From owner-freebsd-net@FreeBSD.ORG  Thu Dec 14 19:32:32 2006
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
X-Original-To: freebsd-net@freebsd.org
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id DFF8416A506
	for <freebsd-net@freebsd.org>; Thu, 14 Dec 2006 19:32:32 +0000 (UTC)
	(envelope-from julian@elischer.org)
Received: from outL.internet-mail-service.net (outL.internet-mail-service.net
	[216.240.47.235])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 6DF0243DBF
	for <freebsd-net@freebsd.org>; Thu, 14 Dec 2006 19:29:10 +0000 (GMT)
	(envelope-from julian@elischer.org)
Received: from shell.idiom.com (HELO idiom.com) (216.240.47.20)
	by out.internet-mail-service.net (qpsmtpd/0.32) with ESMTP;
	Thu, 14 Dec 2006 11:15:28 -0800
Received: from [10.251.18.229] (nat.ironport.com [63.251.108.100])
	by idiom.com (8.12.11/8.12.11) with ESMTP id kBEJTuIn068779;
	Thu, 14 Dec 2006 11:29:57 -0800 (PST)
	(envelope-from julian@elischer.org)
Message-ID: <4581A628.1070909@elischer.org>
Date: Thu, 14 Dec 2006 11:29:44 -0800
From: Julian Elischer <julian@elischer.org>
User-Agent: Thunderbird 1.5.0.8 (Macintosh/20061025)
MIME-Version: 1.0
To: Andre Oppermann <andre@freebsd.org>
References: <458094E7.1060806@elischer.org> <45812E01.9060200@freebsd.org>
In-Reply-To: <45812E01.9060200@freebsd.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: FreeBSD Net <freebsd-net@freebsd.org>
Subject: Re: question for TCP gurus (in ipfw)
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Dec 2006 19:32:33 -0000

Andre Oppermann wrote:

>> or
>> 2/ instead of ACKing all the data in the packet we are resetting,
>> how about just ACKing the sequence number it starts with
>> and saving ourselves from doing the work of ACKing all the  data
>> up to the current packet end. (which is the packet we are rejecting 
>> anyhow) (It takes some calculation to work out the new ack value
>> which seems pointless as we are rejecting it..)
> 
> Section 3 of this document describes the situation and requirements
> quite accurately:
> 
>  http://www.ietf.org/internet-drafts/draft-ietf-tcpm-tcpsecure-06.txt

So it sounds like, if the sequence number is in the window but
not exact, the receiver sends an ACK which should force the
sender to generate another RST that exactly matches.
(is that correct?)