Re: ssh's "bad packet length" vs. SACK and IPsec

To: cube%cubidou.net@localhost
Subject: Re: ssh's "bad packet length" vs. SACK and IPsec
From: yamt%mwd.biglobe.ne.jp@localhost (YAMAMOTO Takashi)
Date: Sat, 8 Mar 2008 19:24:35 +0900 (JST)

> While those two patches makes the whole thing happy, I think we should
> re-visit the path MTU discovery code to be more efficient.  In the case
> of blackholes for instance, we should make use of icmp_mtudisc's clever
> table.  And I still think we should act on ICMP Need Fragment messages
> immediately.

there are some reasons not to act on icmp messages immediately.
http://www.gont.com.ar/drafts/icmp-attacks-against-tcp.html

> I'd appreciate if someone with TCP and possibly SACK knowledge would
> confirm my analysis and the correctness of the patch I suggest.
> Otherwise I'll commit sometime later...

although i don't claim that i'm an expert of these area,
these analysis and patches seem correct to me.

YAMAMOTO Takashi

References:
- ssh's "bad packet length" vs. SACK and IPsec
  - From: Quentin Garnier

Prev by Date: RE : Re: Wireless networking under NetBSD
Next by Date: Re: wm(4) performance issues
Previous by Thread: ssh's "bad packet length" vs. SACK and IPsec
Next by Thread: [PATCH] Fix a comment in sys/un.h
Indexes:

Home | Main Index | Thread Index | Old Index