Andre Oppermann wrote:
Makes sense.
Can we ever have a packet that has a source address with INADDR_BROADCAST
or IN_MULTICAST? I can't think of such a case.
Can we ever have a packet with destination address INADDR_ANY? Maybe
for BOOTP? But then the source address would be 0.0.0.0 too?
IIRC,
I've been thinking about this all day...
Thus spake Jesper Skriver [EMAIL PROTECTED] [23:53:26 11/12/03:
: + /*
: +* Only unicast IP, not from loopback, no L2 or IP broadcast,
: +* no multicast, no INADDR_ANY
: +*/
: + if ((m-m_pkthdr.rcvif-if_flags IFF_LOOPBACK) ||
: +
Hajimu UMEMOTO wrote:
Hi,
On Tue, 11 Nov 2003 19:26:41 +0100
Andre Oppermann [EMAIL PROTECTED] said:
oppermann I have fixed the panic. It was a stupid braino in the test whether
oppermann we have to free the allocated route. It was trying to free a null
oppermann pointer route which
Hi,
On Wed, 12 Nov 2003 16:22:38 +0100
Andre Oppermann [EMAIL PROTECTED] said:
oppermann Ok, I found the bug. It was in the ipv6 hash function where I made
oppermann a mistake with the hashmask.
oppermann The updated patch is here:
oppermann
Hajimu UMEMOTO wrote:
Hi,
On Wed, 12 Nov 2003 16:22:38 +0100
Andre Oppermann [EMAIL PROTECTED] said:
oppermann Ok, I found the bug. It was in the ipv6 hash function where I made
oppermann a mistake with the hashmask.
oppermann The updated patch is here:
oppermann
On Sun, Nov 09, 2003 at 05:19:07PM +0100, Andre Oppermann wrote:
Hello all,
this patch contains three things (to be separated for committing):
tcp_hostcache
- removes protocol cloning from routing table (IPv4+6)
- removes rtentry pointer from inpcb and in6pcb
- removes ip route
Jesper Skriver wrote:
On Sun, Nov 09, 2003 at 05:19:07PM +0100, Andre Oppermann wrote:
Hello all,
this patch contains three things (to be separated for committing):
...
ip_fastforward
- removes ip_flow forwarding code
- adds full direct process-to-completion IPv4 forwarding
On Thu, Nov 13, 2003 at 12:13:14AM +0100, Andre Oppermann wrote:
Jesper Skriver wrote:
On Sun, Nov 09, 2003 at 05:19:07PM +0100, Andre Oppermann wrote:
Hello all,
this patch contains three things (to be separated for committing):
...
ip_fastforward
- removes ip_flow
Jesper Skriver wrote:
On Thu, Nov 13, 2003 at 12:13:14AM +0100, Andre Oppermann wrote:
Jesper Skriver wrote:
On Sun, Nov 09, 2003 at 05:19:07PM +0100, Andre Oppermann wrote:
Hello all,
this patch contains three things (to be separated for committing):
...
Hi,
On Sun, 09 Nov 2003 17:19:07 +0100
Andre Oppermann [EMAIL PROTECTED] said:
oppermann The patch is here (relative to -CURRENT as of 2003-11-09):
oppermann http://www.nrg4u.com/freebsd/tcphostcache+ipfastforward-20031109.patch
The patch cannot be compiled:
cc -c -O -pipe -march=pentium3
PROTECTED]; [EMAIL PROTECTED]
Sent: Sunday, November 09, 2003 11:19 AM
Subject: tcp hostcache and ip fastforward for review
Hello all,
this patch contains three things (to be separated for committing):
tcp_hostcache
- removes protocol cloning from routing table (IPv4+6)
- removes
Hi,
On Sun, 09 Nov 2003 17:19:07 +0100
Andre Oppermann [EMAIL PROTECTED] said:
oppermann The patch is here (relative to -CURRENT as of 2003-11-09):
oppermann http://www.nrg4u.com/freebsd/tcphostcache+ipfastforward-20031109.patch
It panics at boot around invoking rtsol(8):
Fatal trap 12:
Hajimu UMEMOTO wrote:
Hi,
On Sun, 09 Nov 2003 17:19:07 +0100
Andre Oppermann [EMAIL PROTECTED] said:
oppermann The patch is here (relative to -CURRENT as of 2003-11-09):
oppermann http://www.nrg4u.com/freebsd/tcphostcache+ipfastforward-20031109.patch
The patch cannot be compiled:
Hi,
On Tue, 11 Nov 2003 18:06:05 +0100
Andre Oppermann [EMAIL PROTECTED] said:
oppermann However there is a problem in netkey/key.c with the static variable
oppermann ipsec_esp_auth which is unused if IPSEC_ESP is not defined.
