdk.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Dec 19, 2000 at 05:24:46PM -0800, Don Lewis wrote: > On Dec 19, 7:19pm, Jesper Skriver wrote: > } Subject: Re: what to do now ? Was: cvs commit: src/sys/netinet ip_icmp.c > } > } I'll submit a new later tonight, as I havn't heard anything, I'll make a > } sysctl control if it should have effect on all sessions, or only those > } in SYN-SENT state, defaulting to those in SYN-SENT state only. > > Do all ICMP unreachables kill off sessions in in the SYN-SENT state or > only the administratively prohibited flavor? Only the administratively prohibited ones. > If all of them do, then > only administratively prohibited ICMP unreachables should kill off > established connections so that established sessions aren't killed > off by routing flaps and other transient events. Agree, but then we need a new PRC_ADMINPROHIB or something like that, I'll look at that, but first I think we should get this committed, and we can do the other as a followup. /Jesper -- Jesper Skriver, jesper(at)skriver(dot)dk - CCIE #5456 Work: Network manager @ AS3292 (Tele Danmark DataNetworks) Private: Geek @ AS2109 (A much smaller network ;-) One Unix to rule them all, One Resolver to find them, One IP to bring them all and in the zone to bind them. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001220102836.A71228>