How to disable syncookies & syncache
Alexander Frolkin
avf at eldamar.org.uk
Sun Nov 7 11:27:46 UTC 2010
Hi,
I spent all day yesterday trying to get my FreeBSD box (8.1-RELEASE,
amd64) to talk to a Qlogic 4010 iSCSI card.
The problem is that when the Qlogic card tries to make a connection,
FreeBSD resets it (SYN, SYN|ACK, ACK, RST).
If I turn on net.inet.tcp.log_in_vain, I can see a message similar to
TCP: [172.16.25.2]:30557 to [172.16.25.1]:3260 tcpflags 0x10<ACK>;
syncache_expand: TSECR 0 != TS 267223, segment rejected
for each connection attempt.
I've tried fiddling around with the net.inet.tcp.syn* sysctls, but all
I've managed to to is change the message to
TCP: [172.16.25.2]:29387 to [172.16.25.1]:3260 tcpflags 0x10<ACK>;
syncache_expand: Segment failed SYNCOOKIE authentication, segment
rejected (probably spoofed)
(this was with net.inet.tcp.syncookies_only=1, I believe) --- the
connection still gets reset, as before.
The only "solution" I've found so far is to comment out the bit of code
in sys/netinet/tcp_syncache.c that checks if TSECR == TS, but needless
to say, this is horrible, and will probably create other problems.
Now, I know what you're probably going to say --- the Qlogic card has a
broken TCP implementation. While that may well be true, this is the
card I have and I'm stuck with it, so there's not much I can about that.
Any suggestions welcome. :-)
Thanks!
Alex
--
-----------------------< Alexander Frolkin >-----------------------
-----< avf at eldamar.org.uk >-----< http://www.eldamar.org.uk/ >-----
``I can't believe it. You actually found a practical use for
geometry!'' -- Bart Simpson, ``Dead Putting Society''
More information about the freebsd-questions
mailing list