In message <10500.963852374@coconut.itojun.org>, itojun@iijlab.net writes:
>	i was not clear enough, there can be couple of interpretation for
>	"invalid option", and there can be couple of possible behaviors.
>	1. length field out-of-bound (like optlen < 2, or optlen > cnt)
>		- ignore all subsequent options (as option part looks broken)
>		  and accept the segment
>		- drop the segment, or
>		- reset the connection (rfc suggests this, it seems)

OK. So that's something to change (reset the connection).

>	2. length field unexpected for known option type
>		- skip over the option and look at the next one
>		- ignore all subsequent options, and accept the segment
>		- drop the segment, or
>		- reset the connection

Debatable. I would recommend the first (skip the option), as we do now.

>	3. option unexpected for this situation (like TCPOPT_WINDOW on non-SYN)
>		- skip over the option and look at the next one
>		- ignore all subsequent options, and accept the segment
>		- drop the segment, or
>		- reset the connection

I'd recommend the current practice of skipping the option.

>	4. unknown option type
>		- ignore the option and skip to the next one, as indicated
>		  in the above RFC

As we do now.


Do you think we should do differently?

--jhawk