> > > - setting ip/tcp/udp/icmp TTL through ndd: > > > Do we really want to change the default ttl for all > > > ip/tcp/udp/icmp packets? Esp when there are socket options > > > like IP_TTL, IPV6_UNICAST_HOPS, IP_MULTICAST_TTL for this? > > > (See also 5046705) > > > > > > We have ip_def_ttl, ip6_def_hops, tcp_ipv4_ttl, > > > tcp_ipv6_hoplimit, icmp_ipv4_ttl, icmp_ipv6_hoplimit, > > > udp_ipv4_ttl, udp_ipv6_hoplimit, ip_broadcast_ttl. > > > Aren't IP_TTL, IPV6_UNICAST_HOPS, IP_MULTICAST_TTL > > > sufficient? > > > > There are a number of times I can recall where the field has used the TTL > > ndd parameters to workaround broken applications. > > But setting it via ndd because of 1 broken app clobbers it > for *all* apps!
Sure, it's a workaround (it actually only clobbers it for apps that haven't explicitly requested a TTL). > Isn't it possible (and better) to set up ipfilter for these broken apps > to curb their ttl, instead of using the ndd sledge-hammer? Possible. I'm not sure if IP Filter in such a scenario would impact performance or not, and whether it matters. -- meem
