syncookie in 6.x and 7.x
Mike Silbersack
silby at silby.com
Sun Aug 19 03:09:35 PDT 2007
On Thu, 16 Aug 2007, Igor Sysoev wrote:
> I have looked sources and found that in early versions the sent counter
> was simply not incremented at all. The patch attached.
The patch looks ready to commit to me. Do you want me to commit or, or do
you have another committer lined up?
> After the patch has been applied I have found that 6 always sends
> syncookies too, however, 6 unlike 7 never receives them. Why ?
Have you tried patching 6 so that the syncache is non-functional and
forced it to rely on syncookies? Last I checked (which was a long time
ago), syncookies worked on 6. Adding a sysctl like 7's
net.inet.tcp.syncookies_only to 6 might not be a bad idea, as long as it's
behind #ifdef DIAGNOSTIC or INVARIANTS.
The question you may really be asking is: Why does 7 *think* that it is
receiving syncookies all the time? :)
I haven't tried to answer that question yet.
Mike "Silby" Silbersack
More information about the freebsd-net
mailing list