DragonFly kernel List (threaded) for 2008-04
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]

Re: FairQ ALTQ for PF - Patch #2

To:	Matthew Dillon <dillon@xxxxxxxxxxxxxxxxxxxx>
From:	Cédric Berger <cedric@xxxxxxxxx>
Date:	Mon, 07 Apr 2008 15:09:58 +0200

Matthew Dillon wrote:

:... :could even do modulate state or synproxy state as long as you see the :initial SYN. If not, you fall back to creating a reduced state. This :option would, of course, also have a setting where it would always just :create a reduced state and be done with it. : :As for the name ... maybe, 'extra-tcp-state' with a possible setting :of 'on' (default), 'off' and 'force-off' or something like that. This :could also be a global setting similar to the timeouts which can also be :set on a per-rule basis. : :\ / Max Laier | ICQ #67774661

I came across an interesting item. I believe (but I'm not entirely sure if I am correct) that NetBSD implies S/SA for TCP keep state and it no longer needs to be specified in the rule. Is this correct?

Yes, quoting http://www.openbsd.org/faq/pf/filter.html:

In OpenBSD 4.1 and later, the default flags S/SA are applied to all TCP
filter rules.

Since OpenBSD 4.1, "keep state" is also the default.

Cedric

Follow-Ups:
- Re: FairQ ALTQ for PF - Patch #2
  - From: Matthew Dillon <dillon@apollo.backplane.com>

References:
- FairQ ALTQ for PF - Patch #2
  - From: Matthew Dillon <dillon@apollo.backplane.com>
- Re: FairQ ALTQ for PF - Patch #2
  - From: Max Laier <max@love2party.net>
- Re: FairQ ALTQ for PF - Patch #2
  - From: Matthew Dillon <dillon@apollo.backplane.com>
- Re: FairQ ALTQ for PF - Patch #2
  - From: Max Laier <max@love2party.net>
- Re: FairQ ALTQ for PF - Patch #2
  - From: Matthew Dillon <dillon@apollo.backplane.com>

[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]