-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Henrik Nordstrom wrote:

|> Some question:
|>
|> ~ 1. "TTL or HOPLIMIT: no, it's dangerous"
|> ~    Why? Don't use it, if it's dangerous - or does it crash the kernel?
|
| It (TTL) in it's current form violates fundamental aspects of IP, easily
| allowing the administrator to "accidently" create configurations which
| will crash the network.
|
| In case of the TTL match it should be sufficient to change
|
|         if (new_ttl != iph->ttl) {
| to
|         if (new_ttl < iph->ttl) {
|
| and remove the increase option to make it safe, but at the same time you
| loose a lot of the powers of this target so it may not be desireable to
| make this change..

But does a possible misconfiguration justify this?
Simply mark this match as "DANGEROUS" or make the 'Increase' optional.

You did not remove pointers from C, because you could do something wrong... :-)

Regards
~ Sven

- --
~ Sven Anders <anders@anduras.de>

~ ANDURAS service solutions AG
~ Innstraße 71 - 94036 Passau - Germany
~ Web: www.anduras.de - Tel: +49 (0)851-4 90 50-0 - Fax: +49 (0)851-4 90 50-55

Rechtsform: Aktiengesellschaft - Sitz: Passau - Amtsgericht Passau HRB 6032
Mitglieder des Vorstands: Sven Anders, Marcus Junker, Michael Schön
Vorsitzender des Aufsichtsrats: Dipl. Kfm. Karlheinz Antesberger
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFBkTx35lKZ7Feg4EcRAoRpAJ94zUx+/tTsbA37Nf7bcVrJAmrTiwCeIMvz
CeV532JzNgYKKFRK6U6CVu8=
=fU3Q
-----END PGP SIGNATURE-----