From: Patrick McHardy <kaber@trash.net>
To: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Cc: Krzysztof Oledzki <ole@ans.pl>,
Netfilter Developer Mailing List
<netfilter-devel@vger.kernel.org>
Subject: Re: PATCH: "invalid SYNIN=" - a patch and a question
Date: Mon, 08 Oct 2007 18:39:08 +0200 [thread overview]
Message-ID: <470A5D2C.1040006@trash.net> (raw)
In-Reply-To: <Pine.LNX.4.64.0710081117270.6987@blackhole.kfki.hu>
Jozsef Kadlecsik wrote:
> Hi Krzysztof,
>
>>--- example #1 begin ---
>
> [...]
>
> The last sequence number ACK-ed by the server is 3235585701. The ISN sent
> by the client at reopening is 2494249856, which is not after the largest
> sequence number used in the previous session.
>
>
>>--- example #1 begin ---
>
> [...]
>
>
> And the same here: largest seq is 3536556183, but the ISN is 3521103209.
>
> It seems to me conntack is just right.
thats true, but I'm wondering, is there any benefit in being
strict about this? The chances of accidentally reopening an
old connection are a lot smaller than breaking things as in
this case. Or maybe we could add PAWS checks, although that
would increase the conntrack size by another 8 bytes.
Krzysztof, does the problem disappear if you use something
like 30 s for the TIME_WAIT timeout?
next prev parent reply other threads:[~2007-10-08 16:41 UTC|newest]
Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-09-26 12:27 PATCH: "invalid SYNIN=" - a patch and a question Krzysztof Oledzki
2007-10-03 13:06 ` Krzysztof Oledzki
2007-10-03 13:54 ` Jozsef Kadlecsik
2007-10-03 19:57 ` Krzysztof Oledzki
2007-10-04 7:26 ` Jozsef Kadlecsik
2007-10-04 5:59 ` Patrick McHardy
2007-10-04 7:52 ` Jozsef Kadlecsik
2007-10-04 7:59 ` Patrick McHardy
2007-10-04 8:41 ` Jozsef Kadlecsik
2007-10-05 20:06 ` Krzysztof Oledzki
2007-10-08 9:32 ` Jozsef Kadlecsik
2007-10-08 9:45 ` Jozsef Kadlecsik
2007-10-08 13:56 ` Krzysztof Oledzki
2007-10-08 14:01 ` Krzysztof Oledzki
2007-10-08 13:58 ` Krzysztof Oledzki
2007-10-08 14:01 ` Jozsef Kadlecsik
2007-10-08 17:28 ` Krzysztof Oledzki
2007-10-09 8:11 ` Jozsef Kadlecsik
2007-10-09 13:17 ` Krzysztof Oledzki
2007-10-09 13:22 ` Krzysztof Oledzki
2007-10-08 16:39 ` Patrick McHardy [this message]
2007-10-08 17:23 ` Krzysztof Oledzki
2007-10-04 6:15 ` Patrick McHardy
2007-10-10 19:26 ` Jozsef Kadlecsik
2007-10-11 4:04 ` Patrick McHardy
2007-10-11 13:52 ` Krzysztof Oledzki
2007-10-31 19:34 ` Krzysztof Oledzki
2007-11-05 11:11 ` Patrick McHardy
2007-11-14 21:46 ` [stable] " Greg KH
2007-10-11 13:50 ` Krzysztof Oledzki
[not found] ` <Pine.LNX.4.64.0710112238010.29814@bizon.gios.gov.pl>
2007-10-11 22:42 ` Jozsef Kadlecsik
2007-10-12 10:09 ` Krzysztof Oledzki
2007-10-12 14:48 ` Jozsef Kadlecsik
2007-10-12 18:09 ` Krzysztof Oledzki
2007-10-17 17:41 ` Jozsef Kadlecsik
2007-10-17 20:08 ` Krzysztof Oledzki
2007-10-18 8:43 ` Patrick McHardy
2007-10-04 5:45 ` Patrick McHardy
2007-10-17 20:13 ` Krzysztof Oledzki
2007-10-18 8:43 ` Patrick McHardy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=470A5D2C.1040006@trash.net \
--to=kaber@trash.net \
--cc=kadlec@blackhole.kfki.hu \
--cc=netfilter-devel@vger.kernel.org \
--cc=ole@ans.pl \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.