Comments (5)
We definitely need to allow for ICMP from the peer itself.
I imagine the client should also gracefully handle receiving ICMP received from some other address, though? If the proxy receives an ICMP error from a host upstream on particular IP flow that the client did request, why not have it forward along the error? The client can decide what to do for processing at that point.
from draft-ietf-masque-connect-ip.
+1 to what Tommy, said: we should allow ICMP that doesn't come from the peer. The text currently states that. I propose to close with no action
from draft-ietf-masque-connect-ip.
What I saying it that I think receiving ICMP from the masque proxy is a MUST (because this is the only error handling we have) while receiving other ICMP is a should.
Also we do have a mechanism for the client to actually request ICMP scope. That means the client can tell the proxy if it wants to receive those ICMP or not. Why not using it?
from draft-ietf-masque-connect-ip.
I'm not sure what text changes you're proposing, @mirjak. By my read the current text is fine, although we disagree on MUST versus SHOULD. I think receiving ICMP from the masque proxy is a SHOULD, because it's still possible to successfully pass packets if you ignore ICMP. Also we already have a mechanism to request an ICMP scope with the ipproto restriction. In general on the internet we send ICMP no matter what, and if some firewall on-path wants to drop (silently or with notification), that's up to them.
from draft-ietf-masque-connect-ip.
+1 to what Alex said, dropping ICMP is common, so even if we were to use MUST
, it would be an RFC 6919 MUST (BUT WE KNOW YOU WON'T)
. SHOULD
is more realistic
from draft-ietf-masque-connect-ip.
Related Issues (20)
- Proxy capsule handling requirements HOT 4
- ICMP packet location clarification HOT 1
- Missing bits in example HOT 1
- Should there be an ADDRESS_RELEASE capsule? HOT 5
- Editorial: split handling out of HTTP Datagram Payload Format section HOT 2
- Editorial: add a Performance Considerations section HOT 2
- Editorial: in introduction mention why we update RFC 9298
- Text on disabling congestion control HOT 17
- Clarify assumption in ECN considerations
- Mandate usage of HTTPS HOT 2
- Disabling congestion control a SHOULD? HOT 3
- Clarify the conceptual model of router vs link (Tunnel) HOT 5
- Clarify that IPproto is a traffic filter parameter on the outermost IP header that is to be encapsulated by the tunnel HOT 1
- Go through usage of client and server vs IP proxying endpoint HOT 4
- Treating differentiated services equally? HOT 3
- Wording nit found during EDIT phase HOT 1
- AUTH48: Wrong use of HTTP Proxy HOT 5
- AUTH48: Use of Successful response HOT 3
- AUTH48: Use of "Fail the request" HOT 3
- AUTH48: clarify frames per packet HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from draft-ietf-masque-connect-ip.