Nils Goroll wrote: >> The outer conditional verifies that the incoming SYN has >> a timestamp, that tcp_tw_recycle is enabled, and that the origin >> exists in our peer cache. Note that it only checks the IP of the >> origin. Doesn't it make sense to also match on port? > > My understanding is that the fact that the connection is in > TIME_WAIT implies that the source port should not be reused at this > time.
Right, you're saying that the srcaddr+srcport pair of a connection in TIME_WAIT should not be reused under this scheme (i.e. the SYN can be dropped), and I agree. Then I don't understand why a new connection originating from a *different* source port (although from the same source IP) is also considered a dupe and dropped. SYN retries don't change/increase the source port afterall. Is this a mistake in the TCP code, or maybe in my understanding of the issue? Sven _______________________________________________ varnish-misc mailing list [email protected] http://projects.linpro.no/mailman/listinfo/varnish-misc
