>>>| 1.113:
>>>| be more cautious about tcp option length field.  drop bogus ones earlier.
>>>| not sure if there is a real threat or not, but it seems that there's
>>>| possibility for overrun/underrun (like non-NOP option with optlen > cnt).
>>>it seems to me that this whole section of tcp_dooptions() should increment
>>>a counter (e.g. "with bad options"). Agreement?
>>	do you mean adding a new option?
>I mean a new counter, viewable from netstat -s.

	i looked at it.  it looks to me we need to do it carefully, including:
	- tcp_dooptions does not raise error on invalid options or whatever
	  (return type is void).  should it raise error on fatal failure
	  and cause tcp code to drop the tcp segment completely?  or the
	  current behavior is right? (ignore tcp option part, while accepting
	  tcp segment)
	- tcp_dooptions try to skip over options with invalid length and
	  continue to the next option.  it looks a bit optimistic.

	we really really need to be careful doing the change, with checking
	tcp specs.  i don't think the change should go into 1.5.

itojun