cvs commit: src/sys/netinet ip_fw2.c
Max Laier
max at love2party.net
Mon May 15 16:05:28 PDT 2006
On Mon, May 15, 2006 8:52 am, David Malone wrote:
> On Sun, May 14, 2006 at 11:42:24PM +0000, Max Laier wrote:
>> Use only lower 64bit of src/dest (and src/dest port) for hashing of
>> IPv6
>> connections and get rid of the flow_id as it is not guaranteed to be
>> stable
>> some (most?) current implementations seem to just zero it out.
>
> I had a look at how constant the IPv6 Flow ID is with Orla McGann about
> a year ago:
>
> http://www.maths.tcd.ie/~dwmalone/p/ec2nd05.pdf
>
> We used to screw up the setting of it on SYN|ACK packets, but we
> should do it right now. I think NetBSD had a very similar looking
> bug. When I last checked OpenBSD just set it to zero. I think Solaris
> DTRT.
Interesting - thanks for the pointer. Unless every stack DTRT we can't
use the flow_id, though - or we break otherwise legal connections. In the
given case we would open a state with SYN+flow_id and got a reply SYNACK+0
which wouldn't hash the same as the SYN we sent out. No matching state,
no connection.
--
/"\ Best regards, | mlaier at freebsd.org
\ / Max Laier | ICQ #67774661
X http://pf4freebsd.love2party.net/ | mlaier at EFnet
/ \ ASCII Ribbon Campaign | Against HTML Mail and News
More information about the cvs-src
mailing list