Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 29 May 2014 09:46:45 +0400
From:      Eygene Ryabinkin <rea@freebsd.org>
To:        FreeBSD GNATS followup <bug-followup@freebsd.org>, freebsd-net@freebsd.org
Subject:   Re: kern/190102: [tcp] net.inet.tcp.drop_synfin=1 no longer works on FreeBSD 10+ [regression]
Message-ID:  <+Uw/Ss5bElti5gir++ydy1GLu7M@dHhGgwofm7uNfL6/X5+bGIkDUYs>
In-Reply-To: <201405222101.s4ML122N061489@freefall.freebsd.org>
References:  <201405222101.s4ML122N061489@freefall.freebsd.org>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help

--LXx4g46d83wF7unj
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

I assume that your pf(4) is enabled during these tests, you have
"scrub" statements in the ruleset and removing "scrub" will restore
the expected behaviour on 10.x?

I am slightly amused that on 9.x with "scrub" you're getting the
expected behaviour, because clearing FIN bit for SYN packets was
the standard behaviour of pf since approximately at least 10 years,
  http://svnweb.freebsd.org/base/vendor-sys/pf/dist/sys/contrib/pf/net/pf_n=
orm.c?view=3Dmarkup&pathrev=3D126258#l1242

Can you show relevant parts of the pf.conf from both machines
and output from 'pfctl -s rules' if you are sure that both machines
are configured identically pf-wise?

Thanks!
--=20
Eygene Ryabinkin                                        ,,,^..^,,,
[ Life's unfair - but root password helps!           | codelabs.ru ]
[ 82FE 06BC D497 C0DE 49EC  4FF0 16AF 9EAE 8152 ECFB | freebsd.org ]

--LXx4g46d83wF7unj
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (FreeBSD)

iL4EABEKAGYFAlOGycVfFIAAAAAALgAoaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl
bnBncC5maWZ0aGhvcnNlbWFuLm5ldDgyRkUwNkJDRDQ5N0MwREU0OUVDNEZGMDE2
QUY5RUFFODE1MkVDRkIACgkQFq+eroFS7Pv7kQD+JjKVNIOqBBGv12DsILxmIr+U
5A76OhcjmiaO5ricQ2oA/jJy8E/D2nXSdaaAqYsNJaelqQ72Lx927Sxyj50hLDpx
=2WMS
-----END PGP SIGNATURE-----

--LXx4g46d83wF7unj--



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?+Uw/Ss5bElti5gir++ydy1GLu7M>