From ada@not-enough.bandwidth.org  Sat Sep 27 20:04:56 1997
Received: from polya.blah.org (slmel8p49.ozemail.com.au [203.22.156.209])
          by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id UAA01517
          for <FreeBSD-gnats-submit@freebsd.org>; Sat, 27 Sep 1997 20:04:54 -0700 (PDT)
Received: (from ada@localhost)
          by polya.blah.org (8.8.6/8.8.5) id NAA02872;
          Sun, 28 Sep 1997 13:04:51 +1000 (EST)
Message-Id: <199709280304.NAA02872@polya.blah.org>
Date: Sun, 28 Sep 1997 13:04:51 +1000 (EST)
From: Ada T Lim <ada@not-enough.bandwidth.org>
Reply-To: ada@not-enough.bandwidth.org
To: FreeBSD-gnats-submit@freebsd.org
Subject: Treatment of unknown IP options breaks rfc2113
X-Send-Pr-Version: 3.2

>Number:         4642
>Category:       kern
>Synopsis:       Treatment of unknown IP options breaks rfc2113
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:
>Keywords:
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Sep 27 20:10:00 PDT 1997
>Closed-Date:    Sun Nov 2 19:45:06 PST 1997
>Last-Modified:  Sun Nov  2 19:51:55 PST 1997
>Originator:     Ada Lim
>Release:        FreeBSD 2.2-STABLE i386
>Organization:
>Environment:
>Description:
RFC 2113 (Router Alert Option) states:

2.2  Semantics

   Hosts shall ignore this option.  Routers that do not recognize this
   option shall ignore it.  Routers that recognize this option shall

ip_input.c:
[check options]
                        default:
                                goto bad;
.
.
.

bad:
        ip->ip_len -= IP_VHL_HL(ip->ip_vhl) << 2;   /* XXX icmp_error adds in hd
r length */
        icmp_error(m, type, code, 0, 0);
        ipstat.ips_badoptions++;
        return (1);

This also breaks the handling of any new, experimental IP options as they
occur.  

What would be preferable is to just allow default to fall-through and silently
ignore any unknown options.
>How-To-Repeat:
>Fix:

Remove the goto bad; :)

>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: fenner 
State-Changed-When: Sun Nov 2 19:45:06 PST 1997 
State-Changed-Why:  
The actual code from ip_dooptions which handles unknown options 
is: 

default: 
break; 

The only place where there's a "default: goto bad;" as described 
in the PR is a switch inside the IPOPT_TS case, and in that case 
returning an ICMP parameter problem is correct. 
>Unformatted:
