On Sun, 17 Dec 2000, Jesper Skriver wrote:
> - ip source and destination addresses
> - tcp source and destination ports
> - tcp sequence number
>
> Can we make it zap the sessions regardless of the current state ?
>
> And perhaps enable it by default ?
I admit that I had assumed, from the commit message, that that was the way
it would be done, because anything else would be silly :-). If all of
these conditions hold (and ICMP messages are correctly ignored if they are
truncated too early to include the info (rather than wild-carding), and IP
+ TCP options are correctly handled without alignment problems), then I
see no reason not to turn this on by default.
Robert N M Watson FreeBSD Core Team, TrustedBSD Project
[EMAIL PROTECTED] NAI Labs, Safeport Network Services
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
