From owner-freebsd-questions@FreeBSD.ORG Sun Nov 7 12:38:42 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EC254106566B for ; Sun, 7 Nov 2010 12:38:42 +0000 (UTC) (envelope-from smithi@nimnet.asn.au) Received: from sola.nimnet.asn.au (paqi.nimnet.asn.au [115.70.110.159]) by mx1.freebsd.org (Postfix) with ESMTP id 59ED58FC14 for ; Sun, 7 Nov 2010 12:38:42 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by sola.nimnet.asn.au (8.14.2/8.14.2) with ESMTP id oA7CcG61014798; Sun, 7 Nov 2010 23:38:17 +1100 (EST) (envelope-from smithi@nimnet.asn.au) Date: Sun, 7 Nov 2010 23:38:15 +1100 (EST) From: Ian Smith To: Alexander Frolkin In-Reply-To: <20101107120028.E549610656CA@hub.freebsd.org> Message-ID: <20101107232708.U66572@sola.nimnet.asn.au> References: <20101107120028.E549610656CA@hub.freebsd.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Cc: freebsd-questions@freebsd.org Subject: Re: How to disable syncookies & syncache X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 07 Nov 2010 12:38:43 -0000 In freebsd-questions Digest, Vol 335, Issue 14, Message: 2 On Sun, 7 Nov 2010 12:09:26 +0100 Alexander Frolkin wrote: > Hi, > > I spent all day yesterday trying to get my FreeBSD box (8.1-RELEASE, > amd64) to talk to a Qlogic 4010 iSCSI card. > > The problem is that when the Qlogic card tries to make a connection, > FreeBSD resets it (SYN, SYN|ACK, ACK, RST). > > If I turn on net.inet.tcp.log_in_vain, I can see a message similar to > > TCP: [172.16.25.2]:30557 to [172.16.25.1]:3260 tcpflags 0x10; > syncache_expand: TSECR 0 != TS 267223, segment rejected > > for each connection attempt. > > I've tried fiddling around with the net.inet.tcp.syn* sysctls, but all > I've managed to to is change the message to > > TCP: [172.16.25.2]:29387 to [172.16.25.1]:3260 tcpflags 0x10; > syncache_expand: Segment failed SYNCOOKIE authentication, segment > rejected (probably spoofed) > > (this was with net.inet.tcp.syncookies_only=1, I believe) --- the > connection still gets reset, as before. > > The only "solution" I've found so far is to comment out the bit of code > in sys/netinet/tcp_syncache.c that checks if TSECR == TS, but needless > to say, this is horrible, and will probably create other problems. > > Now, I know what you're probably going to say --- the Qlogic card has a > broken TCP implementation. While that may well be true, this is the > card I have and I'm stuck with it, so there's not much I can about that. > > Any suggestions welcome. :-) Only that if I had such an issue I'd head for net@freebsd.org and post the above there, where the syncache cookie monsters tend to hang out :) cheers, Ian