From owner-freebsd-current@FreeBSD.ORG Sun Mar 18 15:45:19 2007 Return-Path: X-Original-To: freebsd-current@freebsd.org Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id B316116A401 for ; Sun, 18 Mar 2007 15:45:19 +0000 (UTC) (envelope-from freeman@vault13.org) Received: from vault13.org (ip246-74.baltnet.ru [217.168.74.246]) by mx1.freebsd.org (Postfix) with ESMTP id A88C413C455 for ; Sun, 18 Mar 2007 15:45:18 +0000 (UTC) (envelope-from freeman@vault13.org) Received: from vault13.org (nobody@localhost [127.0.0.1]) by vault13.org (8.13.6/8.13.6) with ESMTP id l2IFL1l0071228 for ; Sun, 18 Mar 2007 18:21:01 +0300 (MSK) (envelope-from freeman@vault13.org) Received: (from freeman@localhost) by vault13.org (8.13.6/8.13.6/Submit) id l2IFL1Sb071227 for freebsd-current@freebsd.org; Sun, 18 Mar 2007 18:21:01 +0300 (MSK) (envelope-from freeman) Date: Sun, 18 Mar 2007 18:21:01 +0300 From: banshee To: freebsd-current@freebsd.org Message-ID: <20070318152101.GA70619@vault13.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="WhfpMioaduB5tiZL" Content-Disposition: inline X-Spam-Status: No, score=-1.4 required=2.0 tests=ALL_TRUSTED autolearn=failed version=3.1.7 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on vault13.org X-Mailman-Approved-At: Sun, 18 Mar 2007 23:57:58 +0000 Subject: rc.conf: tcp_drop_synfin option X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Mar 2007 15:45:19 -0000 --WhfpMioaduB5tiZL Content-Type: multipart/mixed; boundary="gBBFr7Ir9EOA20Yy" Content-Disposition: inline --gBBFr7Ir9EOA20Yy Content-Type: text/plain; charset=koi8-r Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hello everyone! I have an tcp_drop_synfin=3D"yes" option in my rc.conf, but it doesn't wor= k correct. Here is the dmesg -a part: [...] Additional routing options: ignore ICMP redirect=3D3DYES log ICMP redirect=3D3DYES drop SYN+FIN packets=3D3DYES sysctl: unknown oid 'net.inet.tcp.drop_synfin' [...] I've been thinking about making a patch for it (/etc/rc.d/routing, lines 2= 2-127), but i just didn't find something in `sysctl -a` list that can be us= ed. If this option removed, then may be the lines 124-125 in /etc/rc.d/rout= ing should be changed (something as in attach)? I'm interested in making pa= tch for it :-) --=20 Best regards, banshee, vault13.org... --gBBFr7Ir9EOA20Yy Content-Type: text/plain; charset=koi8-r Content-Disposition: attachment; filename="routing.patch" Content-Transfer-Encoding: quoted-printable --- /etc/rc.d/routing Sun May 7 08:00:26 2006 +++ rtpatch Sun Mar 18 16:41:59 2007 @@ -121,8 +121,7 @@ =20 case ${tcp_drop_synfin} in [Yy][Ee][Ss]) - echo -n ' drop SYN+FIN packets=3DYES' - sysctl net.inet.tcp.drop_synfin=3D1 >/dev/null + echo -n ' drop SYN+FIN packets=3Dnot implemented' ;; esac =20 --gBBFr7Ir9EOA20Yy-- --WhfpMioaduB5tiZL Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8 iQEVAwUBRf1Y1ZQivqHIHgXfAQGWqwf8C/idR94YklYTZAoAEDK+SQ4mCdnXysdb Ioc7VWZa3QebSQX22d7vdNbRd2f4AdjWmHYJZPldUbyTq/uyoGD30z9LCboQCfF3 eDwdU1umn+3VAONZzF3uFJWTcZV+8Nv/d/StxhiURLJOg5IfE+h1nW3wwCf4LHR3 YEnOGps+o8R3PzfL+gkL5LrNsOTIvH7gmpkLudAwaz3acLY5Q592JrPaedpBrr7b sHrhTfJ7/ydD242cqX6c+fLudl8pNGsIkV/QV3fwGSogENSZC5XZdJwP7qf+JdoS TU0RioqxeXwBbZeESY0VQp86Q9AGnBS9N+0oW0pTdP7HSQ2hR9zMiA== =UIqF -----END PGP SIGNATURE----- --WhfpMioaduB5tiZL--