Default behaviour of IP Options processing
Andre Oppermann
andre at freebsd.org
Thu May 6 17:18:50 PDT 2004
Julian Elischer wrote:
>
> On Thu, 6 May 2004, Sam Leffler wrote:
>
> >
> > For fine-grained selection packet filtering is the better solution. This is a
> > simple, much lighterweight, mechanism that doesn't require touching every
> > packet.
>
> I would only do the tests if the packet HAD an ip option..
>
> either way I'm not going to scream about it..
> just my thoughts on the matter..
On a side note: Setting this sysctl to ignore does not prevent the host
from generating or receiving packets with IP options on sockets. Only
from adding to them when they come by. Rejecting such packets does not
prevent you from sending them but certainly does from receiving them.
--
Andre
More information about the freebsd-net
mailing list