Default behaviour of IP Options processing
Jacques A. Vidrine
nectar at FreeBSD.org
Thu May 6 12:22:10 PDT 2004
On Thu, May 06, 2004 at 09:16:03PM +0200, Andre Oppermann wrote:
> I have just committed the attached change to ip_input() to control the
> behaviour of IP Options processing. The default is the unchanged
> current behaviour.
>
> However I want to propose to change the default from processing options
> to ignoring options (or even stronger to reject them).
>
> The rationale is as follows. IP Options do not have any legitimate use
> in todays Internet at all. For a long time now we have disabled source
> routing. The remaining IP Options are RR (record route) and TS (time
> stamp) which are both useless. For finding out which path a packet takes
> we use traceroute instead of RR. Besides that RR is limited to the space
> in the IP Options field and can possibly record only a few hops (9 IIRC).
> Time stamp is useless for the same reason and since it doesn't have a
> fixed and synchronized timebase it is even more so useless.
>
> Opinions? Discussion? Yes/Nay?
Maybe you've already seen my reply to your commit, but:
I would very much like to see the default be 1-ignore or 2-reject,
preferably the latter.
I believe your analysis is correct. I haven't been able to use record
route for anything useful since around 1996--- this partially because
networks became larger and partly because many systems started dropping
packets with options :-)
Timestamp is also somewhat esoteric. But the point is that enabling
these options should require a concious decision by users. Those who
want them can turn them on ... most users probably don't know these
options even exist, and for them I think it is better to have them
default off.
Cheers,
--
Jacques Vidrine / nectar at celabo.org / jvidrine at verio.net / nectar at freebsd.org
More information about the freebsd-net
mailing list