question for TCP gurus (in ipfw)
Andre Oppermann
andre at freebsd.org
Thu Dec 14 02:58:08 PST 2006
Julian Elischer wrote:
> in the ipfw function send_reject6() we go to great length to calculate
> the sequence number to put into the ack field of the reject packet..
>
> but it's a RESET we are generating..
>
> do we need to go to all the work of setting the ACK value etc?
Yes, at least some of it.
> could we do either of:
> 1/ not set the ACK bit and just not do the extra work. Just send a reset?
Doesn't work.
> or
> 2/ instead of ACKing all the data in the packet we are resetting,
> how about just ACKing the sequence number it starts with
> and saving ourselves from doing the work of ACKing all the data
> up to the current packet end. (which is the packet we are rejecting
> anyhow) (It takes some calculation to work out the new ack value
> which seems pointless as we are rejecting it..)
Section 3 of this document describes the situation and requirements
quite accurately:
http://www.ietf.org/internet-drafts/draft-ietf-tcpm-tcpsecure-06.txt
--
Andre
More information about the freebsd-net
mailing list