From mboxrd@z Thu Jan 1 00:00:00 1970 From: Patrick McHardy Subject: Re: ipv4options still broken (posted prev w/ no reply)... Date: Tue, 30 May 2006 21:22:50 +0200 Message-ID: <447C9B8A.20304@trash.net> References: <1149011224.28886.14.camel@mbox> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-15 Content-Transfer-Encoding: 7bit Cc: netfilter-devel@lists.netfilter.org Return-path: To: Cody Tubbs In-Reply-To: <1149011224.28886.14.camel@mbox> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: netfilter-devel-bounces@lists.netfilter.org Errors-To: netfilter-devel-bounces@lists.netfilter.org List-Id: netfilter-devel.vger.kernel.org Cody Tubbs wrote: > While we're on the nth match topic and speaking of broken modules in > pom, I posted a couple of weeks ago about the lsrr and ssrr options > being broken in the ipv4options module. I had dialog with Fabrice, but > it seems he doesn't have time to maintain the module anymore, or at > least fix this issue. It's giving everyone who is using it a false > sense of security, being that it loads, but doesn't do anything when an > lsrr/ssrr ip option is set and passes through the module. Can this be > removed until it's fixed? lsrr and ssrr are critical ip options to > monitor attempting to enter your network, and people using this module > thinking/expecting it to work can possibly get compromised via its lack > of mojo. Thanks. I somehow doubt that this is really a threat, but feel free to send a patch to disable those two options until fixed.