Andi Kleen wrote:
On Saturday 25 March 2006 23:32, Mark Butler wrote:
A true firewall should never need to do anything but drop packets and
reset connections. Changes to the way packets are routed should be done
at the routing layer, using the flow information from the transport
layer.
On Saturday 25 March 2006 23:32, Mark Butler wrote:
> A true firewall should never need to do anything but drop packets and
> reset connections. Changes to the way packets are routed should be done
> at the routing layer, using the flow information from the transport
> layer.
The real world
David S. Miller wrote:
From: Mark Butler <[EMAIL PROTECTED]>
Date: Fri, 24 Mar 2006 22:37:26 -0700
On a more general note, I find the idea that a current dst entry doesn't
actually reflect the interface (even a logical interface) and nexthop
that will be used to deliver a packet a little d
From: Mark Butler <[EMAIL PROTECTED]>
Date: Fri, 24 Mar 2006 22:37:26 -0700
> On a more general note, I find the idea that a current dst entry doesn't
> actually reflect the interface (even a logical interface) and nexthop
> that will be used to deliver a packet a little disturbing. It would
>
Wouldn't the appropriate place to add the tunable for Stretch ACKs be as
a route attribute similar to RTAX_ADVMSS? Then system administrators
who are aware of the local network topology, netfilters, etc, could use
an "ip route" or whatever command to enable it on the route entry for
the loc
