FairQ ALTQ for PF - Patch #2
Matthew Dillon
dillon at apollo.backplane.com
Sun Apr 6 17:17:13 PDT 2008
: (1) I'm using keep state, not synproxy. Is PF still attempting to do
: window sequence space comparisons and dropping packets if they do
: not match? If it is, do you know where in the code that is
: (I've been staring at it a while trying to find just such a
: comparison but not having a whole lot of luck).
Wait, I think I found it. I think the DROP is handled by the else
clause around line 4030 of pf.c (in the DragonFly code). I'm not
entirely sure.
It looks like it will be easy to flag state creation without a SYN
and have it ignore sequence space comparisons for that case.
-Matt
More information about the Kernel
mailing list