At 06:03 PM 1/20/2000 , Darren Reed wrote:
>If you're using "flags S keep state" or "flags S/SA keep state",
>then as far as I'm aware, having read the code, you are safe.
This might be a workaround. What rule(s) would have to follow it
to block the ACK?
>I'm intrigued to know what the bug is. Reading the code, it is
>hard to see how you could make a box fall over using it, unless
>there were some serious problems in how random TCP ACK's were
>handled.
My guess is that there's a long code path, or other inefficiency,
in the way the ACK is handled. Perhaps a linear search for the
right socket instead of one that's more clevery implemented
(e.g. search by port, then address, etc.).
--Brett
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-stable" in the body of the message
