cvs commit: src/sys/netinet ip_fw2.c
David Malone
dwmalone at maths.tcd.ie
Tue May 16 01:29:18 PDT 2006
> Interesting - thanks for the pointer. Unless every stack DTRT we can't
> use the flow_id, though - or we break otherwise legal connections. In the
> given case we would open a state with SYN+flow_id and got a reply SYNACK+0
> which wouldn't hash the same as the SYN we sent out. No matching state,
> no connection.
Indeed - we need to get into the position where almost all stacks
do the right thing before we can use the flow label as a key of any
sort in the firewalling process. If people have noticed problems
with this, I'd be interested in knowing which stacks are incriminated.
David.
More information about the cvs-src
mailing list