Date: Tue, 16 May 2006 01:05:00 +0200 (CEST) From: "Max Laier" <max@love2party.net> To: "David Malone" <dwmalone@maths.tcd.ie> Cc: cvs-src@freebsd.org, Max Laier <mlaier@freebsd.org>, src-committers@freebsd.org, cvs-all@freebsd.org Subject: Re: cvs commit: src/sys/netinet ip_fw2.c Message-ID: <52078.192.168.4.1.1147734300.squirrel@mail.abi01.homeunix.org> In-Reply-To: <20060515065214.GA63472@walton.maths.tcd.ie> References: <200605142342.k4ENgOli009466@repoman.freebsd.org> <20060515065214.GA63472@walton.maths.tcd.ie>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, May 15, 2006 8:52 am, David Malone wrote: > On Sun, May 14, 2006 at 11:42:24PM +0000, Max Laier wrote: >> Use only lower 64bit of src/dest (and src/dest port) for hashing of >> IPv6 >> connections and get rid of the flow_id as it is not guaranteed to be >> stable >> some (most?) current implementations seem to just zero it out. > > I had a look at how constant the IPv6 Flow ID is with Orla McGann about > a year ago: > > http://www.maths.tcd.ie/~dwmalone/p/ec2nd05.pdf > > We used to screw up the setting of it on SYN|ACK packets, but we > should do it right now. I think NetBSD had a very similar looking > bug. When I last checked OpenBSD just set it to zero. I think Solaris > DTRT. Interesting - thanks for the pointer. Unless every stack DTRT we can't use the flow_id, though - or we break otherwise legal connections. In the given case we would open a state with SYN+flow_id and got a reply SYNACK+0 which wouldn't hash the same as the SYN we sent out. No matching state, no connection. -- /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?52078.192.168.4.1.1147734300.squirrel>