On 9 Jan, Mike Silbersack wrote:
>
> Ok, here's an updated patch for the SYN case. I've included the patch
> relative to 6.x, and some text from a tcpdump showing it in action.
>
> It responds to each SYN with an ACK like the latest tcpsecure document
> states, but it uses a global counter to
After a bit more thinking ...
On 10 Jan, Don Lewis wrote:
> and then after the dropafterack label add the code:
>
> + if (thflags & TH_SYN) {
> + if (tp->t_state == TCPS_ESTABLISHED &&
> + tcp_insecure_syn == 0) {
> + if (badport_bandlim(BANDLI
On Mon, 10 Jan 2005, Don Lewis wrote:
Now that I've looked at the above case, it looks to me like your
suggested patch might affect the response to a legitimate duplicate SYN.
It will definitely follow a different code path.
You're right, I neglected to handle the duplicate SYN case.
Couldn't we ce
On Mon, 10 Jan 2005, Mike Silbersack wrote:
We could do something there like
if (th->th_seq != tp->irs) {
goto dropafterack; /* Or however we handle these bad syns */
} else {
thflags &= ~TH_SYN;
th->th_seq++;
if (th->th_urp > 1)
th->th_urp--;
else
thflags &= ~TH_URG;
todrop
On 10 Jan, Mike Silbersack wrote:
>
> On Mon, 10 Jan 2005, Don Lewis wrote:
>
>> Now that I've looked at the above case, it looks to me like your
>> suggested patch might affect the response to a legitimate duplicate SYN.
>> It will definitely follow a different code path.
>
> You're right, I ne
Current FreeBSD problem reports
Critical problems
Serious problems
S Submitted Tracker Resp. Description
---
o [2002/07/26] kern/41007 net overfull traffic on third and fourth adap
1 problem total.
We have a windows mailserver that relays its outbound to a fbsd
gateway. We changed to a different fbsd gateway running 4.10. Windows then
began having trouble sending to 4.10. Windows "netstat -an" shows dozens
of lines like this:
source IP desitination IP
On Mon, 10 Jan 2005 10:53:39 -0600, Len Conrad <[EMAIL PROTECTED]> wrote:
>
> We have a windows mailserver that relays its outbound to a fbsd
> gateway. We changed to a different fbsd gateway running 4.10. Windows then
> began having trouble sending to 4.10. Windows "netstat -an" shows dozens
>
On Mon, 10 Jan 2005, Len Conrad wrote:
We have a windows mailserver that relays its outbound to a fbsd gateway. We
changed to a different fbsd gateway running 4.10. Windows then began having
trouble sending to 4.10. Windows "netstat -an" shows dozens of lines like
this:
source IP
Just off the top of my head...
You mentioned the freebsd machine is the gateway. Do you have a firewall
on the host blocking connections from the windows machine?
a forgotten detail is that the windows machine sends just fine to the 4.10
gateway for a few minutes, but the time_wait inevitably b
On 2005-01-10 11:26, Len Conrad <[EMAIL PROTECTED]> wrote:
>> Just off the top of my head...
>>
>> You mentioned the freebsd machine is the gateway. Do you have a
>> firewall on the host blocking connections from the windows machine?
>
> a forgotten detail is that the windows machine sends just fi
In tcp_input.c, window is updated when below condition is true,
if ((thflags & TH_ACK) &&
(SEQ_LT(tp->snd_wl1, th->th_seq) ||
(tp->snd_wl1 == th->th_seq && (SEQ_LT(tp->snd_wl2, th->th_ack) ||
(tp->snd_wl2 == th->th_ack && tiwin > tp->snd_wnd)
This check is to prevent old segments from affecti
On Mon, 10 Jan 2005, Len Conrad wrote:
We have a windows mailserver that relays its outbound to a fbsd gateway. We
changed to a different fbsd gateway running 4.10. Windows then began having
trouble sending to 4.10. Windows "netstat -an" shows dozens of lines like
this:
source IP
13 matches
Mail list logo
