From owner-freebsd-net@FreeBSD.ORG Thu May 29 05:46:50 2014 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 972BA474; Thu, 29 May 2014 05:46:50 +0000 (UTC) Received: from 0.mx.codelabs.ru (0.mx.codelabs.ru [144.206.233.71]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 3858F2EF3; Thu, 29 May 2014 05:46:49 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=codelabs.ru; s=three; h=Sender:In-Reply-To:Content-Type:MIME-Version:References:Message-ID:Subject:To:From:Date; bh=47sqiRQR/hCVPeBhvSfDE+VrEzpHwjjnqhKcSJ0KjTE=; b=qYpZD72mQ3vXNIYVwLtQue43aGmsnutXD+h5/ZkScwxChE93u2HJ5SwYFpWTioEMaXmEIWJIrSBeQIdRC8Gb1bBIwd/EfFVzcqHEc219ANl6mTPK5ZmSJnQ1JiadS78e3JgmwUH1klf2wzWBeCWNQoErkOQdbdfGLB5rXabd011L9eI/G2hEDNtEyx3Mfw1vB5LxdFjBJxFn42dCOhBiHJIL10LyBLOVxaxO3tHO4UBPRhoMRToJc0EbhJQfMX9i58tSb2nIUONxLDLMnQEL+evls8RpzO5HW4O7jroXY+rJKjDnPC0yBoeJCRT4P8FeRo3wrprMM8MtFCvKiE8/Hr4G4QkSZzJE5eDenkCI8MPvotKrijG6ZZavK1nOolitW4x6dqOSa5grvQWBfH3O9MVpbpNZuh2jW4BXYiD/GJ/8R3FuZcEo783gDOXGkho5JiiPFitI0UNdNJk573bOKGJ3lEYR0w60oMJWkLezfej4Cre0HjZnXgBE971wJH6yDA1CUfymxF5Ap651WKxpWZbPnckUy/uFShibmYWejYXuBW2Z9jTuCxJjbYvbn+SxPxi7m3vKKtcoZibEvrwQ57pDigwiidWeXmKlEigfhtTW99xOY/qpwvEyOc9mfcrvCUzkN/wcM+tcHcUfBf6vvJ/m8mVNisUCdEecZajXGHY=; Received: from void.codelabs.ru (void.codelabs.ru [144.206.233.66]) by 0.mx.codelabs.ru with esmtpsa (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) id 1WptAt-000GjP-Sm; Thu, 29 May 2014 09:46:48 +0400 Date: Thu, 29 May 2014 09:46:45 +0400 From: Eygene Ryabinkin To: FreeBSD GNATS followup , freebsd-net@freebsd.org Subject: Re: kern/190102: [tcp] net.inet.tcp.drop_synfin=1 no longer works on FreeBSD 10+ [regression] Message-ID: <+Uw/Ss5bElti5gir++ydy1GLu7M@dHhGgwofm7uNfL6/X5+bGIkDUYs> References: <201405222101.s4ML122N061489@freefall.freebsd.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="LXx4g46d83wF7unj" Content-Disposition: inline In-Reply-To: <201405222101.s4ML122N061489@freefall.freebsd.org> Sender: rea@codelabs.ru X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 May 2014 05:46:50 -0000 --LXx4g46d83wF7unj Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable I assume that your pf(4) is enabled during these tests, you have "scrub" statements in the ruleset and removing "scrub" will restore the expected behaviour on 10.x? I am slightly amused that on 9.x with "scrub" you're getting the expected behaviour, because clearing FIN bit for SYN packets was the standard behaviour of pf since approximately at least 10 years, http://svnweb.freebsd.org/base/vendor-sys/pf/dist/sys/contrib/pf/net/pf_n= orm.c?view=3Dmarkup&pathrev=3D126258#l1242 Can you show relevant parts of the pf.conf from both machines and output from 'pfctl -s rules' if you are sure that both machines are configured identically pf-wise? Thanks! --=20 Eygene Ryabinkin ,,,^..^,,, [ Life's unfair - but root password helps! | codelabs.ru ] [ 82FE 06BC D497 C0DE 49EC 4FF0 16AF 9EAE 8152 ECFB | freebsd.org ] --LXx4g46d83wF7unj Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (FreeBSD) iL4EABEKAGYFAlOGycVfFIAAAAAALgAoaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl bnBncC5maWZ0aGhvcnNlbWFuLm5ldDgyRkUwNkJDRDQ5N0MwREU0OUVDNEZGMDE2 QUY5RUFFODE1MkVDRkIACgkQFq+eroFS7Pv7kQD+JjKVNIOqBBGv12DsILxmIr+U 5A76OhcjmiaO5ricQ2oA/jJy8E/D2nXSdaaAqYsNJaelqQ72Lx927Sxyj50hLDpx =2WMS -----END PGP SIGNATURE----- --LXx4g46d83wF7unj--