Dave, et. al.,
At 05:56 08/09/00, David S. Miller wrote:
..
>in the Cisco PIX case does the firewall send a reset
..
a bug ticket has been opened for the cisco pix firewall and [lack-of] TCP
ECN inter operability.
the developers know about the issue, and i'm sure that a fix will be
forthcoming
On Sat, Sep 09, 2000 at 03:38:26AM -0700, David S. Miller wrote:
>Date: Sat, 9 Sep 2000 12:32:34 +0200
>From: Jamie Lokier <[EMAIL PROTECTED]>
>
>So our TCP stack can observe this and say "ah, that route doesn't
>do ECN; let's retry without ECN and see if we get a better
>
Date:Sat, 9 Sep 2000 12:32:34 +0200
From: Jamie Lokier <[EMAIL PROTECTED]>
So our TCP stack can observe this and say "ah, that route doesn't
do ECN; let's retry without ECN and see if we get a better
response".
This might work. Although, a tougher case to handle are the
f
Jamie Lokier <[EMAIL PROTECTED]> writes:
> Now, for how to deal with firewalls that block ECN. Perhaps it's a
> _good_ thing that they send RSTs.
Not all of them do. For example, attempting to access www.tesco.com
with ECN enabled produces no response at all to the SYN packets, it
looks as thou
Graham Murray wrote:
> "David S. Miller" <[EMAIL PROTECTED]> writes:
>
> > The authors of rfc793 probably, in all honesty, really meant
> > "must be set to zero by current implementations".
>
> I agree, to me it seems obvious that the reason is so that these bits
> could be used at some time in
"David S. Miller" <[EMAIL PROTECTED]> writes:
> The authors of rfc793 probably, in all honesty, really meant
> "must be set to zero by current implementations".
I agree, to me it seems obvious that the reason is so that these bits
could be used at some time in the future for some, then unknown,
> > sites which RST these ECN carrying packets are the ones which disturb
> > me the most, in the Cisco PIX case does the firewall send a reset
>
> So, how would properly written pre-ECN software indicate
> rejection of packets with the unknown ECN flag?
By leaving the bits as zero
-
To unsubsc
David S. Miller writes:
>From: Ulrich Kiermayr <[EMAIL PROTECTED]>
>
> Reserved: 6 bits
>
> Reserved for future use. Must be zero.
>
>
>The point is: 'must be zero' is redefined by rfc2481 (ECN).
>
> The authors of rfc793 probably, in all honesty, really meant
> "m
> > the reserved flag bits are non-zero. The only things this protects
> > anyone from are extensions such as ECN :-)
>
> To be fair even older netfilter had the same problem (ipt_unclean would
> complain about the reserved bits). It is probably a common bug.
The current British Standard kite
On Fri, Sep 08, 2000 at 02:56:59AM -0700, David S. Miller wrote:
> That's a really anal, zero purpose, check to put into a firewall.
> I don't know of even any embedded printer stacks that puke when
> the reserved flag bits are non-zero. The only things this protects
> anyone from are extensions
On Fri, 8 Sep 2000, David S. Miller wrote:
> The authors of rfc793 probably, in all honesty, really meant
> "must be set to zero by current implementations".
Thats often the problem when interpretations are possible: Different
people see the meaning differently.
> Even though they did not say t
Date: Fri, 8 Sep 2000 11:42:54 +0200 (CEST)
From: Ulrich Kiermayr <[EMAIL PROTECTED]>
Reserved: 6 bits
Reserved for future use. Must be zero.
The point is: 'must be zero' is redefined by rfc2481 (ECN).
The authors of rfc793 probably, in all honesty, really meant
12 matches
Mail list logo