Thanks. I've just committed to define ipsec_esp_auth only when
Hajimu UMEMOTO wrote:
Hi,
On Sun, 09 Nov 2003 17:19:07 +0100
Andre Oppermann [EMAIL PROTECTED] said:
oppermann The patch is here (relative to -CURRENT as of 2003-11-09):
oppermann http://www.nrg4u.com/freebsd/tcphostcache+ipfastforward-20031109.patch
It panics at boot around
Hi,
On Tue, 11 Nov 2003 19:26:41 +0100
Andre Oppermann [EMAIL PROTECTED] said:
oppermann I have fixed the panic. It was a stupid braino in the test whether
oppermann we have to free the allocated route. It was trying to free a null
oppermann pointer route which obviously doesn't work. :-^
Oppermann [EMAIL PROTECTED]
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Sunday, November 09, 2003 11:19 AM
Subject: tcp hostcache and ip fastforward for review
Hello all,
this patch contains three things (to be separated
Hajimu UMEMOTO wrote:
Hi,
On Tue, 11 Nov 2003 19:26:41 +0100
Andre Oppermann [EMAIL PROTECTED] said:
oppermann I have fixed the panic. It was a stupid braino in the test whether
oppermann we have to free the allocated route. It was trying to free a null
oppermann pointer route which
On Sun, 9 Nov 2003, Andre Oppermann wrote:
Hello all,
this patch contains three things (to be separated for committing):
I don't have much time free in the next week, so I cannot do a complete
review. However, I just did a quick readthrough.
tcp_hostcache
This looks good to me, I've
Jonathan Mini wrote:
On Nov 9, 2003, at 2:47 PM, Andre Oppermann wrote:
Jonathan Mini wrote:
On Nov 9, 2003, at 8:19 AM, Andre Oppermann wrote:
- DoS attack 2: make MSS very low on local side of connection
and send mny small packet to remote host. For every packet
Mike Silbersack wrote:
On Sun, 9 Nov 2003, Andre Oppermann wrote:
Hello all,
this patch contains three things (to be separated for committing):
I don't have much time free in the next week, so I cannot do a complete
review. However, I just did a quick readthrough.
On Nov 10, 2003, at 1:39 AM, Andre Oppermann wrote:
Jonathan Mini wrote:
All in all I don't think it is worth adding this complexity.
I agree.
This is actually a small value for TCP connections which are being
used to forward messages, especially on gigabit links.
Heavily-intensive
web
Hi,
On Sun, 09 Nov 2003 17:19:07 +0100
Andre Oppermann [EMAIL PROTECTED] said:
oppermann Hajimu-san, I'm looking especially for comments on whether my changes
oppermann to IPv6 are correct wrt IPv6 concepts. (I hope they are).
I don't see the patch in detail, yet, it seems your change will
Hajimu UMEMOTO wrote:
Hi,
On Sun, 09 Nov 2003 17:19:07 +0100
Andre Oppermann [EMAIL PROTECTED] said:
oppermann Hajimu-san, I'm looking especially for comments on whether my changes
oppermann to IPv6 are correct wrt IPv6 concepts. (I hope they are).
I don't see the patch in detail,
On Mon, 10 Nov 2003, Andre Oppermann wrote:
- Ensures that a cached entry isn't added until the 3WHS is completed.
This should help make synfloods with random source addresses less
damaging.
The cache will only be updated if the tcp connection is being closed.
All updates are done
In a message written on Mon, Nov 10, 2003 at 01:45:48PM -0600, Mike Silbersack wrote:
At the moment is visible via sysctl -a net.inet.tcp.hostcache.list.
Syncache ain't visible via netstat either. So far you had to use
route get x.x.x.x to see the rtmetrics for a (host-)route. So I'm
sure
Leo Bicknell wrote:
In a message written on Mon, Nov 10, 2003 at 01:45:48PM -0600, Mike Silbersack wrote:
At the moment is visible via sysctl -a net.inet.tcp.hostcache.list.
Syncache ain't visible via netstat either. So far you had to use
route get x.x.x.x to see the rtmetrics for a
Hello all,
this patch contains three things (to be separated for committing):
tcp_hostcache
- removes protocol cloning from routing table (IPv4+6)
- removes rtentry pointer from inpcb and in6pcb
- removes ip route cache in ip_input.c (locking much easier)
- removes most (tcp specific)
On Nov 9, 2003, at 8:19 AM, Andre Oppermann wrote:
- DoS attack 2: make MSS very low on local side of connection
and send mny small packet to remote host. For every packet
(eg. 2 bytes payload) a sowakeup is done to the listening
process. Consumes a lot of CPU there.
This sounds
Jonathan Mini wrote:
On Nov 9, 2003, at 8:19 AM, Andre Oppermann wrote:
- DoS attack 2: make MSS very low on local side of connection
and send mny small packet to remote host. For every packet
(eg. 2 bytes payload) a sowakeup is done to the listening
process.
On Nov 9, 2003, at 2:47 PM, Andre Oppermann wrote:
Jonathan Mini wrote:
On Nov 9, 2003, at 8:19 AM, Andre Oppermann wrote:
- DoS attack 2: make MSS very low on local side of connection
and send mny small packet to remote host. For every packet
(eg. 2 bytes payload) a sowakeup is
31 matches
Mail list logo