From owner-cvs-src@FreeBSD.ORG Tue May 16 08:29:17 2006 Return-Path: X-Original-To: cvs-src@freebsd.org Delivered-To: cvs-src@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8133016A420; Tue, 16 May 2006 08:29:17 +0000 (UTC) (envelope-from dwmalone@maths.tcd.ie) Received: from salmon.maths.tcd.ie (salmon.maths.tcd.ie [134.226.81.11]) by mx1.FreeBSD.org (Postfix) with SMTP id 1CE1043D58; Tue, 16 May 2006 08:29:14 +0000 (GMT) (envelope-from dwmalone@maths.tcd.ie) Received: from walton.maths.tcd.ie ([134.226.81.10] helo=maths.tcd.ie) by salmon.maths.tcd.ie with SMTP id ; 16 May 2006 09:29:14 +0100 (BST) To: Max Laier In-reply-to: Your message of "Tue, 16 May 2006 01:05:00 +0200." <52078.192.168.4.1.1147734300.squirrel@mail.abi01.homeunix.org> X-Request-Do: Date: Tue, 16 May 2006 09:29:13 +0100 From: David Malone Message-ID: <200605160929.aa90920@salmon.maths.tcd.ie> Cc: cvs-src@freebsd.org, src-committers@freebsd.org, cvs-all@freebsd.org Subject: Re: cvs commit: src/sys/netinet ip_fw2.c X-BeenThere: cvs-src@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: CVS commit messages for the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 May 2006 08:29:18 -0000 > Interesting - thanks for the pointer. Unless every stack DTRT we can't > use the flow_id, though - or we break otherwise legal connections. In the > given case we would open a state with SYN+flow_id and got a reply SYNACK+0 > which wouldn't hash the same as the SYN we sent out. No matching state, > no connection. Indeed - we need to get into the position where almost all stacks do the right thing before we can use the flow label as a key of any sort in the firewalling process. If people have noticed problems with this, I'd be interested in knowing which stacks are incriminated. David.