From owner-freebsd-net@FreeBSD.ORG  Sun Aug 19 10:09:35 2007
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 1212016A418
	for <freebsd-net@freebsd.org>; Sun, 19 Aug 2007 10:09:35 +0000 (UTC)
	(envelope-from silby@silby.com)
Received: from relay03.pair.com (relay03.pair.com [209.68.5.17])
	by mx1.freebsd.org (Postfix) with SMTP id A323D13C457
	for <freebsd-net@freebsd.org>; Sun, 19 Aug 2007 10:09:34 +0000 (UTC)
	(envelope-from silby@silby.com)
Received: (qmail 60727 invoked from network); 19 Aug 2007 09:42:52 -0000
Received: from 209.68.2.70 (HELO localhost) (209.68.2.70)
	by relay03.pair.com with SMTP; 19 Aug 2007 09:42:52 -0000
X-pair-Authenticated: 209.68.2.70
Date: Sun, 19 Aug 2007 04:42:51 -0500 (CDT)
From: Mike Silbersack <silby@silby.com>
To: Igor Sysoev <is@rambler-co.ru>
In-Reply-To: <20070816142431.GO57126@rambler-co.ru>
Message-ID: <20070819043748.I921@odysseus.silby.com>
References: <20070816142431.GO57126@rambler-co.ru>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Cc: freebsd-net@freebsd.org, robert <robert@fledge.watson.org>
Subject: Re: syncookie in 6.x and 7.x
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 19 Aug 2007 10:09:35 -0000


On Thu, 16 Aug 2007, Igor Sysoev wrote:

> I have looked sources and found that in early versions the sent counter
> was simply not incremented at all. The patch attached.

The patch looks ready to commit to me.  Do you want me to commit or, or do 
you have another committer lined up?

> After the patch has been applied I have found that 6 always sends
> syncookies too, however, 6 unlike 7 never receives them. Why ?

Have you tried patching 6 so that the syncache is non-functional and 
forced it to rely on syncookies?  Last I checked (which was a long time 
ago), syncookies worked on 6.  Adding a sysctl like 7's 
net.inet.tcp.syncookies_only to 6 might not be a bad idea, as long as it's 
behind #ifdef DIAGNOSTIC or INVARIANTS.

The question you may really be asking is:  Why does 7 *think* that it is 
receiving syncookies all the time? :)

I haven't tried to answer that question yet.

Mike "Silby" Silbersack