> Interesting - thanks for the pointer. Unless every stack DTRT we can't
> use the flow_id, though - or we break otherwise legal connections. In the
> given case we would open a state with SYN+flow_id and got a reply SYNACK+0
> which wouldn't hash the same as the SYN we sent out. No matching state,
> no connection.
Indeed - we need to get into the position where almost all stacks
do the right thing before we can use the flow label as a key of any
sort in the firewalling process. If people have noticed problems
with this, I'd be interested in knowing which stacks are incriminated.
David.
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
