FreeBSD 7 TCP syncache fix: request for testers
Mike Silbersack
silby at silby.com
Wed Jul 25 06:07:04 UTC 2007
On Fri, 20 Jul 2007, Peter Wemm wrote:
> TCP: [127.0.0.1]:52446 to [127.0.0.1]:1128 tcpflags 0x10<ACK>;
> syncache_expand: Segment failed SYNCOOKIE authentication, segment
> rejected (probably spoofed)
> [...]
>
> How on earth can localhost be spoofing itself? This is getting quite
> absurd. :-(
Any extra ACK that arrives is probably being processed by the syncookie
code is my guess. So, I think that the problem is probably anywhere
except in the syncookie code.
> I'll give your patch a shot and see if it improves things at all.
It won't, not for this case. :(
But I'll get it committed ASAP, because it fixes other cases. Unless,
that is, things IRL keep interrupting me.
Mike "Silby" Silbersack
More information about the freebsd-current
mailing list