Date: Thu, 20 Apr 2000 22:08:59 -0400 (EDT) From: Matt Heckaman <matt@ARPA.MAIL.NET> To: FreeBSD-STABLE <freebsd-stable@freebsd.org> Subject: hmm.. restrict_rst & drop_synfin Message-ID: <Pine.BSF.4.21.0004202202560.73171-100000@epsilon.lucida.qc.ca>
next in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
This is odd, I could have sworn these were at least available in 4.0
- From 4.0-STABLE as of yesterday:
/etc/defaults/rc.conf:
tcp_drop_synfin="NO" # Set to YES to drop TCP packets with SYN+FIN
# NOTE: this breaks rfc1644 extensions (T/TCP)
tcp_restrict_rst="NO" # Set to YES to restrict emission of RST
/etc/rc.network:
case ${tcp_drop_synfin} in
[Yy][Ee][Ss])
echo -n ' drop SYN+FIN packets=YES'
sysctl -w net.inet.tcp.drop_synfin=1 >/dev/null
;;
esac
case ${tcp_restrict_rst} in
[Yy][Ee][Ss])
echo -n ' restrict TCP reset=YES'
sysctl -w net.inet.tcp.restrict_rst=1 >/dev/null
;;
esac
however:
root[epsilon]:~# sysctl net.inet.tcp.restrict_rst
sysctl: unknown oid 'net.inet.tcp.restrict_rst'
root[epsilon]:~# sysctl net.inet.tcp.drop_synfin
sysctl: unknown oid 'net.inet.tcp.drop_synfin'
Yes, my kernel and /etc is all up to date, I did a fresh install for 4.0
to avoid the nightmare make world, and because the system had been
upgraded and upgraded since 3.1 and needed a clean start..
Now, I take a look at my 3.4-stable box as of Feb. 14 (with 20000202
upgrade package) and I find this:
/etc/defaults/rc.conf:
tcp_drop_synfin="NO" # Set to YES to drop TCP packets with SYN+FIN
# NOTE: this breaks rfc1644 extensions (T/TCP)
tcp_restrict_rst="NO" # Set to YES to restrict emission of RST
/etc/rc.network:
if [ "X$tcp_drop_synfin" = X"YES" ]; then
echo -n ' drop SYN+FIN packets=YES'
sysctl -w net.inet.tcp.drop_synfin=1 >/dev/null
fi
if [ "X$tcp_restrict_rst" = X"YES" ]; then
echo -n ' restrict TCP reset=YES'
sysctl -w net.inet.tcp.restrict_rst=1 >/dev/null
fi
once again:
root[alpha]:~# sysctl net.inet.tcp.drop_synfin
sysctl: unknown oid 'net.inet.tcp.drop_synfin'
root[alpha]:~# sysctl net.inet.tcp.restrict_rst
sysctl: unknown oid 'net.inet.tcp.restrict_rst'
Am I seriously missing something, or were the /etc files updated and the
code never actually went in?
Matt Heckaman
matt@arpa.mail.net
http://www.lucida.qc.ca
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (FreeBSD)
Comment: http://www.lucida.qc.ca/pgp
iD8DBQE4/7g/dMMtMcA1U5ARAnQkAKC3r+zUs1RtYNOQSl3BPCUfA7qS3QCg8iiP
I4t8hOK+p8W4ncGGJd6eFt4=
=sJnY
-----END PGP SIGNATURE-----
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0004202202560.73171-100000>