On 19/03/07, banshee <root_at_vault13.org> wrote: > On Mon, Mar 19, 2007 at 12:48:01PM +0300, pluknet wrote: > > Hi. > > > > On 18/03/07, banshee <root_at_vault13.org> wrote: > > > > > > Hello everyone! > > > > > > I have an tcp_drop_synfin="yes" option in my rc.conf, but it > > > doesn't work correct. Here is the dmesg -a part: > > > > > > [...] > > > Additional routing options: > > > ignore ICMP redirect=3DYES > > > log ICMP redirect=3DYES > > > drop SYN+FIN packets=3DYES > > > sysctl: > > > unknown oid 'net.inet.tcp.drop_synfin' > > > [...] > > > > > > I've been thinking about making a patch for it (/etc/rc.d/routing, > > > lines 22-127), but i just didn't find something in `sysctl -a` > > > list that can be used. If this option removed, then may be the > > > lines 124-125 in /etc/rc.d/routing should be changed (something as > > > in attach)? I'm interested in making patch for it :-) > > > > Didn't you forget to add the TCP_DROP_SYNFIN option in your kernel config? > > > > > Best regards, banshee, vault13.org... > > > > pluknet > > Ups... No, I didn't forget to include it, i've just compiled the wrong kernel :-) > Anyway, i've made some changes to routing file, just to see, is this sysctl var set correctly (i know, the code is ugly). >From attach: - echo -n ' drop SYN+FIN packets=YES' - sysctl net.inet.tcp.drop_synfin=1 >/dev/null + if [ "`sysctl net.inet.tcp.drop_synfin=1 | cut -d ' ' -f 4`" \ + = "1" ]; then Perhaps it would be more careful to make a so-called "const" check: - echo -n ' drop SYN+FIN packets=YES' sysctl net.inet.tcp.drop_synfin=1 >/dev/null + if [ "`sysctl net.inet.tcp.drop_synfin | cut -d ' ' -f 2`" \ + = "1" ]; then > pluknet ps sorry for my EnglishReceived on Mon Mar 19 2007 - 10:51:13 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:06 UTC