Re: 2.6.17: networking bug??

From: Rick Jones
Date: Tue Jun 13 2006 - 18:11:22 EST

Next message: James Morris: "Re: [RFC/PATCH 2/2] update sunrpc to use in-kernel sockets API"
Previous message: H. Peter Anvin: "Re: [PATCH -mm] i386 syscall opcode reordering (pipelining)"
In reply to: Mark Lord: "Re: 2.6.17: networking bug??"
Next in thread: David Miller: "Re: 2.6.17: networking bug??"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Mark

From everything I have read so far (which admittedly hasn't been everything) it sounds like the firewall in question was a ticking timebomb. If 2.6.17 hadn't set it off, something else might very well have done so.

Or, if you prefer another metaphore, 2.6.17 was simply the last in a series of straws on the back of the camel what was the firewall. Meta issues of whether or not the camel that is firewalls should have ever been allowed to poke its nose in the Internet Tent notwithstanding :)

At the very least, the firewall, if it is going to be "stateless," has to strip the window scaling option from the SYN's that go past. Otherwise, I would be inclined to agree with David that the firewall is fundamentally broken.

rick jones
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: James Morris: "Re: [RFC/PATCH 2/2] update sunrpc to use in-kernel sockets API"
Previous message: H. Peter Anvin: "Re: [PATCH -mm] i386 syscall opcode reordering (pipelining)"
In reply to: Mark Lord: "Re: 2.6.17: networking bug??"
Next in thread: David Miller: "Re: 2.6.17: networking bug??"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]