Date: Thu, 14 Dec 2006 11:57:05 +0100 From: Andre Oppermann <andre@freebsd.org> To: Julian Elischer <julian@elischer.org> Cc: FreeBSD Net <freebsd-net@freebsd.org> Subject: Re: question for TCP gurus (in ipfw) Message-ID: <45812E01.9060200@freebsd.org> In-Reply-To: <458094E7.1060806@elischer.org> References: <458094E7.1060806@elischer.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Julian Elischer wrote: > in the ipfw function send_reject6() we go to great length to calculate > the sequence number to put into the ack field of the reject packet.. > > but it's a RESET we are generating.. > > do we need to go to all the work of setting the ACK value etc? Yes, at least some of it. > could we do either of: > 1/ not set the ACK bit and just not do the extra work. Just send a reset? Doesn't work. > or > 2/ instead of ACKing all the data in the packet we are resetting, > how about just ACKing the sequence number it starts with > and saving ourselves from doing the work of ACKing all the data > up to the current packet end. (which is the packet we are rejecting > anyhow) (It takes some calculation to work out the new ack value > which seems pointless as we are rejecting it..) Section 3 of this document describes the situation and requirements quite accurately: http://www.ietf.org/internet-drafts/draft-ietf-tcpm-tcpsecure-06.txt -- Andre
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?45812E01.9060200>