Date: Sun, 19 Aug 2007 04:42:51 -0500 (CDT) From: Mike Silbersack <silby@silby.com> To: Igor Sysoev <is@rambler-co.ru> Cc: freebsd-net@freebsd.org, robert <robert@fledge.watson.org> Subject: Re: syncookie in 6.x and 7.x Message-ID: <20070819043748.I921@odysseus.silby.com> In-Reply-To: <20070816142431.GO57126@rambler-co.ru> References: <20070816142431.GO57126@rambler-co.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 16 Aug 2007, Igor Sysoev wrote: > I have looked sources and found that in early versions the sent counter > was simply not incremented at all. The patch attached. The patch looks ready to commit to me. Do you want me to commit or, or do you have another committer lined up? > After the patch has been applied I have found that 6 always sends > syncookies too, however, 6 unlike 7 never receives them. Why ? Have you tried patching 6 so that the syncache is non-functional and forced it to rely on syncookies? Last I checked (which was a long time ago), syncookies worked on 6. Adding a sysctl like 7's net.inet.tcp.syncookies_only to 6 might not be a bad idea, as long as it's behind #ifdef DIAGNOSTIC or INVARIANTS. The question you may really be asking is: Why does 7 *think* that it is receiving syncookies all the time? :) I haven't tried to answer that question yet. Mike "Silby" Silbersack
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070819043748.I921>