[Bug 253476] ipfw keepalive: tcp_do_segment: Timestamp missing, segment silently dropped
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Sun Feb 14 13:34:39 UTC 2021
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=253476
--- Comment #5 from Michael Tuexen <tuexen at freebsd.org> ---
(In reply to Helge Oldach from comment #4)
This middlebox code lets an RFC compliant end-point look like an endpoint
violating the specification. So if the peer wants to talk to a broken
end-point, the peer can set the corresponding sysctl. So I don't see a value in
making the configuration more complex.
I also haven't thought about the consequence of a firewall pretending that an
end point is still alive, although it might not be.
Personally, I wouldn't expect a middlebox inserting packets in a communication,
which break the specification, but instead would like them to filter out
communications which break the specifications. But that is a personal opinion.
--
You are receiving this mail because:
You are the assignee for the bug.
You are on the CC list for the bug.
More information about the freebsd-ipfw
mailing list