On Mon, May 15, 2006 8:52 am, David Malone wrote: > On Sun, May 14, 2006 at 11:42:24PM +0000, Max Laier wrote: >> Use only lower 64bit of src/dest (and src/dest port) for hashing of >> IPv6 >> connections and get rid of the flow_id as it is not guaranteed to be >> stable >> some (most?) current implementations seem to just zero it out. > > I had a look at how constant the IPv6 Flow ID is with Orla McGann about > a year ago: > > http://www.maths.tcd.ie/~dwmalone/p/ec2nd05.pdf > > We used to screw up the setting of it on SYN|ACK packets, but we > should do it right now. I think NetBSD had a very similar looking > bug. When I last checked OpenBSD just set it to zero. I think Solaris > DTRT.
Interesting - thanks for the pointer. Unless every stack DTRT we can't use the flow_id, though - or we break otherwise legal connections. In the given case we would open a state with SYN+flow_id and got a reply SYNACK+0 which wouldn't hash the same as the SYN we sent out. No matching state, no connection. -- /"\ Best regards, | [EMAIL PROTECTED] \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | [EMAIL PROTECTED] / \ ASCII Ribbon Campaign | Against HTML Mail and News _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "[EMAIL PROTECTED]"
