From mboxrd@z Thu Jan  1 00:00:00 1970
From: Cody Tubbs <tubbs@wispdirect.com>
Subject: Re: ipv4options still broken (posted prev w/ no reply)...
Date: Wed, 31 May 2006 12:02:10 -0700
Message-ID: <1149102130.6167.20.camel@mbox>
References: <1149033568.27117@www.broadwayinternet.com>
	<447CD93F.9070103@trash.net> <20060531045445.GA8333@oknodo.bof.de>
	<447DA068.1090507@trash.net> <1149097509.6167.9.camel@mbox>
	<447DE2F3.8090104@trash.net>
Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
Cc: netfilter-devel@lists.netfilter.org
Return-path: <netfilter-devel-bounces@lists.netfilter.org>
To: Patrick McHardy <kaber@trash.net>
In-Reply-To: <447DE2F3.8090104@trash.net>
List-Unsubscribe: <https://lists.netfilter.org/mailman/listinfo/netfilter-devel>,
	<mailto:netfilter-devel-request@lists.netfilter.org?subject=unsubscribe>
List-Archive: </pipermail/netfilter-devel>
List-Post: <mailto:netfilter-devel@lists.netfilter.org>
List-Help: <mailto:netfilter-devel-request@lists.netfilter.org?subject=help>
List-Subscribe: <https://lists.netfilter.org/mailman/listinfo/netfilter-devel>,
	<mailto:netfilter-devel-request@lists.netfilter.org?subject=subscribe>
Sender: netfilter-devel-bounces@lists.netfilter.org
Errors-To: netfilter-devel-bounces@lists.netfilter.org
List-Id: netfilter-devel.vger.kernel.org

Or maybe possibly restrain from presuming every system or device on the
market today handles these options accordingly, and acting as if I'm
ignorant for even bringing it up.  You vent via arrogant remarks, same
bowl, different soup.  But indeed, you do have the ability to ignore,
the same ability you used before when responding to this thread
regarding the true topic at hand.  Nothing you quoted me on was in my
initial emails, the first one yesterday, or the one two weeks ago'ish.
Only post your arrogance.

Also, like Patrick stated, we appreciate the work, but being treated
ignorantly when stating bugs to a dev list is uncalled for. Period.

Bottom line is, it would be nice to -j LOG these options passing through
or attempting to be passed through a bridged firewall.  It details
malicious activity, thus deterring that fact into a presumption that "I
most likely have more serious problems" was blatantly absurd.

-Cody Tubbs 


On Wed, 2006-05-31 at 20:39 +0200, Patrick McHardy wrote:
> Cody Tubbs wrote:
> > What about in a bridged firewall situation, you're saying Linux will
> > strip these ip options out while forwarding? automatically?  Is this
> > something that can be turned on or off?
> > 
> > but oh wait, I forgot...
> > Why does tcpdump show these ip options still attached even when not
> > forwarding? :) (latest kernel) heh++
> 
> I never said anything about stripping, but you're right that bridging
> will happily forward them.
> 
> > On the contrary, you simply asked me who still supports these ip options
> > and I gave you a minimal list, thus if giving you an answer is annoying,
> > this thread must be an act of pissing in the wind. 
> 
> Its very simple, just keep things like "101 something", "root of
> stupidity" and "heh++" to yourself and you'll make a much better
> impression. Until then I choose to ignore you.
>