Default behaviour of IP Options processing
Julian Elischer
julian at elischer.org
Thu May 6 15:42:47 PDT 2004
On Thu, 6 May 2004, David W. Chapman Jr. wrote:
> > We are using RR option all the time to track down routing asymmetry
> > and traceroute is not an option, ping -R is very useful in that cases.
> > We all know that ipfw (and I am sure all other *pf*) is able to
> > process ip opts quite well and personally see no point in this
> > sysctls. I fail to see a documentation update (inet.4 ?) as well.
> >
> > It is not clear for me why you ever ask for opinions after commit not
> > before. Strick "nay" if you care :-)
>
> He hasn't changed the default yet. But I think for the select few
> who actually use such tcp options, they can enable it. Most of the
> users however will not need this. I think the point that is trying
> to be made is that they want the default installation to be more
> secure and those who need these features can simply turn them on.
what security problem are you expecting?
>
> --
> David W. Chapman Jr.
> dwcjr at inethouston.net Raintree Network Services, Inc. <www.inethouston.net>
> _______________________________________________
> freebsd-net at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"
>
More information about the freebsd-current
mailing list