Given the amount of code that IPSTEALTH adds (only a few lines), eliminating it as a compile time option and making it a knob is a win. Also, I know that there is an issue for system using cards from ETinc: enabling IPSTEALTH causes them to panic. ETinc has taken the stand that this feature is not supported as it is not in the base release. I'd like to see that objection go away.
/\/\ \/\/ On Wed, Dec 19, 2001 at 05:33:13PM +0200, Ruslan Ermilov wrote: > On Wed, Dec 19, 2001 at 06:19:29PM +0300, Yar Tikhiy wrote: > > > > I ran into an absolutely clear, but year-old PR pointing out that > > a router in the IPSTEALTH mode will reveal itself when processing > > IP options: kern/23123. > > > > The fix proposed seems clean and right to me: don't do IP options > > at all when in the IPSTEALTH mode. Does anyone have objections? > > If no, I'll commit the fix. > > > What if the packet is directed to us? I think we should still > process options in this case, and the patch in the PR doesn't > seem to do it. > > <PS> > I was going to replace IPSTEALTH functionality with the > net.inet.ip.decttl knob. Setting it to 0 would match the > IPSTEALTH behavior, the default value will be 1. > </PS> To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
