Date: Fri, 30 May 2014 10:58:14 -0700 From: hiren panchasara <hiren.panchasara@gmail.com> To: Eygene Ryabinkin <rea@freebsd.org> Cc: "freebsd-net@freebsd.org" <freebsd-net@freebsd.org> Subject: Re: kern/190102: [tcp] net.inet.tcp.drop_synfin=1 no longer works on FreeBSD 10+ [regression] Message-ID: <CALCpEUEG2H=L_OC7VQq%2Bx-xs5L16mzs3Q91Do%2Bu-2orGRvWAYQ@mail.gmail.com> In-Reply-To: <%2BUw/Ss5bElti5gir%2B%2Bydy1GLu7M@dHhGgwofm7uNfL6/X5%2BbGIkDUYs> References: <201405222101.s4ML122N061489@freefall.freebsd.org> <%2BUw/Ss5bElti5gir%2B%2Bydy1GLu7M@dHhGgwofm7uNfL6/X5%2BbGIkDUYs>
next in thread | previous in thread | raw e-mail | index | archive | help
- bugs (as this is not related to it) On Wed, May 28, 2014 at 10:46 PM, Eygene Ryabinkin <rea@freebsd.org> wrote: > clearing FIN bit for SYN packets was > the standard behaviour of pf since approximately at least 10 years, > http://svnweb.freebsd.org/base/vendor-sys/pf/dist/sys/contrib/pf/net/pf_norm.c?view=markup&pathrev=126258#l1242 I am curious, what's the rationale for this behavior? Why does PF clear the FIN bit for such a packet being a firewall? Cheers, Hiren
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CALCpEUEG2H=L_OC7VQq%2Bx-xs5L16mzs3Q91Do%2Bu-2orGRvWAYQ>