Date: Sun, 7 Nov 2010 12:09:26 +0100 From: Alexander Frolkin <avf@eldamar.org.uk> To: freebsd-questions@freebsd.org Subject: How to disable syncookies & syncache Message-ID: <20101107110926.GG4221@eldamar.org.uk>
next in thread | raw e-mail | index | archive | help
Hi, I spent all day yesterday trying to get my FreeBSD box (8.1-RELEASE, amd64) to talk to a Qlogic 4010 iSCSI card. The problem is that when the Qlogic card tries to make a connection, FreeBSD resets it (SYN, SYN|ACK, ACK, RST). If I turn on net.inet.tcp.log_in_vain, I can see a message similar to TCP: [172.16.25.2]:30557 to [172.16.25.1]:3260 tcpflags 0x10<ACK>; syncache_expand: TSECR 0 != TS 267223, segment rejected for each connection attempt. I've tried fiddling around with the net.inet.tcp.syn* sysctls, but all I've managed to to is change the message to TCP: [172.16.25.2]:29387 to [172.16.25.1]:3260 tcpflags 0x10<ACK>; syncache_expand: Segment failed SYNCOOKIE authentication, segment rejected (probably spoofed) (this was with net.inet.tcp.syncookies_only=1, I believe) --- the connection still gets reset, as before. The only "solution" I've found so far is to comment out the bit of code in sys/netinet/tcp_syncache.c that checks if TSECR == TS, but needless to say, this is horrible, and will probably create other problems. Now, I know what you're probably going to say --- the Qlogic card has a broken TCP implementation. While that may well be true, this is the card I have and I'm stuck with it, so there's not much I can about that. Any suggestions welcome. :-) Thanks! Alex -- -----------------------< Alexander Frolkin >----------------------- -----< avf@eldamar.org.uk >-----< http://www.eldamar.org.uk/ >----- ``I can't believe it. You actually found a practical use for geometry!'' -- Bart Simpson, ``Dead Putting Society''
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20101107110926.GG4221>