On Wednesday 06 March 2002 11:25, Guillaume Morin wrote: > Nope, TCP_RESERVED_BITS = __constant_htonl(0x0F000000), ECN bits > are not included. See RFC793 if you want a confirmation.
But still, what is the validity in enforcing that fields "reserved for future use" is zero in a firewall? Doing so will with no doubt create serious incompabilities the day these bits starts to be used for anything, just as the ECN change has. There is still a huge amount of sites that do not accept ECN flagged traffic even if the ECN extension is proposed standard track since long back. This due mainly to various kinds of firewalls beeing too picky about "reserved for future use" bits, which in the ECN case even was defined once in a time and then later became reserved. The compliance definition about the ECN bits mainly worries about the bits having a different original meaning, not that the bits has been reserved for future use (naturally). Having a "unclean" standard match that matches things like this (use of reserved fields) is very questionable, and may cause serious implications later on if people actually uses things like this in filtering. It does make great sense the day one writes the match or installs the filter (knowning what the match actually matches), but given some time such assumtions are likely to fail. Having a "unclean" match that matches well known combinations that cannot be used may be OK, or a experimental match people who know what they are dealing with may use. As for the discussion on help: People generally do not read help for stable features. But they do read the help on EXPERIMENTAL fetaures. Summary: For once I strongly agree with Harald. A match like "unclean" should not ever be anything but experimental. By definition it cannot be anything but experimental as it is dealing with assertions it cannot know to be valid. As such the implementation cannot ever leave the experimental status as it cannot be known for certain that the implementation is correct and stable. Regards Henrik Nordström MARA Systems AB
