Date: Tue, 16 May 2006 09:29:13 +0100 From: David Malone <dwmalone@maths.tcd.ie> To: Max Laier <max@love2party.net> Cc: cvs-src@freebsd.org, src-committers@freebsd.org, cvs-all@freebsd.org Subject: Re: cvs commit: src/sys/netinet ip_fw2.c Message-ID: <200605160929.aa90920@salmon.maths.tcd.ie> In-Reply-To: Your message of "Tue, 16 May 2006 01:05:00 %2B0200." <52078.192.168.4.1.1147734300.squirrel@mail.abi01.homeunix.org>
index | next in thread | previous in thread | raw e-mail
> Interesting - thanks for the pointer. Unless every stack DTRT we can't > use the flow_id, though - or we break otherwise legal connections. In the > given case we would open a state with SYN+flow_id and got a reply SYNACK+0 > which wouldn't hash the same as the SYN we sent out. No matching state, > no connection. Indeed - we need to get into the position where almost all stacks do the right thing before we can use the flow label as a key of any sort in the firewalling process. If people have noticed problems with this, I'd be interested in knowing which stacks are incriminated. David.home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200605160929.aa90920>