Date: Mon, 18 Dec 2000 23:18:49 +0100 From: Jesper Skriver <jesper@skriver.dk> To: Barney Wolff <barney@databus.com> Cc: Mike Silbersack <silby@silby.com>, Kris Kennaway <kris@FreeBSD.ORG>, Poul-Henning Kamp <phk@critter.freebsd.dk>, security-officer@FreeBSD.ORG, cvs-all@FreeBSD.ORG, freebsd-net@FreeBSD.ORG Subject: Re: what to do now ? Was: cvs commit: src/sys/netinet ip_icmp.c tcp_subr.c tcp_var.h Message-ID: <20001218231849.D37894@skriver.dk> In-Reply-To: <20001218171248.A67546@mx.databus.com>; from barney@databus.com on Mon, Dec 18, 2000 at 05:12:48PM -0500 References: <20001218182600.C1856@skriver.dk> <Pine.BSF.4.21.0012181310290.63148-100000@achilles.silby.com> <20001218202710.A16059@skriver.dk> <20001218171248.A67546@mx.databus.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Dec 18, 2000 at 05:12:48PM -0500, Barney Wolff wrote: > I suggest that the ICMP unreachable affect connections only in > SYN-SENT and only if the seq number matches, and that it not > affect IPSEC'd connections at all. When you say IPsec doesn't use TCP at all, it will not be affected in any way by this code. /Jesper -- Jesper Skriver, jesper(at)skriver(dot)dk - CCIE #5456 Work: Network manager @ AS3292 (Tele Danmark DataNetworks) Private: Geek @ AS2109 (A much smaller network ;-) One Unix to rule them all, One Resolver to find them, One IP to bring them all and in the zone to bind them. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001218231849.D37894>