FairQ ALTQ for PF - Patch #2
Matthew Dillon
dillon at apollo.backplane.com
Mon Apr 7 11:45:05 PDT 2008
:I concur. Keep state should be explicit. Furthermore, I don't expect
:keep state not to work across reboots. That's why I then write keep
:state flags S/SA. Something clearly need to be untangled here. Keep
:state should keep state as good as possible, but not reject connections.
:
:cheers
: simon
I figured out another reason why linux boxes couldn't connect to me.
I wasn't running keep state on incoming traffic, only outgoing. That
means the keep state didn't have the initial SYN packet from an
outside host making a connection into me. No initial SYN, no window
scaling info.
My current pickup check is not quite sufficient, either. I have to
check that the SYN was observed in both directions. Seeing just one
of the SYNs may not be enough. I'll have to re-read the window scaling
rules.
Max, or anyone... do you happen to remember whether window scaling
is negotiated the same for both directions or whether each direction
in a TCP connection can use a different scaling factor?
-Matt
Matthew Dillon
<dillon at backplane.com>
More information about the Kernel
mailing list