Date: Tue, 16 May 2006 09:29:13 +0100 From: David Malone <dwmalone@maths.tcd.ie> To: Max Laier <max@love2party.net> Cc: cvs-src@freebsd.org, src-committers@freebsd.org, cvs-all@freebsd.org Subject: Re: cvs commit: src/sys/netinet ip_fw2.c Message-ID: <200605160929.aa90920@salmon.maths.tcd.ie> In-Reply-To: Your message of "Tue, 16 May 2006 01:05:00 %2B0200." <52078.192.168.4.1.1147734300.squirrel@mail.abi01.homeunix.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> Interesting - thanks for the pointer. Unless every stack DTRT we can't > use the flow_id, though - or we break otherwise legal connections. In the > given case we would open a state with SYN+flow_id and got a reply SYNACK+0 > which wouldn't hash the same as the SYN we sent out. No matching state, > no connection. Indeed - we need to get into the position where almost all stacks do the right thing before we can use the flow label as a key of any sort in the firewalling process. If people have noticed problems with this, I'd be interested in knowing which stacks are incriminated. David.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200605160929.aa90920>