kern/190102: [tcp] net.inet.tcp.drop_synfin=1 no longer works on FreeBSD 10+ [regression]
Eygene Ryabinkin
rea at freebsd.org
Thu May 29 08:00:10 UTC 2014
Wed, May 28, 2014 at 11:52:51PM -0700, hiren panchasara wrote:
> On Wed, May 28, 2014 at 10:46 PM, Eygene Ryabinkin <rea at freebsd.org> wrote:
> > I assume that your pf(4) is enabled during these tests, you have
> > "scrub" statements in the ruleset and removing "scrub" will restore
> > the expected behaviour on 10.x?
>
> I can confirm that I see exactly what you are saying on a stable/10 box.
I had found 2 flavors of 9.x boxen: 9.1/9.2 that behave like 10.x and
some 9.0 that are dropping SYN|FIN even in the presence of "scrub".
The trouble is that the latter boxes are in full production, so I need
some time to try to reproduce that on the text box.
--
Eygene Ryabinkin ,,,^..^,,,
[ Life's unfair - but root password helps! | codelabs.ru ]
[ 82FE 06BC D497 C0DE 49EC 4FF0 16AF 9EAE 8152 ECFB | freebsd.org ]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 358 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-net/attachments/20140529/f19886e3/attachment.sig>
More information about the freebsd-net
mailing list