Changed behaviour of pf after new handling of EACCES in tcp_output() in r315514
Andrey V. Elsukov
bu7cher at yandex.ru
Tue Apr 17 14:33:08 UTC 2018
On 17.04.2018 17:02, Andreas Longwitz wrote:
> and in V11 with commit r315514 the same reply after 90 seconds, in the
> meantime telnet is waiting on WCHAN "connec":
>
> Di. 17 Apr. 2018 10:46:28 CEST
> Trying 192.168.0.122...
> telnet: connect to address 192.168.0.122: Permission denied
> telnet: Unable to connect to remote host
> Di. 17 Apr. 2018 10:47:43 CEST
>
> I like to know if this is intended behaviour.
This change was based on
https://svnweb.freebsd.org/base?view=revision&revision=309610
Now I think it can be removed, because:
1. SAs should be configured by application before initiating of TCP
connection;
2. If there are no matching SAs, connection will be dropped after
several tries.
3. Even if connection will be dropped after first failed SYN, there is
special tcps_sig_err_buildsig error counter, that will be incremented
and we can determine the cause.
So, can you try this patch? And maybe someone who uses TCP-MD5 can try
it too (with and without configured SAs)?
--
WBR, Andrey V. Elsukov
-------------- next part --------------
A non-text attachment was scrubbed...
Name: tcp_output.c.diff
Type: text/x-patch
Size: 387 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-net/attachments/20180417/db324565/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 553 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-net/attachments/20180417/db324565/attachment.sig>
More information about the freebsd-net
mailing list