From owner-freebsd-net@FreeBSD.ORG Sun Nov 7 20:32:47 2010 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 26771106564A for ; Sun, 7 Nov 2010 20:32:47 +0000 (UTC) (envelope-from avf@eldamar.org.uk) Received: from sigurdson.opencodes.org (sigurdson.opencodes.org [217.14.120.28]) by mx1.freebsd.org (Postfix) with ESMTP id DC3B58FC14 for ; Sun, 7 Nov 2010 20:32:46 +0000 (UTC) Received: by sigurdson.opencodes.org (Postfix, from userid 1001) id 99A0E940FC; Sun, 7 Nov 2010 21:12:48 +0100 (CET) Date: Sun, 7 Nov 2010 21:12:48 +0100 From: Alexander Frolkin To: freebsd-net@freebsd.org Message-ID: <20101107201248.GH4221@eldamar.org.uk> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-GPG-Key-Fingerprint: 7820 960F C361 C9CE 401F D07D 993A 2951 D970 4FA4 X-Operating-System: Linux 2.6.24-21-server X-Editor: Vi X-Uptime: 21:14:07 up 15 days, 6:22, 6 users, load average: 2.49, 2.42, 2.40 User-Agent: Mutt/1.5.17+20080114 (2008-01-14) Subject: How to disable syncookies & syncache X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 07 Nov 2010 20:32:47 -0000 Hi, I posted this to questions@ this morning, but the only response I got was to try re-posting it here, so here goes... I spent all day yesterday trying to get my FreeBSD box (8.1-RELEASE, amd64) to talk to a Qlogic 4010 iSCSI card. The problem is that when the Qlogic card tries to make a connection, FreeBSD resets it (SYN, SYN|ACK, ACK, RST). If I turn on net.inet.tcp.log_in_vain, I can see a message similar to TCP: [172.16.25.2]:30557 to [172.16.25.1]:3260 tcpflags 0x10; syncache_expand: TSECR 0 != TS 267223, segment rejected for each connection attempt. I've tried fiddling around with the net.inet.tcp.syn* sysctls, but all I've managed to to is change the message to TCP: [172.16.25.2]:29387 to [172.16.25.1]:3260 tcpflags 0x10; syncache_expand: Segment failed SYNCOOKIE authentication, segment rejected (probably spoofed) (this was with net.inet.tcp.syncookies_only=1, I believe) --- the connection still gets reset, as before. The only "solution" I've found so far is to comment out the bit of code in sys/netinet/tcp_syncache.c that checks if TSECR == TS, but needless to say, this is horrible, and will probably create other problems. Now, I know what you're probably going to say --- the Qlogic card has a broken TCP implementation. While that may well be true, this is the card I have and I'm stuck with it, so there's not much I can about that. Any suggestions welcome. :-) Thanks! Alex -- -----------------------< Alexander Frolkin >----------------------- -----< avf@eldamar.org.uk >-----< http://www.eldamar.org.uk/ >----- ``I can't believe it. You actually found a practical use for geometry!'' -- Bart Simpson, ``Dead Putting Society''