Mike Silbersack wrote:
On Wed, 23 Jan 2008, Andre Oppermann wrote:
OTOH the enforcement of this rule wasn't really there before and it
may be argued that we've got a POLA violation here. A careful reading
That's exactly the point. We were not enforcing timestamps since...
whenever the RFC1323 code went in. Then we start enforcing them, and
start getting bug reports while we're still in the beta phase. That
indicates to me that we would've been likely to see many reports as time
went on.
I'm complaining about not fixing or modifying the test. The rationale
and comments to the change are not correct and a different fix would
be more appropriate.
If you want to put the check back in, but hide it behind a sysctl that
is disabled by default, that would be ok with me.
The check is fine. However in the edge case it should not cause the
connection to be aborted but it should disable timestamps locally.
There is no point in sending them if they do not get returned.
I'm not generally opposed to security improvements that only affect edge
cases... but being unable to connect is not an edge case!
Fully agreed. I'll reopen the PR and follow up with the originator
to do some further analysis. All operating system he cites that were
unable to connect correctly send timestamps and do not stop after
the SYN phase. So there must be something else at play here. Have
you received or heart of any *other* reports that may be related to
the timestamp check?
--
Andre
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
