> Errors in logic in TCP need to be dealt with by breaking the
> connection and spitting a RST out, and it must be done in a
> way that is as easy to verify as possible.
The two are no different. Someone at cisco stuffed an IP authentication
header in the TCP frame. Its stupid, but the RST argument is not a real one
> IPSEC getting the signature wrong is more akin to getting bitstream
> corruptions from your networking card for a certain sequence of bytes.
Ditto the TCP bad MD5 sum and a tcp checksum error.
I've actually got a more constructive suggestion for the zebra folks.
Route the BGP crap through a netlink tap device, mangle and unmangle the
tcp frames in luserspace. Saves doing TCP in userspace, saves screwing up
Dave's nice networking stack.
You'll still need to kill SACK support to make it fit
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Fri Mar 15 2002 - 22:00:22 EST