From owner-freebsd-current@FreeBSD.ORG Mon Mar 19 11:51:13 2007 Return-Path: X-Original-To: freebsd-current@freebsd.org Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id F168A16A50A for ; Mon, 19 Mar 2007 11:51:13 +0000 (UTC) (envelope-from pluknet@gmail.com) Received: from an-out-0708.google.com (an-out-0708.google.com [209.85.132.245]) by mx1.freebsd.org (Postfix) with ESMTP id AE80113C45B for ; Mon, 19 Mar 2007 11:51:13 +0000 (UTC) (envelope-from pluknet@gmail.com) Received: by an-out-0708.google.com with SMTP id c24so1158843ana for ; Mon, 19 Mar 2007 04:51:11 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=jAOm7vZNOhQYee2tpxVNdIAEO9UUi1NzR6cLELklBwCzIdsSrgseFLDLB+p00Vly3CtEby+lVT+hp5ZFzvNhjEAzjfjulrlSk1ZaknDD+0jHCqgkX0vlNXA+sTdECqKr0cjNY1rWEu+rN4GzHsBtWxsBiExFgnN8Ux/42PD+E0U= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=EaDT30N2aNNH2gblgaW7zb83SSqbRA3Q9mrXNchDcmvfsAx3gvLRgvVpEtITDlSxb5GD19JiSEwI2198JDL7RU75Ltc/oeoeWxrZdVZe6+qwI4QdAz4Y8jd3ct6jaB/wXL4bkGURhKYo4WCguhqZkYQteJ/BRp4mZfrJ3AKOjXU= Received: by 10.100.7.18 with SMTP id 18mr3550389ang.1174305070742; Mon, 19 Mar 2007 04:51:10 -0700 (PDT) Received: by 10.100.9.7 with HTTP; Mon, 19 Mar 2007 04:51:10 -0700 (PDT) Message-ID: Date: Mon, 19 Mar 2007 14:51:10 +0300 From: pluknet To: banshee , pluknet , freebsd-current@freebsd.org In-Reply-To: <20070319112333.GA832@vault.net.vault13.org> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <20070318152101.GA70619@vault13.org> <20070319112333.GA832@vault.net.vault13.org> Cc: Subject: Re: rc.conf: tcp_drop_synfin option X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Mar 2007 11:51:14 -0000 On 19/03/07, banshee wrote: > On Mon, Mar 19, 2007 at 12:48:01PM +0300, pluknet wrote: > > Hi. > > > > On 18/03/07, banshee wrote: > > > > > > Hello everyone! > > > > > > I have an tcp_drop_synfin="yes" option in my rc.conf, but it > > > doesn't work correct. Here is the dmesg -a part: > > > > > > [...] > > > Additional routing options: > > > ignore ICMP redirect=3DYES > > > log ICMP redirect=3DYES > > > drop SYN+FIN packets=3DYES > > > sysctl: > > > unknown oid 'net.inet.tcp.drop_synfin' > > > [...] > > > > > > I've been thinking about making a patch for it (/etc/rc.d/routing, > > > lines 22-127), but i just didn't find something in `sysctl -a` > > > list that can be used. If this option removed, then may be the > > > lines 124-125 in /etc/rc.d/routing should be changed (something as > > > in attach)? I'm interested in making patch for it :-) > > > > Didn't you forget to add the TCP_DROP_SYNFIN option in your kernel config? > > > > > Best regards, banshee, vault13.org... > > > > pluknet > > Ups... No, I didn't forget to include it, i've just compiled the wrong kernel :-) > Anyway, i've made some changes to routing file, just to see, is this sysctl var set correctly (i know, the code is ugly). >From attach: - echo -n ' drop SYN+FIN packets=YES' - sysctl net.inet.tcp.drop_synfin=1 >/dev/null + if [ "`sysctl net.inet.tcp.drop_synfin=1 | cut -d ' ' -f 4`" \ + = "1" ]; then Perhaps it would be more careful to make a so-called "const" check: - echo -n ' drop SYN+FIN packets=YES' sysctl net.inet.tcp.drop_synfin=1 >/dev/null + if [ "`sysctl net.inet.tcp.drop_synfin | cut -d ' ' -f 2`" \ + = "1" ]; then > pluknet ps sorry for my English