kern/190102: [tcp] net.inet.tcp.drop_synfin=1 no longer works on FreeBSD 10+ [regression]
hiren panchasara
hiren.panchasara at gmail.com
Fri May 30 17:58:15 UTC 2014
- bugs (as this is not related to it)
On Wed, May 28, 2014 at 10:46 PM, Eygene Ryabinkin <rea at freebsd.org> wrote:
> clearing FIN bit for SYN packets was
> the standard behaviour of pf since approximately at least 10 years,
> http://svnweb.freebsd.org/base/vendor-sys/pf/dist/sys/contrib/pf/net/pf_norm.c?view=markup&pathrev=126258#l1242
I am curious, what's the rationale for this behavior? Why does PF
clear the FIN bit for such a packet being a firewall?
Cheers,
Hiren
More information about the freebsd-net
mailing list