On Wed, Dec 19, 2001 at 06:19:29PM +0300, Yar Tikhiy wrote: > Hi there, > > I ran into an absolutely clear, but year-old PR pointing out that > a router in the IPSTEALTH mode will reveal itself when processing > IP options: kern/23123. > > The fix proposed seems clean and right to me: don't do IP options > at all when in the IPSTEALTH mode. Does anyone have objections? > If no, I'll commit the fix. > What if the packet is directed to us? I think we should still process options in this case, and the patch in the PR doesn't seem to do it.
<PS> I was going to replace IPSTEALTH functionality with the net.inet.ip.decttl knob. Setting it to 0 would match the IPSTEALTH behavior, the default value will be 1. </PS> Cheers, -- Ruslan Ermilov Oracle Developer/DBA, [EMAIL PROTECTED] Sunbay Software AG, [EMAIL PROTECTED] FreeBSD committer, +380.652.512.251 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
